This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN clients cannot conect local network

Daer all, I created SSL VPN in Sophos UTM 9 and clients are connected successfully, but not able to connect VPN clients to local network and gateway in VPN client not showing . Please find the below configuration and help me to do the same. 

Remote Acces Profile

Profile name : SSL Profile

Users : james

local network : Internal (Network)

Automatic firewall rules : yes

Log:

james/157.45.184.157:14079 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/james
james/157.45.184.157:14079 MULTI_sva: pool returned IPv4=10.242.2.2, IPv6=(Not enabled)
id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="james" variant="ssl" srcip="157.45.184.157" virtual_ip="10.242.2.2"
james/157.45.184.157:14079 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0
james/157.45.184.157:14079 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_38ce6b728f840b66da7a80b4f80af08b.tmp
james/157.45.184.157:14079 MULTI: Learn: 10.242.2.2 -> james/157.45.184.157:14079
james/157.45.184.157:14079 MULTI: primary virtual IP for james/157.45.184.157:14079: 10.242.2.2
james/157.45.184.157:14079 PUSH: Received control message: 'PUSH_REQUEST'
james/157.45.184.157:14079 send_push_reply(): safe_cap=940
james/157.45.184.157:14079 SENT CONTROL [james]: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.1.0 255.255.255.0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,ifconfig 10.242.2.2 255.255.255.0' (status=1)
TCP connection established with [AF_INET]192.241.205.181:53668 (via [AF_INET]<firewall_WAN_IP>:443)
192.241.205.181:53668 Non-OpenVPN client protocol detected
192.241.205.181:53668 SIGTERM[soft,port-share-redirect] received, client-instance exiting



This thread was automatically locked due to age.
  • Could be but not quite sure... the routes specify the interface that should be used and since that is 255.255.255.255 it "should" be known.
    could you open a command prompt when connected and then type the following command:

    tracert -d 192.168.1.x   (where x should be a valid IP from a server you should reach).

    Give us the output of that command please.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Thanks for the reply.

    I jest changed VPN network pool to 172.16.0.0/24 and LAN network 192.168.1.0/24. Now it's working fine