Sophos VPN Client - disable autoconnect when in local network

Question

Hi all, 
 
 I'm struggling with setting up Sophos VPN Client on user's Windows computers. 
 What behaviour I expect is to automatically connect when user connects any network except internal LAN/WIFI. 
 So if users is turning on the laptop at home and connects to his/her home WIFI, Sophos Client shoud connect VPN immediately. But when user comes to the office and connects to LAN network, Sophos Client should stop connecting. I edited ovpn config file and added auto_connect parameter as LAN VLAN network address (192.168.3.1), but it didn't help - after connecting to office's wifi, Sophos Client is connecting to VPN. 
 Next thing I tried was to block SSL VPN in firewall administration and it helped, but now Sophos Client is continuously trying to connect, fails, tries again, fails, and so on. 
 How to set it up so it just stops trying to connect when in LAN, and after network change (going back to home), connects VPN immediately?

TimFranken · Accepted Answer

The instructions are from an older version where there was only the user portal. As of version 20, they have split it into user and VPN portal. The .pro file is there to pull the .ovpn file from the VPN portal, so the port from the VPN portal and not from the user portal must be specified there. 
 
 Kam said: What's another weird thing - when I enabled SSL VPN, in global settings there already was this incorrect IP set up. I didn't change anything, so it looks like Sophos has wrong data as default setup. 
 Yes, this also results from an older version where an IP range still had to be specified. for example: 10.81.234.5-10.81.234.85 At some point this was also changed to a whole subnet e.g. /24, but probably forgot to adjust the IP as well.

Nikhil Bhandari · Answer

Hi Kam , if you want openvpn to connect to only the ddns, you can specify it in the "Override hostname" in the SSLVPN global settings on the firewall: 
 
 With this, the .ovpn file will only have the override hostname in its remote directive and you will be able to use the .pro file also.

TimFranken · Answer

In fact it has been updated, you have only been given the link to the KB of 19.5. The right link for version 20 is here and it is correct there.

apijnappels · Answer

With Sophos connect you can provision a provisioning file with an auto_connect_host. See this for more explanation.

Sophos VPN Client - disable autoconnect when in local network

Top Replies