Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Connect 2.3 MR1 iPSec DNS problems but SSL OK

Hi there,
After the firmware update to SFOS 20.0.1 MR-1-Build342, we have rolled out the Sophos Connect Client v2.3.1.
It turns out that DNS resolution does not work with IPsec. It looks like the wrong DNS servers are being entered here (ipv6).



With SSL VPN, the DNS servers are forwarded correctly and name resolution also works without any problems.



We did not have these problems with Sophos Connect version 2.2.9 and SFOS 19.5.1.
Any idea why the IPSec connection gives the ipv6 of the gateway as DNS server instead of the IP address of the inner DNS servers ?

Regards
Stefan





Edited TAGs
[edited by: Erick Jan at 11:03 AM (GMT -7) on 2 Jul 2024]
Parents Reply
  • Erick,

    Certainly, thank you for the response.

    Both clients are on windows 10, but so is most of fleet that works as expected. Both problem computers are different models, they may have same windows patch, but rest of fleet should be as well as updates are standardized.

    Firmware for firewall is 20.0.1 Build 342. For Sophos Connect client, tried to resolve issue using both 2.3.1 and 2.3.2.

    We also have two test Sophos firewalls, one running 20.0.1 and the other 20.0.2. Neither gave proper DNS when connecting to VPN either. Have also tried multiple VPN user accounts with no success.

    Also, worth noting, the VPN is able to connect successfully and also work as expected if DNS servers are added manually to the TAP adapter. I'm also considering using a scheduled task to run a script that adds the DNS servers upon TAP adapter coming online as a workaround.

    Sophos Connect and TAP adapter have been reinstalled as well with no resolution.

    Let me know if you want any other information. I will update here if I think of anything else in the near future as well.

    Thanks!

Children