Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • +10 person also asked this people also asked this
  • Locked Locked
  • Replies 34 replies
  • Subscribers 55 subscribers
  • Views 27360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN SSL VPN Configuration gives error: Unsported Options "route delay 4"

Simplified Sam

Since Sophos XG is depended on OpenVPN for many clients, we only use it for all:

https://doc.sophos.com/nsg/sophos-firewall/18.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/RemoteAccessVPN/VPNSophosConnectClient/index.html#import-configuration-and-provisioning-files (Recommended, since no support.)

Since openvpn-connect-3.4.0.3121_signed  or 3.4, i get the error "Unsported Options" and i cant connect.

So i removed after looking at the log, the options "route delay 4", what does it do? Is it important?

I tried to reach out for the support, but you get the classic "not our product, not our problem" answer. Maybe someone can it explain it me, but is this a bug from openvpn or does sophos not support the new configuration rules for newer version?

And is there a permanent fix, which does not get whiped after a update?



This thread was automatically locked due to age.
Parents
  • 0

    We have the same problem, wondering if firmware upgrade SFOS 19.5.1 MR1-Build278 will solve this issue?

  • 0 in reply to Gentuity IT

    We are currently on (SFOS 19.5.2 MR-2-Build624) atleast on my sophos xg

  • +1 in reply to Simplified Sam

    Hi All,

    We are aware about OpenVPN client 3.4 (released on 10th July 2023) started validating the OpenVPN parameters. If the input parameters are redundant/unsupported, the config import will fail.

    The route-delay command is needed when addresses are issued dynamically to the tunnel interface. This can take a bit of time, depending on environmental factors. If routes are applied too soon, then the tunnel connects successfully, but clients can't access resources over the tunnel. This setting is still necessary in many cases for the ovpn version we use in Sophos Connect.   

    We will be looking into it to understand further impact for other platfroms where we don't provide SCC. 

    --Alok

Reply
  • +1 in reply to Simplified Sam

    Hi All,

    We are aware about OpenVPN client 3.4 (released on 10th July 2023) started validating the OpenVPN parameters. If the input parameters are redundant/unsupported, the config import will fail.

    The route-delay command is needed when addresses are issued dynamically to the tunnel interface. This can take a bit of time, depending on environmental factors. If routes are applied too soon, then the tunnel connects successfully, but clients can't access resources over the tunnel. This setting is still necessary in many cases for the ovpn version we use in Sophos Connect.   

    We will be looking into it to understand further impact for other platfroms where we don't provide SCC. 

    --Alok

Children
Unfiltered HTML