Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 42 subscribers
  • Views 28189 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to get VPN to work on XG Firewall home edition

EdRought

I installed the XG Firewall on my own server and have been working all day to get any flavor of VPN to work.

The best we have been able to get is a PPTP connection to intermittently connect, one machine could connect and get an IP but no connection to the remote LAN.  Another was able to connect and work ONCE, but then the XG started returning bad user/password with no changes having been made.  Rebooting the XG allowed a connection to login, but killed all local LAN and internet connection on the workstation till rebooted.

We tried to setup a ipsec VPN on the XG, but could not get past what goes in the local ID and remote ID values.  There was nothing in any of the help or documentation we could find that says what IP, EMAIL, etc. value is supposed to go in those and it would not save the setup without them.

We could not get any SSL VPN client to connect to the XG either.

Is there any documentation anywhere that gives a complete example of how to configure the XG and the client to get them to reliable connect?

The product looks like it could be good, but it really feels like a beta product and the documentation/help seems to fall to non-existent at critical points in several areas.  Like providing any type of tutorials on using the product that completely cover setting up a feature.  Hopefully this will come cause as it sits now it would be difficult to recommend this to a client to use in production.

Thanks for any help



This thread was automatically locked due to age.
  • 0

    I have been looking for this as well. There is no documentation as far as I can see that will work for IPSec. The only one that resembles help for this is CiscoVPN community.sophos.com/.../123136. But overall this is not intuitive for me. This really has me scratching my head. I have been even checking out cyberoam's forums (similar structure of interfaces and software due to being a sophos company) with no luck. Really would like to get this going so I can replace my home consumer equipment.


    ****Update****

    I have been browsing the Cyberoam site and have used http://kb.cyberoam.com/default.asp?id=2439&Lang=1&SID= to connect my phone to my network. I have not tried win 7 to XG FW, but I would try http://kb.cyberoam.com/default.asp?id=1763&Lang=1&SID=.  I will be doing this in the future, but still need to fine tune what I have working now.


    The full VPN KB for cyberoam is here http://kb.cyberoam.com/default.asp?id=1632&Lang=1&SID=.  Look at the left hand column.  I cant guarantee it will work as the devices are different.  But with time I was able to extrapolate what I needed to do on the XG settings which look similar to cyberoam.  

    I cant say for sure, but I think the authentication default is any in the XG.  to change it to mchap v2, try http://kb.cyberoam.com/default.asp?id=1946&Lang=1&SID=. The commands are quite simiar, although not exact.

    Hope you find this as helpful as I have.

  • 0

    Hey Dillion,
    Thanks for the info, but we decided to go a different route on the vpn and put in a dedicated software product called SoftEther (https://www.softether.org/). It was really easy to setup, has excellent performance, and seems to work with just about everything, and its open source and free.

    The only gotcha we found with it is that after the install you NEED to reboot the machine you install it on to get it to work correctly. While it says its optional, its needed. Other than that it was really easy to get going and after the hours of frustration on XG's vpn, it was a real pleasure to use.

    We set it up on a separate server, but it should be able to be on the same one as XG, but did not try it that way.

    If Sophos ever gets some proper docs out on setting their VPN we will try it again, but so far we have been really happy with the Softether.

    Thanks again

  • 0 in reply to EdRought

    Dear,

    I'm currently using softether in OpenWRT and would like to use it in Sophos too. Did you install it directly on the Sophos Server? Do you have a description or manual, how to do it?

    Thanks and your feedback is highly appreciated.

  • 0 in reply to GuBo

    Gubo,

    XG has already VPN feature inside and no other package installation are needed. See this thread:

    https://community.sophos.com/products/xg-firewall/f/127/t/10975

    Also on XG go to System > VPN > SSL VPN (Remote Access) and configure it to allow only certain users and permitted internal resources, then create a Policy VPN to LAN.

    That's all!

Unfiltered HTML