Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 42 subscribers
  • Views 28188 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to get VPN to work on XG Firewall home edition

EdRought

I installed the XG Firewall on my own server and have been working all day to get any flavor of VPN to work.

The best we have been able to get is a PPTP connection to intermittently connect, one machine could connect and get an IP but no connection to the remote LAN.  Another was able to connect and work ONCE, but then the XG started returning bad user/password with no changes having been made.  Rebooting the XG allowed a connection to login, but killed all local LAN and internet connection on the workstation till rebooted.

We tried to setup a ipsec VPN on the XG, but could not get past what goes in the local ID and remote ID values.  There was nothing in any of the help or documentation we could find that says what IP, EMAIL, etc. value is supposed to go in those and it would not save the setup without them.

We could not get any SSL VPN client to connect to the XG either.

Is there any documentation anywhere that gives a complete example of how to configure the XG and the client to get them to reliable connect?

The product looks like it could be good, but it really feels like a beta product and the documentation/help seems to fall to non-existent at critical points in several areas.  Like providing any type of tutorials on using the product that completely cover setting up a feature.  Hopefully this will come cause as it sits now it would be difficult to recommend this to a client to use in production.

Thanks for any help



This thread was automatically locked due to age.
Parents
  • 0

    Hey Dillion,
    Thanks for the info, but we decided to go a different route on the vpn and put in a dedicated software product called SoftEther (https://www.softether.org/). It was really easy to setup, has excellent performance, and seems to work with just about everything, and its open source and free.

    The only gotcha we found with it is that after the install you NEED to reboot the machine you install it on to get it to work correctly. While it says its optional, its needed. Other than that it was really easy to get going and after the hours of frustration on XG's vpn, it was a real pleasure to use.

    We set it up on a separate server, but it should be able to be on the same one as XG, but did not try it that way.

    If Sophos ever gets some proper docs out on setting their VPN we will try it again, but so far we have been really happy with the Softether.

    Thanks again

  • 0 in reply to EdRought

    Dear,

    I'm currently using softether in OpenWRT and would like to use it in Sophos too. Did you install it directly on the Sophos Server? Do you have a description or manual, how to do it?

    Thanks and your feedback is highly appreciated.

  • 0 in reply to GuBo

    Gubo,

    XG has already VPN feature inside and no other package installation are needed. See this thread:

    https://community.sophos.com/products/xg-firewall/f/127/t/10975

    Also on XG go to System > VPN > SSL VPN (Remote Access) and configure it to allow only certain users and permitted internal resources, then create a Policy VPN to LAN.

    That's all!

Reply Children
No Data
Unfiltered HTML