Sophos Connect 2.3 MR1 iPSec DNS problems but SSL OK

Hi StefanS,

Thank you for reaching out to Sophos Community. 

To verify, do the IPsec DNS settings change after the update? And in comparison with the SSL VPN DNS settings

I recommend creating a support case and kindly sharing it here since the issue occurs upon firmware upgrade. This will allow us to check this further.

Hi Erick,
Thank you for your answer.
The DNS settings for remote IP-Sec are correct.
I will open a ticket for this problem as you recommended.

Case ID: 07421499

Hi StefanS 

We are trying to reproduce this in our lab and we will come back with an update soon this topic.

On working machines, the virtual adapter's name would be "Sophos TAP Adapter". Right ?

On non-working machines, what is the name of virtual adapter ? Do you see any suffix to "Sophos TAP Adapter" ? Like "Sophos TAP Adapter #2" or "Sophos TAP Adapter #3" etc" ?

You can see these details under "Control Panel\Network and Internet\Network Connections".

Hi StefanS,

Upon checking case 07421499.

Further updates will be shared on the committed date, August 2, 2024.

Before opening a support case of my own I wanted to see if there were any updates that could be shared on this issue as I'm experiencing similar problems.

The correct IPv4 DNS server addresses are not populated into the Sophos TAP adapter on specifically two machines but works on the rest of the fleet.

I'm also seeing in the logs "x.x.x.x not in server list doing add",

"TAP adapter not found. Error code = 0x00000001",

"failed to get TAP adapter information. Error code = 2"

"adding DNS server failed"

Hi David,

We regret to hear about your experience.

Could you share more information about the issue you’re experiencing with the two clients? 

What firmware version are you using in your firewall? Sophos Connect Client Version?

You may also check the following issues, which the update has resolved.

 Sophos Connect 2.3 Update Released 

Erick,

Certainly, thank you for the response.

Both clients are on windows 10, but so is most of fleet that works as expected. Both problem computers are different models, they may have same windows patch, but rest of fleet should be as well as updates are standardized.

Firmware for firewall is 20.0.1 Build 342. For Sophos Connect client, tried to resolve issue using both 2.3.1 and 2.3.2.

We also have two test Sophos firewalls, one running 20.0.1 and the other 20.0.2. Neither gave proper DNS when connecting to VPN either. Have also tried multiple VPN user accounts with no success.

Also, worth noting, the VPN is able to connect successfully and also work as expected if DNS servers are added manually to the TAP adapter. I'm also considering using a scheduled task to run a script that adds the DNS servers upon TAP adapter coming online as a workaround.

Sophos Connect and TAP adapter have been reinstalled as well with no resolution.

Let me know if you want any other information. I will update here if I think of anything else in the near future as well.

Thanks!

Erick,

Certainly, thank you for the response.

Both clients are on windows 10, but so is most of fleet that works as expected. Both problem computers are different models, they may have same windows patch, but rest of fleet should be as well as updates are standardized.

Firmware for firewall is 20.0.1 Build 342. For Sophos Connect client, tried to resolve issue using both 2.3.1 and 2.3.2.

We also have two test Sophos firewalls, one running 20.0.1 and the other 20.0.2. Neither gave proper DNS when connecting to VPN either. Have also tried multiple VPN user accounts with no success.

Also, worth noting, the VPN is able to connect successfully and also work as expected if DNS servers are added manually to the TAP adapter. I'm also considering using a scheduled task to run a script that adds the DNS servers upon TAP adapter coming online as a workaround.

Sophos Connect and TAP adapter have been reinstalled as well with no resolution.

Let me know if you want any other information. I will update here if I think of anything else in the near future as well.

Thanks!