Help: Set-up Remote access SSL VPN

change interface address to "Any" and clear Override hostname.  Just curious show us your profile settings

unable to use any. since it is already used on our exchange server.

see above profile setting.

You were getting a TLS error, which means the initial handshake is failing.

1) sha1 is deprecated as insufficiently secure.   Change to sha2.

2) aes128 is weak.  Change to aes256.

It may be that your client is configured to only accept the new protocols, while your utm is only offering old ones.

Does your utm have its own ca-issued identity certificate?   Is that name in the override hosts file?   Is that name in dns or in the client hosts file?   Have you updated the client to ensure that the utm name stored on the client pc matchhes the certificate name?

The product works.  You will get there.

Hi, Jay-ar, and welcome to the UTM Community!

You're just getting started, so you can go back now and start over paying attention to The Zeroeth Rule in Rulz.

If you have only a single public IP, I would change from TCP 443 to UDP 1443 - that will accelerate your connection and avoid conflict with other uses for HTTPS.  I would use 'Automatic firewall rules' and allow the SSL VPN service to listen on "Any" interface.

Cheers - Bob
PS Doug, you said, "2) aes128 is weak.  Change to aes256."  I think there's a vulnerability in AES256 that AES128 doesn't have, so I prefer AES128.

Hi, Jay-ar, and welcome to the UTM Community!

You're just getting started, so you can go back now and start over paying attention to The Zeroeth Rule in Rulz.

If you have only a single public IP, I would change from TCP 443 to UDP 1443 - that will accelerate your connection and avoid conflict with other uses for HTTPS.  I would use 'Automatic firewall rules' and allow the SSL VPN service to listen on "Any" interface.

Cheers - Bob
PS Doug, you said, "2) aes128 is weak.  Change to aes256."  I think there's a vulnerability in AES256 that AES128 doesn't have, so I prefer AES128.