Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN SSL VPN Configuration gives error: Unsported Options "route delay 4"

Since Sophos XG is depended on OpenVPN for many clients, we only use it for all:

https://doc.sophos.com/nsg/sophos-firewall/18.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/RemoteAccessVPN/VPNSophosConnectClient/index.html#import-configuration-and-provisioning-files (Recommended, since no support.)

Since openvpn-connect-3.4.0.3121_signed  or 3.4, i get the error "Unsported Options" and i cant connect.

So i removed after looking at the log, the options "route delay 4", what does it do? Is it important?

I tried to reach out for the support, but you get the classic "not our product, not our problem" answer. Maybe someone can it explain it me, but is this a bug from openvpn or does sophos not support the new configuration rules for newer version?

And is there a permanent fix, which does not get whiped after a update?



This thread was automatically locked due to age.
Parents
  • We have the same problem, wondering if firmware upgrade SFOS 19.5.1 MR1-Build278 will solve this issue?

  • We are currently on (SFOS 19.5.2 MR-2-Build624) atleast on my sophos xg

  • Hi All,

    We are aware about OpenVPN client 3.4 (released on 10th July 2023) started validating the OpenVPN parameters. If the input parameters are redundant/unsupported, the config import will fail.

    The route-delay command is needed when addresses are issued dynamically to the tunnel interface. This can take a bit of time, depending on environmental factors. If routes are applied too soon, then the tunnel connects successfully, but clients can't access resources over the tunnel. This setting is still necessary in many cases for the ovpn version we use in Sophos Connect.   

    We will be looking into it to understand further impact for other platfroms where we don't provide SCC. 

    --Alok

Reply
  • Hi All,

    We are aware about OpenVPN client 3.4 (released on 10th July 2023) started validating the OpenVPN parameters. If the input parameters are redundant/unsupported, the config import will fail.

    The route-delay command is needed when addresses are issued dynamically to the tunnel interface. This can take a bit of time, depending on environmental factors. If routes are applied too soon, then the tunnel connects successfully, but clients can't access resources over the tunnel. This setting is still necessary in many cases for the ovpn version we use in Sophos Connect.   

    We will be looking into it to understand further impact for other platfroms where we don't provide SCC. 

    --Alok

Children