Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 446 views
  • Users 0 members are here
Options
Suggested

Sophos Connect 2.3 MR1 iPSec DNS problems but SSL OK

StefanS

Hi there,
After the firmware update to SFOS 20.0.1 MR-1-Build342, we have rolled out the Sophos Connect Client v2.3.1.
It turns out that DNS resolution does not work with IPsec. It looks like the wrong DNS servers are being entered here (ipv6).



With SSL VPN, the DNS servers are forwarded correctly and name resolution also works without any problems.



We did not have these problems with Sophos Connect version 2.2.9 and SFOS 19.5.1.
Any idea why the IPSec connection gives the ipv6 of the gateway as DNS server instead of the IP address of the inner DNS servers ?

Regards
Stefan





Edited TAGs
[edited by: Erick Jan at 11:03 AM (GMT -7) on 2 Jul 2024]
Parents
  • 0

    Hi  

    What is the Windows version that you are on ?

    Is the Windows version(10 or 11), when you were on SFOS version v19.5MR1 ??

    Is the DNS entry populated correctly when you were on v19.5MR1 ?

    Please share the openvpn log from the SCC.

  • 0 in reply to Giridhar Katti

    Hi  
    the affected systems are Windows 10.
    Out of about 60 systems, the upgrade to v2.3.1, 2 systems were affected where the wrong DNS server is published with IPsec and on some other systems only the FQDN works, the hostname alone does not work here. Although the domain suffix was also specified in the IPsec profile.
    In SFOS 19.5.1 and Sophos Connect v2.2.9 we only saw the FQDN problem sporadically, but not that the wrong DNS servers were transmitted completely.
    What we can say in general is, that with SSL VPN the DNS resolution works very stable instead of IPSec.

Reply
  • 0 in reply to Giridhar Katti

    Hi  
    the affected systems are Windows 10.
    Out of about 60 systems, the upgrade to v2.3.1, 2 systems were affected where the wrong DNS server is published with IPsec and on some other systems only the FQDN works, the hostname alone does not work here. Although the domain suffix was also specified in the IPsec profile.
    In SFOS 19.5.1 and Sophos Connect v2.2.9 we only saw the FQDN problem sporadically, but not that the wrong DNS servers were transmitted completely.
    What we can say in general is, that with SSL VPN the DNS resolution works very stable instead of IPSec.

Children
Unfiltered HTML