Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
I have a client who uses RDP to troubleshoot staff PCs remotely while both machines are connected to the same IPsec VPN. When the technician initiates an RDP session, the connection initially succeeds, allowing them to sign in using AD credentials synced to Central. However, once the remote user accepts the connection (which logs them out), the technician’s RDP session immediately drops.
As a result, the remote user must sign back in and reestablish the VPN tunnel—often needing to reimport the Sophos Connect configuration file, as it gets deleted from Sophos Connect. Typically, after one or two attempts, the issue resolves itself, and the technician can connect successfully without the tunnel dropping.
During initial testing, both PCs were confirmed to be connected to the VPN from an external network. The technician’s PC had an IP of 192.168.254.10/32, while the test PC had 192.168.254.13/32.
After setting up a controlled test environment, I observed invalid credential errors in the firewall logs at the exact time the technician attempted to establish an RDP session. Additionally, after a successful RDP session, Sophos Connect created a new entry in the protected folder (Sophos > Connect > protected). Once this entry appeared, RDP sessions could usually be established without the technician losing connection. However, the remote user still frequently had to reimport their configuration file after the technician disconnected.
I suspect that RDP over IPsec VPN on Sophos is inherently problematic because RDP terminates the remote user's session when the technician logs in. Since Sophos Connect runs within the user session, logging the user out effectively disconnects the VPN tunnel, likely changing the IP of the remote machine and breaking the RDP session. However, at times, the connection persists, which makes me wonder if Sophos caches credentials locally, allowing the tunnel to survive under certain conditions.
I have repeatedly advised my client to use an RMM solution that does not log the user out when connecting, but they insist on using RDP since it worked with their previous VPN (Cisco AnyConnect).
Does anyone know if this setup is viable, or am I wasting my time trying to get it to work consistently?
Quote