BUG: Site2Site SSL routes not used if more than 1 Connection is up

say i have a Local Network of 192.168.10.0/24 and i have two Site2Site Connections to LAN 192.168.20.0/24 and 192.168.22.0/24 OVER ipv4, the Bug is i can only reach either 192.168.20.0/24 OR 192.168.22.0/24 depending on which order i brought them up.

This is a new Bug to 9.4 Beta - on 9.3 it works without any problems.

i disabled the SSL Site2Site that i am testing that runs over IPv6 with no effect. The Site2Site to the 20.0/24 and 22.0/24 run over IPv4! 

Parents Reply Children
  • TCP. My home sophos with 9.4 beta is server for 2 connections that are affected, 1 as client i use over ipv6. The two connections not over ipv6 that connect via ipv4 as clients run the latest 9.3 firmware.

    this is my Site2Site Overview:

    if i toggle either one of the IPv4 Site2Site off (the one for 192.168.20.0/24 or 192.168.22.0/24) i can access the other one and vice versa -> more specific, the one ssl vpn connection that got established first is useable. BONUS Info: traceroute shows that the connection that is not pingable on the UTM IP (for example 192.168.20.100) is trying to get routed outside over WAN so it seems home sophos utm doesnt set a route for the network. It is not pingable directly on the sophos either.

    The IPsec i got up and the IPv6 Connection seem unaffected by either of these.

    I am willing to provide access if needed if its over the weekend via webadmin, ssh or teamviewer if any dev wants to have a look.

    I was able to access both 192.168.20.0/24 and 192.168.22.0/24 when i was on latest 9.3 release.

    ---

    Sophos UTM 9.3 Certified Engineer