sophos xg home SSL VPN Split Tunneling iphone not not working

I set up SSL VPN Split Tunneling on XG, but I cannot access the Internet on the iPhone.

The same setting works on PC and android.

I disable Use as default gateway



Added TAGs
[edited by: emmosophos at 10:52 PM (GMT -7) on 14 Sep 2021]
Parents
  • Hi ,

    Thank you for reaching out to Sophos Community.

    Could you please share OpenVPN log events?

    Click the symbol shown in the below snapshot to obtain a log file.

    What's the current running firmware version on the XG firewall?

    Thanks,
    Yash Kothari
    Global Community Support Engineer | Sophos Technical Support
    Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, use the 'Verify Answer' link.
  • Thank you for your response

    iphone ios 14.7.1

    SFVH (SFOS 18.0.5 MR-5-Build586)

    I masked Public IP.

    openvpn log

    2021-09-14 19:49:06 1
    2021-09-14 19:49:06 ----- OpenVPN Start -----
    OpenVPN core 3.git::58b92569 ios arm64 64-bit
    2021-09-14 19:49:06 OpenVPN core 3.git::58b92569 ios arm64 64-bit
    2021-09-14 19:49:06 Frame=512/2048/512 mssfix-ctrl=1250
    2021-09-14 19:49:06 UNUSED OPTIONS
    3 [resolv-retry] [infinite]
    4 [nobind]
    5 [persist-key]
    6 [persist-tun]
    14 [route-delay] [4]
    15 [verb] [3]
    2021-09-14 19:49:06 EVENT: RESOLVE
    2021-09-14 19:49:06 Contacting [*.*.*.*]:8443/TCP via TCPv4
    2021-09-14 19:49:06 EVENT: WAIT
    2021-09-14 19:49:06 Connecting to [*.*.*.*]:8443 (*.*.*.*) via TCPv4
    2021-09-14 19:49:06 EVENT: CONNECTING
    2021-09-14 19:49:06 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client
    2021-09-14 19:49:06 Creds: Username/Password
    2021-09-14 19:49:06 Peer Info:
    IV_VER=3.git::58b92569
    IV_PLAT=ios
    IV_NCP=2
    IV_TCPNL=1
    IV_PROTO=2
    IV_LZO_STUB=1
    IV_COMP_STUB=1
    IV_COMP_STUBv2=1
    IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
    IV_SSO=openurl
    2021-09-14 19:49:07 VERIFY OK: depth=1, /C=TW/ST=NA/L=NA/O=free/OU=OU/CN=Sophos_CA_*/emailAddress=*@*.*
    2021-09-14 19:49:07 VERIFY OK: depth=0, /C=NA/ST=NA/L=NA/O=NA/OU=NA/CN=Appliance_Certificate_jk4Lp8ZesSNDjQ5/emailAddress=na@example.com
    2021-09-14 19:49:09 SSL Handshake: CN=Appliance_Certificate_jk4Lp8ZesSNDjQ5, TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2021-09-14 19:49:09 Session is ACTIVE
    2021-09-14 19:49:09 EVENT: GET_CONFIG
    2021-09-14 19:49:09 Sending PUSH_REQUEST to server...
    2021-09-14 19:49:10 Sending PUSH_REQUEST to server...
    2021-09-14 19:49:12 Sending PUSH_REQUEST to server...
    2021-09-14 19:49:12 OPTIONS:
    0 [route-gateway] [10.81.234.5]
    1 [sndbuf] [0]
    2 [rcvbuf] [0]
    3 [sndbuf] [0]
    4 [rcvbuf] [0]
    5 [ping] [45]
    6 [ping-restart] [180]
    7 [route] [192.168.99.0] [255.255.255.0]
    8 [topology] [subnet]
    9 [route] [remote_host] [255.255.255.255] [net_gateway]
    10 [inactive] [900] [7680]
    11 [dhcp-option] [DNS] [8.8.8.8]
    12 [dhcp-option] [DNS] [168.95.1.1]
    13 [ifconfig] [10.81.234.6] [255.255.255.0]
    2021-09-14 19:49:12 PROTOCOL OPTIONS:
    cipher: AES-128-CBC
    digest: SHA256
    compress: LZO_STUB
    peer ID: -1
    2021-09-14 19:49:12 EVENT: ASSIGN_IP
    2021-09-14 19:49:12 NIP: preparing TUN network settings
    2021-09-14 19:49:12 NIP: init TUN network settings with endpoint: *.*.*.*
    2021-09-14 19:49:12 NIP: adding IPv4 address to network settings 10.81.234.6/255.255.255.0
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 10.81.234.0/24
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 192.168.99.0/24
    2021-09-14 19:49:12 NIP: adding DNS 8.8.8.8
    2021-09-14 19:49:12 NIP: adding DNS 168.95.1.1
    2021-09-14 19:49:12 NIP: adding match domain ALL
    2021-09-14 19:49:12 NIP: adding DNS specific routes:
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 8.8.8.8/32
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 168.95.1.1/32
    2021-09-14 19:49:12 Connected via NetworkExtensionTUN
    2021-09-14 19:49:12 LZO-ASYM init swap=0 asym=1
    2021-09-14 19:49:12 Comp-stub init swap=0
    2021-09-14 19:49:12 EVENT: CONNECTED alex@*.*.*.*:8443 (*.*.*.*) via /TCPv4 on NetworkExtensionTUN/10.81.234.6/ gw=[/]

