Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.

AD SSL VPN Auth Fail after auth server switch. Download new config fine

Hi all I’m a bit stumped.

just installed 2x new domain controllers as part of project to get 2012 server out. All gone well and working.

Added new servers to xg firewall tested and working fine.

Set as new default vpn auth providers in settings.

Removed old domain controllers as auth providers.

Vpn doesn’t work. https://100001.onl/

Download new config and it works. Put old servers back and it works.

Can’t see any reference to auth servers in config file .

Am I really going to have to call all 40+ staff and download new ovpn files? This seems ridiculous?



I
[edited by: taimen chubka at 12:02 PM (GMT -8) on 15 Feb 2023]
Parents
  • The SSL Configuration is based on the user certificates that are created in the Firewall once a user loggs into the User Portal.

    This certificate contains the server name and ip-address also.

    Therefore, if you wish to use the old config, with the new server, you have to give the new server the old name and ip-address and then it would work.

    Another option is:  you configure IPSec VPN and then you would need only a single configuration file for all of your clients.

    As long as they are in the group that is allowed to connect remotely it will work. You could send them the configuration file via E-Mail/FTP/GPO..

Reply
  • The SSL Configuration is based on the user certificates that are created in the Firewall once a user loggs into the User Portal.

    This certificate contains the server name and ip-address also.

    Therefore, if you wish to use the old config, with the new server, you have to give the new server the old name and ip-address and then it would work.

    Another option is:  you configure IPSec VPN and then you would need only a single configuration file for all of your clients.

    As long as they are in the group that is allowed to connect remotely it will work. You could send them the configuration file via E-Mail/FTP/GPO..

Children
No Data