Heya,
I'm trying hard to get the Sophos XG up and running with a Site2Site to a FritzBox.
I followed the guide from here with a small adjustment: https://community.sophos.com/sophos-xg-firewall/f/discussions/127264/vpn---site-to-site-sophos-xg-v18x---fritzbox-v7-2x
File:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "NAME of Connection";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
### remoteip = 10.10.10.10 ; ### not using this, instead using the next line
remotehost = "offsite.dyndns.com"; ### I only have 2 sites with 2 dnydns
remote_virtualip = 0.0.0.0;
localid {
fqdn = "localsite.dyndns.com"; ### changed from ip to fqdn
}
remoteid {
fqdn = "offsite.dyndns.com"; ### changed from ip to fqdn
}
mode = phase1_mode_idp;
phase1ss = "dh14 / aes / sha";
keytype = connkeytype_pre_shared;
key = "KEYYYYYYYYYYYYYYYYYY";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.1.0 ;
mask = 255.255.255.0 ;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.2.0 ;
mask = 255.255.255.0 ;
}
}
phase2ss = "esp-all-all / ah-none / comp-all / pfs";
accesslist = "permit ip any 192.168.2.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
On my the sophos I configured everything as described on the guide.
I hope someone can help me out?
EDIT: oh I forgot to post my logs
strongswan:
the corresponding log for the site2site (I know there is an other WAN IP on my site now, but the error stays the same, screenshots were taken on 2 different 24h disconncets from ISP)
This thread was automatically locked due to age.
