Sophos UTM: Temporary Fix OpenVPN (3.4.0) Unsupported Options error

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Table of Contents

Overview

This recommended read describes the workaround regarding OpenVPN 3.4.0 won't connect due to Unsupported Options

Background

The release of OpenVPN 3.4 started validating the OpenVPN parameters; if the input parameters are redundant/unsupported,
this will cause a Connection Failed (specifically UNSUPPORTED OPTIONS) when a user tries to connect using OpenVPN.

The route-delay command is the specific option that causes the connection to fail; this option is used/needed when addresses
are issued dynamically to the tunnel interfaces. This setting is still necessary for the OVPN version in Sophos Connect.

Temporary Fix


1. Access via SSH the UTM Firewall

2. login as login user credentials and then as a super user (su) > advance shell

3. Enter the following line: vi /var/confd/res/openvpn/client.ovpn-default

The above command will open the file called client.ovpn-default in the vi editor

4. Press the Down Arrow in your keyboard until you see and the pointer is at "route-delay 4",

5. Press the letter "i" on your keyboard to enter INSERT mode in vi, and press the semicolon symbol (;) on your keyboard

6. Press the key ESC on your keyboard followed by :x or :wq (you should see the :X on the left bottom corner of your screen

After this change, ask the user to access the User Portal to re-download the configuration, and the user won't be presented
with the Unsupported Options error when trying to connect.

Note: This won't survive a Firmware update, so you’ll need to re-enter the commands after doing a Firmware Upgrade
 
For Sophos Firewall kindly check the the following link:



Fixed Formatting
[edited by: Vivek Jagad at 11:43 PM (GMT -7) on 19 Oct 2023]