Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN / no internet Access after 15 Min

XG firmware: SFOS 19.0.1 MR-1-Build365

 

Hello,
Internet access in the SSL VPN full tunnel breaks off after about 15 minutes during use. Only the firewall management page can be accessed. Internal servers or IPs cannot be reached!

Nothing can be seen in the log (firewall, web protection)!

So the tunnel is not separated, only the Internet access is terminated after 15 minutes without logging anything!

The whole thing was tested with Android 12, 13, OPENVPN version 2.5.036 and Sophos Connect version 2.2.75.0506!

can you please suggest what i could try to fix the problem?

Many Thanks

Certificate



This thread was automatically locked due to age.
Parents
  • Hi  Is there any abnormal observation in CLI Packet captures and Drop packets for the resources IP which are not accessible after 15 min..!?? (As till 15 min it works fine for you you may compare working and non-working captures and drop to see the possible difference in both situations).

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Connect Client is installed on Windows OS?

    What is that BD-IPv4-Netzwerk network definition? Please show that IP Host from XG.

    That is FritzBox network:

    Sure, you want to use 192.168.178.0 here as DHCP range? I would'nt. Use the default IP Range for SSL VPN on XG.

    .

    15 minutes sounds to me like something cached on the Client OS being flushed. Like DNS cache.

    Are those DNS servers you propagate by DHCP reachable from the VPN client? Is 172.16.0.5 the SSL VPN IP of the XG?

    I would point the DNS server in SSL VPN against the XG and let it do name resolution.

    I think the client cannot reach it's DNS server and so after 15 minutes, it can only communicate by IP, not DNS.

    So you tunnel everything when connected. Is it possible you test that:

    remove "use as gateway"

    add a specific network or server only from your internal network.

    then re-connect SSL VPN.

    Is the specific network or server still reachable?

Reply
  • Connect Client is installed on Windows OS?

    What is that BD-IPv4-Netzwerk network definition? Please show that IP Host from XG.

    That is FritzBox network:

    Sure, you want to use 192.168.178.0 here as DHCP range? I would'nt. Use the default IP Range for SSL VPN on XG.

    .

    15 minutes sounds to me like something cached on the Client OS being flushed. Like DNS cache.

    Are those DNS servers you propagate by DHCP reachable from the VPN client? Is 172.16.0.5 the SSL VPN IP of the XG?

    I would point the DNS server in SSL VPN against the XG and let it do name resolution.

    I think the client cannot reach it's DNS server and so after 15 minutes, it can only communicate by IP, not DNS.

    So you tunnel everything when connected. Is it possible you test that:

    remove "use as gateway"

    add a specific network or server only from your internal network.

    then re-connect SSL VPN.

    Is the specific network or server still reachable?

Children
  • Hello,
    thanks for the fast respond!

    Enclosed you will find the generating logs!

    BD-IPv4-Netzwerk network is my local network 172.16.0.0/24

    The firewall is my router (routing / DHCP / etc.)
    yes you are right that the DHCP range (192.168.178.0/24) from the Fritzbox. But that has nothing to do with my configuration, since the Fritzbox works as a modem!

    Even with the standard Sophos XG settings (default IP range for SSL VPN) it didn't work!...