Reply
  • Thank you for your response

    iphone ios 14.7.1

    SFVH (SFOS 18.0.5 MR-5-Build586)

    I masked Public IP.

    openvpn log

    2021-09-14 19:49:06 1
    2021-09-14 19:49:06 ----- OpenVPN Start -----
    OpenVPN core 3.git::58b92569 ios arm64 64-bit
    2021-09-14 19:49:06 OpenVPN core 3.git::58b92569 ios arm64 64-bit
    2021-09-14 19:49:06 Frame=512/2048/512 mssfix-ctrl=1250
    2021-09-14 19:49:06 UNUSED OPTIONS
    3 [resolv-retry] [infinite]
    4 [nobind]
    5 [persist-key]
    6 [persist-tun]
    14 [route-delay] [4]
    15 [verb] [3]
    2021-09-14 19:49:06 EVENT: RESOLVE
    2021-09-14 19:49:06 Contacting [*.*.*.*]:8443/TCP via TCPv4
    2021-09-14 19:49:06 EVENT: WAIT
    2021-09-14 19:49:06 Connecting to [*.*.*.*]:8443 (*.*.*.*) via TCPv4
    2021-09-14 19:49:06 EVENT: CONNECTING
    2021-09-14 19:49:06 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client
    2021-09-14 19:49:06 Creds: Username/Password
    2021-09-14 19:49:06 Peer Info:
    IV_VER=3.git::58b92569
    IV_PLAT=ios
    IV_NCP=2
    IV_TCPNL=1
    IV_PROTO=2
    IV_LZO_STUB=1
    IV_COMP_STUB=1
    IV_COMP_STUBv2=1
    IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
    IV_SSO=openurl
    2021-09-14 19:49:07 VERIFY OK: depth=1, /C=TW/ST=NA/L=NA/O=free/OU=OU/CN=Sophos_CA_*/emailAddress=*@*.*
    2021-09-14 19:49:07 VERIFY OK: depth=0, /C=NA/ST=NA/L=NA/O=NA/OU=NA/CN=Appliance_Certificate_jk4Lp8ZesSNDjQ5/emailAddress=na@example.com
    2021-09-14 19:49:09 SSL Handshake: CN=Appliance_Certificate_jk4Lp8ZesSNDjQ5, TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2021-09-14 19:49:09 Session is ACTIVE
    2021-09-14 19:49:09 EVENT: GET_CONFIG
    2021-09-14 19:49:09 Sending PUSH_REQUEST to server...
    2021-09-14 19:49:10 Sending PUSH_REQUEST to server...
    2021-09-14 19:49:12 Sending PUSH_REQUEST to server...
    2021-09-14 19:49:12 OPTIONS:
    0 [route-gateway] [10.81.234.5]
    1 [sndbuf] [0]
    2 [rcvbuf] [0]
    3 [sndbuf] [0]
    4 [rcvbuf] [0]
    5 [ping] [45]
    6 [ping-restart] [180]
    7 [route] [192.168.99.0] [255.255.255.0]
    8 [topology] [subnet]
    9 [route] [remote_host] [255.255.255.255] [net_gateway]
    10 [inactive] [900] [7680]
    11 [dhcp-option] [DNS] [8.8.8.8]
    12 [dhcp-option] [DNS] [168.95.1.1]
    13 [ifconfig] [10.81.234.6] [255.255.255.0]
    2021-09-14 19:49:12 PROTOCOL OPTIONS:
    cipher: AES-128-CBC
    digest: SHA256
    compress: LZO_STUB
    peer ID: -1
    2021-09-14 19:49:12 EVENT: ASSIGN_IP
    2021-09-14 19:49:12 NIP: preparing TUN network settings
    2021-09-14 19:49:12 NIP: init TUN network settings with endpoint: *.*.*.*
    2021-09-14 19:49:12 NIP: adding IPv4 address to network settings 10.81.234.6/255.255.255.0
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 10.81.234.0/24
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 192.168.99.0/24
    2021-09-14 19:49:12 NIP: adding DNS 8.8.8.8
    2021-09-14 19:49:12 NIP: adding DNS 168.95.1.1
    2021-09-14 19:49:12 NIP: adding match domain ALL
    2021-09-14 19:49:12 NIP: adding DNS specific routes:
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 8.8.8.8/32
    2021-09-14 19:49:12 NIP: adding (included) IPv4 route 168.95.1.1/32
    2021-09-14 19:49:12 Connected via NetworkExtensionTUN
    2021-09-14 19:49:12 LZO-ASYM init swap=0 asym=1
    2021-09-14 19:49:12 Comp-stub init swap=0
    2021-09-14 19:49:12 EVENT: CONNECTED alex@*.*.*.*:8443 (*.*.*.*) via /TCPv4 on NetworkExtensionTUN/10.81.234.6/ gw=[/]

Children