Almost all of our users did report problems using SSL-VPN. Heartbeat was not working properly and many other connection issues did occur frequently.
First issue I did figure out relays to the internet provider MTU. If they are using a lower MTU (e.g. less then 1472) you are facing this behavior. Smaler MTU's are quite common for cable, mobile or even hotel internet connections.
As this is a common behavior, OpenVPN (sophos ssl vpn is based on OpenVPN) provides specific option handle such issues e.g. by setting specific MTU/MSS on server or user base.
OpenVPN also provides an option to prevent dns leaks (more details on this).Sophos implementation of OpenVPN did not respect many of this very important options. Support cases asking for implementation of already existing underlying functionality where rejected with advice to feature request.
As it seems functionality and security is not by design but a "feature" using Sophos software you may consider using different solutions as we are doing now.
First of all, Sophos Connect should put the MTU size to 1400. So it should like work in most of the scenarios.
Isnt this second problem already addressed by Windows itself? Read something about this a…
Isnt this second problem already addressed by Windows itself? Read something about this a while ago. Could be wrong.
DNS Leak is still happening with Sophos Connect 2.0, because on the config file sent by XG - the config option "block-outside-dns" isn't used.
At least can we please have a updated version of OpenVPN ? Seriously It's running a really old version right now, and AES-GCM + TLS 1.3 would be wonderful, since now It's using TLS v1.0.
I had opened a feature request regarding GCM and Open VPN 2.4+ support
You are all welcome to upvote!
As far as i know, this is on the roadmap to implement for the future.