This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN clients cannot conect local network

Daer all, I created SSL VPN in Sophos UTM 9 and clients are connected successfully, but not able to connect VPN clients to local network and gateway in VPN client not showing . Please find the below configuration and help me to do the same.

Remote Acces Profile

Profile name : SSL Profile

Users : james

local network : Internal (Network)

Automatic firewall rules : yes

Log:

james/157.45.184.157:14079 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/james
james/157.45.184.157:14079 MULTI_sva: pool returned IPv4=10.242.2.2, IPv6=(Not enabled)
id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="james" variant="ssl" srcip="157.45.184.157" virtual_ip="10.242.2.2"
james/157.45.184.157:14079 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0
james/157.45.184.157:14079 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_38ce6b728f840b66da7a80b4f80af08b.tmp
james/157.45.184.157:14079 MULTI: Learn: 10.242.2.2 -> james/157.45.184.157:14079
james/157.45.184.157:14079 MULTI: primary virtual IP for james/157.45.184.157:14079: 10.242.2.2
james/157.45.184.157:14079 PUSH: Received control message: 'PUSH_REQUEST'
james/157.45.184.157:14079 send_push_reply(): safe_cap=940
james/157.45.184.157:14079 SENT CONTROL [james]: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.1.0 255.255.255.0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,ifconfig 10.242.2.2 255.255.255.0' (status=1)
TCP connection established with [AF_INET]192.241.205.181:53668 (via [AF_INET]<firewall_WAN_IP>:443)
192.241.205.181:53668 Non-OpenVPN client protocol detected
192.241.205.181:53668 SIGTERM[soft,port-share-redirect] received, client-instance exiting

This thread was automatically locked due to age.

Top Replies

Joerg-ST over 3 years ago in reply to Binu V +2 verified

Bad Design - you have overlapping networks, please use 172.16. instead of 10.0 for one side Or use 255..255.255.0 subnetmask for all networks

Parents

0 Joerg-ST over 3 years ago

when client connection is established - on client do:

cmd > route print

take a look to networks and Gateway information

remember - ping needs to allowed (Network Protection > Firewall > ICMP)
Cancel
Vote Up 0 Vote Down

Cancel
0 Binu V over 3 years ago in reply to Joerg-ST

Thanks for the replay.

Below are the details from VPN client

Network details

:\Users\User1>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet 4:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::8474:6f9d:98f8:a412%64

IPv4 Address. . . . . . . . . . . : 10.242.2.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Unknown adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Ethernet adapter Ethernet 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :

IPv4 Address. . . . . . . . . . . : 10.0.4.83

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 10.0.0.2

Route details

C:\Users\User1>route print

===========================================================================

Interface List

64...00 ff 60 35 4a f9 ......Sophos SSL VPN Adapter

25...00 ff 06 f3 1f 7c ......TAP-Windows Adapter V9 for OpenVPN Connect

20...00 09 0f fe 00 01 ......Fortinet Virtual Ethernet Adapter (NDIS 6.30)

16...e6 f8 9c bb 48 7e ......Microsoft Hosted Network Virtual Adapter

5...e4 f8 9c bb 48 7f ......Microsoft Wi-Fi Direct Virtual Adapter

4...20 47 47 c0 e5 a6 ......Realtek PCIe GBE Family Controller

3...e4 f8 9c bb 48 7e ......Intel(R) Dual Band Wireless-AC 3160

1...........................Software Loopback Interface 1

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.0.0.2 10.0.4.83 10

10.0.0.0 255.0.0.0 On-link 10.0.4.83 266

10.0.4.83 255.255.255.255 On-link 10.0.4.83 266

10.242.2.0 255.255.255.0 On-link 10.242.2.2 276

10.242.2.2 255.255.255.255 On-link 10.242.2.2 276

10.242.2.255 255.255.255.255 On-link 10.242.2.2 276

10.255.255.255 255.255.255.255 On-link 10.0.4.83 266

103.137.2.28 255.255.255.255 10.0.0.2 10.0.4.83 266

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 10.242.2.1 10.242.2.2 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 10.0.4.83 266

224.0.0.0 240.0.0.0 On-link 10.242.2.2 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 10.0.4.83 266

255.255.255.255 255.255.255.255 On-link 10.242.2.2 276

===========================================================================

Persistent Routes:

Network Address Netmask Gateway Address Metric

0.0.0.0 0.0.0.0 10.0.0.1 1

===========================================================================

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

64 276 fe80::/64 On-link

64 276 fe80::8474:6f9d:98f8:a412/128

On-link

1 306 ff00::/8 On-link

64 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Binu V over 3 years ago in reply to Joerg-ST

Thanks for the replay.

Below are the details from VPN client

Network details

:\Users\User1>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet 4:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::8474:6f9d:98f8:a412%64

IPv4 Address. . . . . . . . . . . : 10.242.2.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Unknown adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Ethernet adapter Ethernet 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 3:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :

IPv4 Address. . . . . . . . . . . : 10.0.4.83

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 10.0.0.2

Route details

C:\Users\User1>route print

===========================================================================

Interface List

64...00 ff 60 35 4a f9 ......Sophos SSL VPN Adapter

25...00 ff 06 f3 1f 7c ......TAP-Windows Adapter V9 for OpenVPN Connect

20...00 09 0f fe 00 01 ......Fortinet Virtual Ethernet Adapter (NDIS 6.30)

16...e6 f8 9c bb 48 7e ......Microsoft Hosted Network Virtual Adapter

5...e4 f8 9c bb 48 7f ......Microsoft Wi-Fi Direct Virtual Adapter

4...20 47 47 c0 e5 a6 ......Realtek PCIe GBE Family Controller

3...e4 f8 9c bb 48 7e ......Intel(R) Dual Band Wireless-AC 3160

1...........................Software Loopback Interface 1

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.0.0.2 10.0.4.83 10

10.0.0.0 255.0.0.0 On-link 10.0.4.83 266

10.0.4.83 255.255.255.255 On-link 10.0.4.83 266

10.242.2.0 255.255.255.0 On-link 10.242.2.2 276

10.242.2.2 255.255.255.255 On-link 10.242.2.2 276

10.242.2.255 255.255.255.255 On-link 10.242.2.2 276

10.255.255.255 255.255.255.255 On-link 10.0.4.83 266

103.137.2.28 255.255.255.255 10.0.0.2 10.0.4.83 266

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 10.242.2.1 10.242.2.2 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 10.0.4.83 266

224.0.0.0 240.0.0.0 On-link 10.242.2.2 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 10.0.4.83 266

255.255.255.255 255.255.255.255 On-link 10.242.2.2 276

===========================================================================

Persistent Routes:

Network Address Netmask Gateway Address Metric

0.0.0.0 0.0.0.0 10.0.0.1 1

===========================================================================

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

64 276 fe80::/64 On-link

64 276 fe80::8474:6f9d:98f8:a412/128

On-link

1 306 ff00::/8 On-link

64 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data