Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 7 subscribers
  • Views 2610 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN IP Issue

vasileiosg

Hello,

I have been using SG for personal and professional reasons since 2015 and this issue I have never seen before.

In my house where I use the SG VM with firmware version 9.605-1, when connecting to the SSL VPN I get an IP in the range of 10.242.2.x/24 with DHCP 10.242.2.254 but no GW!

I checked in the logs and there is nothing to indicate an issue. I restarted the firewall but the issue persists. Any ideas please?

PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 217.122.104.0 255.255.254.0,route 10.10.2.0 255.255.255.0,route 10.10.3.0 255.255.255.0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DOMAIN savagi.eu,ifconfig 10.242.2.3 255.255.255.0'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
ROUTE_GATEWAY 10.101.4.1/255.255.255.0 I=23 HWADDR=98:3b:8f:00:6b:1c
open_tun, tt->ipv6=0
TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{8F72D7A1-962E-4579-BE60-FC877C6CEBCC}.tap
TAP-Windows Driver Version 9.21
Set TAP-Windows TUN subnet mode network/local/netmask = 10.242.2.0/10.242.2.3/255.255.255.0 [SUCCEEDED]
Notified TAP-Windows driver to set a DHCP IP/netmask of 10.242.2.3/255.255.255.0 on interface {8F72D7A1-962E-4579-BE60-FC877C6CEBCC} [DHCP-serv: 10.242.2.254, lease-time: 31536000]
Successful ARP Flush on interface [19] {8F72D7A1-962E-4579-BE60-FC877C6CEBCC}
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
MANAGEMENT: >STATE:1564989149,ASSIGN_IP,,10.242.2.3,,,,



This thread was automatically locked due to age.
  • +1

    Hi Vaselios,

    What happens if you disable/enable SSL Remote Access?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    if you don't use "any" for tunnelled networks but single network definitions, you got single routes for these networks and no default gateway.

    check your local routing-table after connecting.

    you should see something like 10.10.3.0 255.255.255.0 with gateway 10.242.2.1


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to BAlfson

    Thanks Bob!

    After disabling/enabling the SSL Remote Access and restarting my laptop, one of the two worked!

  • +1

    Yes check route entries as Dirk said. There should be a route entry after SSL-connection...

    Is there something shown in Sophos Client SSL Status?

     

    Check also SSL-Network Adapter:

    Sometimes you have to reinstall the SSL-Client (because the SSL-Network Adapter on the client did not work anymore) - I had this error after upgrades of Windows10 to the latest release...

     

    regards

Unfiltered HTML