This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN used to work, but now gets a cannot resolve host address error

Our VPN worked fine up until a few weeks ago, but since then nobody has been able to connect to it. I haven't changed any settings, and so I'm not sure why it would suddenly stop working. I tried to reinstall the client onto the computers, but it didn't help any. Anyone have any idea as to what could cause it? We are using a xg 115



This thread was automatically locked due to age.
  • What client are you using?

    What do the logs from the client look like?

    Did your external IP address change and do you have them pointed to an IP or DNS name that will resolve?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • The SSL VPN client, from the user portal under download client and configuration.

    The client just repeats: "RESOLVE: Cannot resolve host address : company_name.dyndns.biz: No such host is known.

    The IP address should be the same, as we haven't had any change in services. I'm not sure what you mean by the second part. I didn't setup the VPN, and recently got placed in charge of it.

  • The first place I would check would be your DNS host. If you are using a dynamic DNS name, for instance afraid.freedns.org, his site requires you login or run a script to update the host to make sure it's still 'there'.  If your DynDNS has expired, that record is dropped and won't resolve for anyone attempting to reach 'company_name.dyndns.biz'.

    If you are relying on the UTM to update it (Network Services > DNS > DynDNS), well... in my experience it doesn't work at all.  I've had mine in there for years and I still have to login to the DNS provider to update the record.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • When looking at the dynamics dns I saw

    Interface
    Service provider
    Last updated IP
    Last updated status
    Last updated time
    Failure reason
    Manage
    Port2
    DynDns
    0.0.0.0
    Failed
    2022-02-23 13:26:10
    nohost

    So it looks like that is the issue. Just have to figure out how to fix it now.

  • Yeah, you might just need to log into the provider's site and update the record is all.  At least it's an easy fix.  Slight smile

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • So I ended up creating a new DNS host, as it was setup with information I don't have the access to. I added it to the dynamic DNS tab, but when I open the VPN it still tries to connect to the old address. What do I need to do to switch it from the old one to the new one?

  • Clients should flush their DNS cache, and it takes DNS hosting usually 24 hours to refresh their cache.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)