Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 7637 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Guides on setting up a Sophos UTM and OpenVPN access server?

John Mac

Hi,

Are there any recent guides on setting up a Sophos UTM and OpenVPN access server?

The below PDF is a bit long in the tooth hopefully the ports stipulated are still relevant:

https://openvpn.net/images/pdf/OpenVPN_Access_Server_Sysadmin_Guide_Rev.pdf

I would imagine HTTPS (port 443) traffic is passed onto the OpenVPN access server and it will need to "host" the certificate?

Any guides/details will be much appreciated.

A date constrained search for:

"sophos utm" "openvpn access server" 

didn't turn up much.

John

   



This thread was automatically locked due to age.
Parents
  • 0

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    Amodin,

    I understood he wants to put an OpenVPN access Server behind his Sophos UTM.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Thanks for the answers!

    Looking into OpenVPN as a viable VPN for the following reasons:

    Software/client maturity, plus having Windows, Mac and Linux clients.

    My workstation is running Linux so this is a big plus.

    Are the 'Remote Access' > SSL' settings only for the 'Sophos Connect' rig?  

    Having a dig through the manual now:

    sophos.my.salesforce.com/.../

    thanks

    John

  • 0 in reply to John Mac

    Sophos SSL-VPN is OpenVPN based, as already said. You can use any OpenVPN-Client.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Forgot to add 'OpenVPN access server' is "proprietary" software and won't be available within the Sophos UTM. 

  • 0 in reply to John Mac

    Ok, John, we know that,

    But how can we help you? What is your route you want to go?

    From my POV, you don't really "need" another VPN server, when using the UTM. Not technically, not comfortwise and not at all.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch
    > From my POV, you don't really "need" another VPN server, when using the UTM. Not technically, not comfortwise and not at all.

    Agreed....

    I'm a 1.85 man IT shop so I'm ultimately looking for a solution where I can go on holiday and have everything burn to the ground.  Have 0.85 people with the aid of OpenVPN support bring the VPN connection back online in a reasonable period of time.  Without needing them to access the Sophos UTM.    

    Yes this will come at a financial/technical cost.

    We need to be honest, OpenVPN is a highly configurable product and will invariably be a barrier to changes and problem resolution.  Paying for their services might lessen the pain once everything is burning.

    The below page is a honest comparison without being too heavy on the sales pitch, I watched the video at 1.75 to quickly grasp the differences:
  • 0 in reply to John Mac

    OK, I still don't get you.You like your idea, that's ok for me.

    But: there is no such guide.

    You simply need two DNA-rules, one forwarding UDP 1194 to your internal OpenVPN Access Server, then another one to forward TCP 443 to your internal OpenVPN-access server, That's it. I don't know what is meant by running "direct" onport 943, but this can use 443 as well (see your table above)

    You should change the port Sophos Userportal is running on to something different than 443, if you need to use that from remote.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to John Mac

    OK, I still don't get you.You like your idea, that's ok for me.

    But: there is no such guide.

    You simply need two DNA-rules, one forwarding UDP 1194 to your internal OpenVPN Access Server, then another one to forward TCP 443 to your internal OpenVPN-access server, That's it. I don't know what is meant by running "direct" onport 943, but this can use 443 as well (see your table above)

    You should change the port Sophos Userportal is running on to something different than 443, if you need to use that from remote.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML