This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attention: even new Sophos SSL-VPN is unreliable and potential insecure.

Almost all of our users did report problems using SSL-VPN. Heartbeat was not working properly and many other connection issues did occur frequently.

First issue I did figure out relays to the internet provider MTU. If they are using a lower MTU (e.g. less then 1472) you are facing this behavior. Smaler MTU's are quite common for cable, mobile or even hotel internet connections.

As this is a common behavior, OpenVPN (sophos ssl vpn is based on OpenVPN) provides specific option handle such issues e.g. by setting specific MTU/MSS on server or user base.

OpenVPN also provides an option to prevent dns leaks (more details on this).

Sophos implementation of OpenVPN did not respect many of this very important options. Support cases asking for implementation of already existing underlying functionality where rejected with advice to feature request.

As it seems functionality and security is not by design but a "feature" using Sophos software you may consider using different solutions as we are doing now.



This thread was automatically locked due to age.
Parents Reply
  • The problem is not the client, but the OpenVPN server in the firewall, which is running version 2.3.6 from 2015, and doesn't support most of the the options.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Children
No Data