This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow 3rd Party Wireguard VPN to Access LAN ressources from offsite Server

Hello everyone
I am struggeling with the following:

The customer has microtik router that connects via wireguard VPN to a remote Windows Server in a Datacentre.
The Microtik router is the VPN Client, the Windows Server is the VPN Server.
The employees are supposed to print from the remote Windows Server to local LAN printers.

Setup:
Local LAN 192.168.5.0 /24
VPN: 10.19.15.0 /24

in SFOS 19 I only needed to set a static route 10.19.15.0/24 with Gateway (Microtik router) on br0 to make it work.
Since upgrading to SFOS 20 the VPN connection suddenly stopped working.

Which Rules do I need to set in place, to tell the XGS that:
- Data from the VPN 10.19.15.0 are okay to access the local LAN ( logs tell me that the XGS can't associate the Microtik VPN traffic with any connection ).

Thanks

This thread was automatically locked due to age.

Parents

0 Raphael Alganes 3 months ago

Hello Rene,

Thanks for reaching out. Could you share your network diagram/setup, firewall rule, routes and logs on SF for this? Thank you

Regards,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Raphael Alganes 3 months ago

Hello Rene,

Thanks for reaching out. Could you share your network diagram/setup, firewall rule, routes and logs on SF for this? Thank you

Regards,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Rene Böhres 3 months ago in reply to Raphael Alganes

It's not very complicated in Terms of Setup so a Diagram would probably be overkill

Local LAN 192.168.5.0 /24
Printer 192.168.5.96 /24

VPN: 10.19.15.0 /24
"VPN Box" 192.168.5.31 / 10.19.15.1
Windows Server 10.19.15.1/24

ISP Router Lan: 192.168.6.0/24

Local Lan: 192.168.5.0 -> ISP Router LAN

In the "Local LAN" is a small Router (let's call it VPN Box) that connects as a Wireguard VPN Client to a Windows Server that is a Wireguard VPN
The VPN Box has a LAN Adress (Lets say 192.168.5.31) as well as a VPN Adress ( Say 10.19.15.2) and the Windows Server (10.19.15.1)
Printers from the Local LAN are installed on the Windows Server so employees can Print locally.
Right now the connection to the Windows Server in the cloud works, but if i ping the printers from the windows server I get like 6 successes and 4 fails.

I had to black out a bunch of Stuff, since this Firewall is setup for 2 companies (sorry)
Cancel
Vote Up 0 Vote Down

Cancel