This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS settings on Sophos SG135 UTM SSL VPN Remote access

Hi!

I'm in the process of implementing SSL VPN for remote users. It's working farly well. I'm using openvpn as client.

I have only a problem with dns settings.

Despite having ipv6 disabled on the global settings, and have set under remote access -> advanced settings the ipv4 dns entries (that works for other types of vpn - like pptp and l2tp/ipsec), on the SSL connection the client get correctly an ip v4 ip address (based on the defined pool), but get DNS ipv6 addresses (as per attached image).

How i can have the system to send ipv4 dns addresses?

Thanks!



This thread was automatically locked due to age.
Parents
  • IPv6 is enabled by default on Windows clients.  Are you sure they aren't using the client IPv6 address?  Your screenshot appears to show from a client machine.  Uncheck the IPv6 box in the Network Settings for the client, otherwise, your v4 address should be working fine.  You just have to add your VPN Pool to the 'Allowed Networks' for DNS on UTM.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Hi!

    All my internal network is based on ip v4 addressing. For sure the ipv6 is enabled (as you stated, by default) on clients, but i not have any network service based on ipv6 (dhcp, dns, etc). The address that give the sophos must be in ipv4. I not understand why the ipv4 sent via dhcp is correctly in ipv4 format, but the dns servers are in ipv6 format.

    Yes, the screenshot is from a client machine, connected via SSL VPN to the sophos. The adapter in the screenshot is the one of the SSL connection. ip address ipv4 based, dns addresses are instead on ipv6.

    The vpn pool is the same as per other cpn connections (pptp, l2tp), and on the other vpn connections the dns addresses are given correctly.

Reply
  • Hi!

    All my internal network is based on ip v4 addressing. For sure the ipv6 is enabled (as you stated, by default) on clients, but i not have any network service based on ipv6 (dhcp, dns, etc). The address that give the sophos must be in ipv4. I not understand why the ipv4 sent via dhcp is correctly in ipv4 format, but the dns servers are in ipv6 format.

    Yes, the screenshot is from a client machine, connected via SSL VPN to the sophos. The adapter in the screenshot is the one of the SSL connection. ip address ipv4 based, dns addresses are instead on ipv6.

    The vpn pool is the same as per other cpn connections (pptp, l2tp), and on the other vpn connections the dns addresses are given correctly.

Children
No Data