Hi
My LAN is set as follows :
INTERNET --- ISP ROUTER (192.168.1.250) ----- DMZ: SOPHOS XG Firewall (192.168.1.251 / 192.168.16.250) --- LAN (192.168.16.x)
So ALL the incoming traffinc from the web goes to the SOPHOS since I set up the DMZ on the ISP router as 192.168.1.251 = the wan address of the sophos
I followed https://community.sophos.com/kb/en-us/122769 to set up the SSL VPN (remote access)
Then as a distant user I successfully downloaded, installed and run the VPN client but I can't connect to the VPN
Here is the log :
Sun Apr 05 10:01:26 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Sun Apr 05 10:01:26 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Sun Apr 05 10:01:26 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 05 10:01:26 2020 Need hold release from management interface, waiting...
Sun Apr 05 10:01:26 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Apr 05 10:01:26 2020 MANAGEMENT: CMD 'state on'
Sun Apr 05 10:01:26 2020 MANAGEMENT: CMD 'log all on'
Sun Apr 05 10:01:26 2020 MANAGEMENT: CMD 'hold off'
Sun Apr 05 10:01:26 2020 MANAGEMENT: CMD 'hold release'
Sun Apr 05 10:01:39 2020 MANAGEMENT: CMD 'username "Auth" "cyril.thibout"'
Sun Apr 05 10:01:39 2020 MANAGEMENT: CMD 'password [...]'
Sun Apr 05 10:01:40 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 05 10:01:40 2020 Attempting to establish TCP connection with [AF_INET]192.168.1.251:8443 [nonblock]
Sun Apr 05 10:01:40 2020 MANAGEMENT: >STATE:1586073700,TCP_CONNECT,,,,,,
Sun Apr 05 10:01:50 2020 TCP: connect to [AF_INET]192.168.1.251:8443 failed, will try again in 5 seconds: Le système a tenté de joindre un lecteur à un répertoire stocké sur un lecteur joint.
Sun Apr 05 10:01:50 2020 SIGUSR1[soft,init_instance] received, process restarting
Sun Apr 05 10:01:50 2020 MANAGEMENT: >STATE:1586073710,RECONNECTING,init_instance,,,,,
Sun Apr 05 10:01:50 2020 Restart pause, 5 second(s)
As you see the VPN tries to connect 192.168.1.251:8443 and it seems it fails because of the two stage configuration I have instead of the simpler configuration described in https://community.sophos.com/kb/en-us/122769
How should I adapt the KB page to my setup please?
Thanks
cyril
This thread was automatically locked due to age.