This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS SSL-VPN .ovpn file

Lubor Kacian over 2 years ago

Some trouble with .ovpn file for linux or android.

After we add a SD-RED device, there is missing one "remote" IP address in .ovpn file, only TCP port.

...
remote a.b.c.d 8443 tcp-client
remote 8443 tcp-client
remote x.y.z.k 8443 tcp_client

How can I resolve this ? Not only edit manually.

This thread was automatically locked due to age.

0 Qoosh over 2 years ago

Hi Lubor,

Thanks for reaching out to the Sophos Community Forum. I've moved your post to a more appropriate page.

Could you elaborate on how the .ovpn file is generated? Is this created from the Sophos XGS device or via other means?

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
0 Mayur Makvana over 2 years ago

Hello,

Greetings,

I have tested my exporting the ovpn file for the below and for me, I could see all the configured interfaces in remote. I have tested it with the version SFOS 18.5.4 MR-4-Build418.

Could you please let us know with what firmware your device running?

Mayur Makvana
Technical Account Manager | Global Customer Experience
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
- 0 Lubor Kacian over 2 years ago in reply to Mayur Makvana
  
  This ovpn file was generated on
  
  XG210, fw 19.0.1 MR-1
  
  Shis situation start after we added SD-RED device to branch office. SD-Red works OK. I see all interfaces in ovpn file correct except this empty "remote".
  - 0 Lubor Kacian over 2 years ago in reply to Lubor Kacian
    
    Sorry, "This".
  - 0 Vivek Jagad over 2 years ago in reply to Lubor Kacian
    
    Can you share SSL VPN config ?
    
    Thanks & Regards,
    _______________________________________________________________
    
    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience
    
    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case | Security Advisories
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.
0 Sreenivasulu Naidu over 2 years ago

@Lubor Kacian,

Please check if any other WAN/LAN/WiFi zone interfaces of XG210 lost its ip address, meaning the interface is configured with an ip address but ip address is lost (could be due to connectivity issues with DHCP/PPPoE server), in such scenario we see a possibility of 'remote 8443 tcp-client' entry into .ovpn file where ip address is missed.

'remote 8443 tcp-client' is not due to addition of SD-RED as SD-RED interface's ip address does not make an entry into .ovpn file.
- 0 Sreenivasulu Naidu over 2 years ago in reply to Sreenivasulu Naidu
  
  Also, if we wish to see only one entry into the .ovpn file that is the wan port ip where remote sslvpn clients are expected to connect, then we could use override-hostname filed in the sslvpn global settings config set with the wan ip (public ip) or dynamicDNS (if used).