Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 12018 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN - How does the client know where to connect?

Rogue

All,

 

I've been using XG for a while now with client SSL VPN and here's something that popped into my head.

 

How the heck does the client know where to find the XG? I realize it's part of the client install because I never plugged anything into the client itself. But what is the mechanism for the client to know the IP of the firewall at any given moment? Is it doing some DDNS behind the scenes we're not aware of? Obviously you can setup DDNS which I didn't do so it must be doing something on its own.

So what is it?? 

The setup is a snap and I appreciate that, but being a techy I want to know how it works! :)

 

Thanks!

 

-Rogue

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    to me it is either a choice of you have a fixed external IP address which was added to the tunnel at creation time or you have a DNS entry for your external interface the the setup process found.

    Ian

  • 0 in reply to rfcat_vk

    Right! I have neither! The site is a cable connection with a dynamic IP, and I didn't set up the build in DDNS (although I was planning on it). But my client connects NO problem. It's some serious blackbox magic, or I'm getting lucky and it's had the same address now... Something like that..

     

    -Rogue

  • 0 in reply to Rogue

    The configuration files will reveal all...

    On Windows, navigate to c:\program files (x86\Sophos\Sophos SSL VPN Client\Config

    And open your configuration file with Notepad.

    At the very bottom of the file will be one or more lines that start with the word 'remote' (without quote marks) and then have either IP or FQDNs at termination points.

    If these are IPv4 address, then you may be provided a static IP from your ISP.

    If it's FQDN, then you've configured DDNS... this is NOT done automatically.

    NOTE: You will also see the internal interface addresses of the adaptors that are part of each ZONE that has SSL-VPN enabled within device access.

  • 0 in reply to AzRoN

    Ahh yeah, so it's just the luck of the draw.. What it did is just use the IP (Dynamic) that it had at the time which could change at any moment.

    So long term good idea would be to setup DDNS then fill it in there..

    Makes sense now!

    Thanks!

    -Rogue

Reply
  • 0 in reply to AzRoN

    Ahh yeah, so it's just the luck of the draw.. What it did is just use the IP (Dynamic) that it had at the time which could change at any moment.

    So long term good idea would be to setup DDNS then fill it in there..

    Makes sense now!

    Thanks!

    -Rogue

Children
No Data