Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 2683 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN: Need to set client IP address

tedflo1

Hi all,

Using UTM 9 (v9.705-3) here. I recently finished setting up SSL VPN for Mac users (newer versions of macOS and iOS had issues connecting to L2TP/IPSec), and am experiencing a little issue.

When a user connects, they are not able to establish a remote desktop connection. Our workstations use the 255.255.240.0 subnet. 

When using the L2TP/IPSec connection method, I am able to specify an IP address ("RAS Address") for each user that needed it. Is there a way to do this for SSL VPN?

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ted and welcome to the UTM Community!

    No, not possible for the SSL VPN.

    I suspect that your internal devices have active firewalls that block IPs outside your local subnet - disabling the firewall on a test machine would confirm that.

    If you don't want to disable firewalls on internal devices, you could simply SNAT RDP traffic from "Internal (Address)."

    If you search here, you will find the modification needed to let L2TP/IPsec work with the newer versions of Apple OS.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi, Bob! I was hoping you'd reply. 

    It was suggested here to change IPsec authentication algorithm to SHA-256, but then non-Apple devices (there are many) wouldn't be able to connect.

    I finally got around to setting up SSL VPN, and I was able to remote into my work desktop, but then wasn't able to remote into a certain server.

    So frustrating.

  • 0 in reply to tedflo1

    Thanks, Ted.  There's another thread that gives the new L2TP/IPsec Policy that also works with existing Windows devices.  I just removed the Answer flag on my last post in that thread.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Could you please link me to the thread that gives the new L2TP/IPSec policy? I'd be very grateful.

  • 0 in reply to tedflo1

    I don't know where it is.  All I found was a KnowledgeBase article: https://support.sophos.com/support/s/article/KB-000036559?language=en_US and that implies that the Windows L2TP/IPsec clients need to be tickled to use SHA256.  Probably possible with Win10, but maybe not Win7.  Did you try Win10 L2TP/IPsec with the SHA256 Policy?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML