This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to connect a OpenVPN Connection to third party server

Hi Guys, 

we have a network running with multiple sites. All the Sites are connected via IKEv2 Tunnel to our Sophos XG330 (via Lancom Routers).

In each site we have a device running which is trying to connect (via OpenVPN Tunnel) (UPD Port 1194)  to a third party server (external IP Adress).

But for some reason the connection wont work. If only one device is connected, tunnel is running fine. As soon as i am connecting a second device, traffic is not working. It seems to be connected for a few minutes sometimes, but then its gone again.

I have checked all my rules on XG. If I'm running the policy tester, everything is fine.

I already checked with Sophos Support, but that did not help a lot. 

Their conclusion from logs was: 

Our XG is recieving Answer Packages from the Third Party Server, our XG never sent out (Packets with unknown ports) -> so the packets get dropped.

This thread was automatically locked due to age.
  • Example: 

    WAN IP XG:

    Third party Server IP:

    Internal Network Device:

    15:15:44.149254 xfrm88, IN: In ethertype IPv4 (0x0800), length 186: > UDP, length 142

    15:15:44.149256 Port2, OUT: Out c8:4f:86:fc:00:05 ethertype IPv4 (0x0800), length 186: > 1194: UDP, length 142

    15:15:44.153991 Port2, IN: In 2c:23:3a:8a:c2:20 ethertype IPv4 (0x0800), length 94: > UDP, length 50

    15:15:44.154005 xfrm88, OUT: Out ethertype IPv4 (0x0800), length 94: > UDP, length 50

    Port2, IN: In 2c:2xxxxxx:20 ethertype IPv4 (0x0800), length 97: > . 24834: UDP, length 53

    Port2, IN: In 2c:xxxxxxx:20 ethertype IPv4 (0x0800), length 97: > .24834: UDP, length 53

    So that means: XG recieves answers with random ports ans drops them 

  • Hi Lino,

    Thank you for reaching out to Sophos Community.

    To verify, the query is more on the implementation side, and upon checking the case 07102305/07116301/07117414.

    This has already been escalated to our SIS, and per the case update, the case handler has assisted you with the logs capture you needed and is further awaiting your response. 

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.