Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does the Sophos XG allows to connect to an OpenVPN server (as a "user" client)

I use the Sophos XG at home and don't have a static IPv4 address, maybe in future I will only have an IPv6 address. So I use an OpenVPN static IPv4 provider to get access from outside. However, I currently need to do that with a seperate box tunneling to the outside as UTM and XG only allow to have a remote access or site-to-site vpn, but I need a "client-to-site" vpn. Any suggestions?



This thread was automatically locked due to age.
  • Hi Nege,

    Greetings.

    Yes client to site VPN is possible, this is termed as Remote Access via VPN in XG.

    You can refer the given link for more information:

    https://www.sophos.com/en-us/support/knowledgebase/122769.aspx

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • I'm sorry, but that's not what I'm looking for. I want the UTM to be the client and an online VPN service to be the destination. Is that possible?

  • I have looked into this myself and Sophos doesn't support this.  According to other posts only people that want to do this are home users, and the product doesn't cater to home users need but acceptable "business" use.  So a recommendation was made in another post to purchase a vpn routerlike TP-LINK TL-R600VPN to put in front XG to connect to a VPN service.

  • Thanks for your honest response. However, I don't only see home users in need. DS Lite is not only for home but also for business users preventing them from any way to access internal systems or built a private network with multiple stations, if they are SOHOs and no corporations with dedicated lines. Also privacy is an upcoming issue for companies tunneling their traffic through a VPN provider instead of direct internet access.

  • Here is the longer thread that I got my info from.

    https://community.sophos.com/products/unified-threat-management/f/58/t/55846

    I have worked with Cisco, Juniper, and Palo Alto Networks firewall and none of these offer OpenVPN client options like we both want to have.  I think Sophos is doing what is "standard" in the industry.  I did find pfSense can do what we want thou. 

    https://chubbable.com/setup-pfsense-as-openvpn-client

    or alternative https://torguard.net/store/

  • Hi,

    already looked for pfsense, looks good as an alternative. I just hoped, with new Sophos edition they would look more for customer requests. The firewall market is very full, differenting a bit would be a good idea.

    Regards,

    Christian

  • Agreed. I myself have already moved on to better things. As been stated many times before, Sophos does not cater or even really seem interested in the home market and in my humble opinion that's a big miss for them. There are huge potential in the home market that there missing out on. Have you had a look at the new Untangle v12? Looks great and they now have a new home license package that includes the full protection for 5.00 a month or 50.00 a year or 200.00 for 5 years. and in my humble opinion works much better for home use and it won't block streaming services such as Netflix or Microsoft updates from working. I don't know if Untangle will fix your trouble but have a look.

  • Thanks for your response. I will have a look. However, I'm not only a home user but also a business user. We run some UTMs in our branches, however, I'm unsure if we will keep, they seem to have many bugs in our setup. We also are twice covered by frontal Juniper SSG, however, also their support seems to be over really soon, so we look for something different. The setup of a hardened system in front, which is no linux or bsd with a linux or bsd based more feature-rich system in behind would be the preferred solution. So having a UTM at home is also somehow a test setup for business use in small private environment. So ignoring the home market also has an impact on their corporate market.