Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Connect 2.3 MR1 iPSec DNS problems but SSL OK

Hi there,
After the firmware update to SFOS 20.0.1 MR-1-Build342, we have rolled out the Sophos Connect Client v2.3.1.
It turns out that DNS resolution does not work with IPsec. It looks like the wrong DNS servers are being entered here (ipv6).



With SSL VPN, the DNS servers are forwarded correctly and name resolution also works without any problems.



We did not have these problems with Sophos Connect version 2.2.9 and SFOS 19.5.1.
Any idea why the IPSec connection gives the ipv6 of the gateway as DNS server instead of the IP address of the inner DNS servers ?

Regards
Stefan





Edited TAGs
[edited by: Erick Jan at 11:03 AM (GMT -7) on 2 Jul 2024]
Parents Reply
  • Hi  
    the affected systems are Windows 10.
    Out of about 60 systems, the upgrade to v2.3.1, 2 systems were affected where the wrong DNS server is published with IPsec and on some other systems only the FQDN works, the hostname alone does not work here. Although the domain suffix was also specified in the IPsec profile.
    In SFOS 19.5.1 and Sophos Connect v2.2.9 we only saw the FQDN problem sporadically, but not that the wrong DNS servers were transmitted completely.
    What we can say in general is, that with SSL VPN the DNS resolution works very stable instead of IPSec.

Children