Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 3674 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - VPN SSL with the same IP range between Office and Home users

Samuel Venker

Hi guys,

we are verry happy with our Sophos XG and the VPN except when a home user has the same IP range than the office.

At work, we are on range 192.168.1.xxx using the Sophos as our DHCP and DNS router (his IP is 192.168.1.1).

At home, same range of IP and Internet Router is also 192.168.1.1.

When I use my "mobile" internet connect which is NOT 192.168.1.x, all is working perfectly and I can access work sharedrives etc...

When I use my home connection, I can connect to the VPN, when I do "tracert" and check my SMB server, it stays in my home network and doesn't try to go on my work network.

The problem was already with the DNS server, nslookup wasn't working. I created a host IP within the IP range of the VPN and created with a redirect on the 192.168.1.1. Then I added the DNS with this specific IP address in the DNS primary of the VPN and no I can nslookup in my work network.

However, when I try to communicate with IP such as 192.168.1.5 (our SMB server), tracert shows that it says in my local lan... In the VPN config, I did click on "Use as Default Gateway" but it makes no diff at all...

Any idea on how to fix this ?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    this is a "Device Issue". 

    Which Device do you use to build up VPN?

    https://www.ghacks.net/2016/12/02/change-network-adapter-priorities-in-windows-10/

    You could change the Metric on the adapter and try it again. 

     

     

    But this is a normal "OpenVPN issue". Check out the OpenVPN Community, there should be a lot of those requests and fixes. 

  • 0 in reply to LuCar Toni

    Hi Toni,

    Thanks for your support ! We are on Windows 10.

    I changed the metric to manual and put the vpn network adaptor to 5 and wifi to 10.

    Then I tried once more and no change :-(

    What is interesting is that when I type "nslookup" in the cmd line. It shows "firtz.box 192.168.1.1" which is my own router and not the sophos one.

    When I tweak the VPN dns as explained before and use a specific dns such as 10.81.234.1, the nslookup connects correctly to the VPN. This shows that the metric is correct.

    So when I tracert to my smb server, it shows directly the final IP without shows the route via the VPN.

    When I tracert www.google.com, it goes via the full route (10.81.234.5) which is my VPN.

    See screenshot below. For OpenVPN, I know their is a link with Sophos and OpenVPN but I cannot set any server or client config in Sophos as you can in openVPN.

    Any other suggestion would be appreciated

  • 0 in reply to Samuel Venker

    Here is also my Windows 10 Ip Tables:

    BEFORE the VPN:

    C:\Users\samue>route print -4
    ===========================================================================
    Liste d'Interfaces
     25...00 ff d5 ad d3 13 ......Sophos SSL VPN Adapter
     19...00 28 f8 35 20 8d ......Microsoft Wi-Fi Direct Virtual Adapter #3
     15...02 28 f8 35 20 8c ......Microsoft Wi-Fi Direct Virtual Adapter #4
     13...00 ff 59 4f 0c df ......TunnelBear Adapter V9
      6...00 28 f8 35 20 90 ......Bluetooth Device (Personal Area Network)
      1...........................Software Loopback Interface 1
     12...00 28 f8 35 20 8c ......Intel(R) Dual Band Wireless-AC 8265
    ===========================================================================

    IPv4 Table de routage
    ===========================================================================
    Itinéraires actifs :
    Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique
              0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.65    500
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
          192.168.1.0    255.255.255.0         On-link      192.168.1.65    756
         192.168.1.65  255.255.255.255         On-link      192.168.1.65    756
        192.168.1.255  255.255.255.255         On-link      192.168.1.65    756
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
            224.0.0.0        240.0.0.0         On-link      192.168.1.65    756
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      255.255.255.255  255.255.255.255         On-link      192.168.1.65    756
    ===========================================================================
    Itinéraires persistants :
      Aucun


    AND AFTER THE VPN CONNECTION:

    C:\Users\samue>route print -4
    ===========================================================================
    Liste d'Interfaces
     25...00 ff d5 ad d3 13 ......Sophos SSL VPN Adapter
     19...00 28 f8 35 20 8d ......Microsoft Wi-Fi Direct Virtual Adapter #3
     15...02 28 f8 35 20 8c ......Microsoft Wi-Fi Direct Virtual Adapter #4
     13...00 ff 59 4f 0c df ......TunnelBear Adapter V9
      6...00 28 f8 35 20 90 ......Bluetooth Device (Personal Area Network)
      1...........................Software Loopback Interface 1
     12...00 28 f8 35 20 8c ......Intel(R) Dual Band Wireless-AC 8265
    ===========================================================================

    IPv4 Table de routage
    ===========================================================================
    Itinéraires actifs :
    Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique
              0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.65    500
              0.0.0.0        128.0.0.0      10.81.234.5      10.81.234.6    266
          10.81.234.0    255.255.255.0         On-link       10.81.234.6    266
          10.81.234.6  255.255.255.255         On-link       10.81.234.6    266
        10.81.234.255  255.255.255.255         On-link       10.81.234.6    266
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
            128.0.0.0        128.0.0.0      10.81.234.5      10.81.234.6    266
          192.168.1.0    255.255.255.0         On-link      192.168.1.65    756
         192.168.1.65  255.255.255.255         On-link      192.168.1.65    756
        192.168.1.255  255.255.255.255         On-link      192.168.1.65    756
        194.230.78.39  255.255.255.255      192.168.1.1     192.168.1.65    756
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
            224.0.0.0        240.0.0.0         On-link      192.168.1.65    756
            224.0.0.0        240.0.0.0         On-link       10.81.234.6    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      255.255.255.255  255.255.255.255         On-link      192.168.1.65    756
      255.255.255.255  255.255.255.255         On-link       10.81.234.6    266
    ===========================================================================
    Itinéraires persistants :
      Aucun

Reply
  • 0 in reply to Samuel Venker

    Here is also my Windows 10 Ip Tables:

    BEFORE the VPN:

    C:\Users\samue>route print -4
    ===========================================================================
    Liste d'Interfaces
     25...00 ff d5 ad d3 13 ......Sophos SSL VPN Adapter
     19...00 28 f8 35 20 8d ......Microsoft Wi-Fi Direct Virtual Adapter #3
     15...02 28 f8 35 20 8c ......Microsoft Wi-Fi Direct Virtual Adapter #4
     13...00 ff 59 4f 0c df ......TunnelBear Adapter V9
      6...00 28 f8 35 20 90 ......Bluetooth Device (Personal Area Network)
      1...........................Software Loopback Interface 1
     12...00 28 f8 35 20 8c ......Intel(R) Dual Band Wireless-AC 8265
    ===========================================================================

    IPv4 Table de routage
    ===========================================================================
    Itinéraires actifs :
    Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique
              0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.65    500
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
          192.168.1.0    255.255.255.0         On-link      192.168.1.65    756
         192.168.1.65  255.255.255.255         On-link      192.168.1.65    756
        192.168.1.255  255.255.255.255         On-link      192.168.1.65    756
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
            224.0.0.0        240.0.0.0         On-link      192.168.1.65    756
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      255.255.255.255  255.255.255.255         On-link      192.168.1.65    756
    ===========================================================================
    Itinéraires persistants :
      Aucun


    AND AFTER THE VPN CONNECTION:

    C:\Users\samue>route print -4
    ===========================================================================
    Liste d'Interfaces
     25...00 ff d5 ad d3 13 ......Sophos SSL VPN Adapter
     19...00 28 f8 35 20 8d ......Microsoft Wi-Fi Direct Virtual Adapter #3
     15...02 28 f8 35 20 8c ......Microsoft Wi-Fi Direct Virtual Adapter #4
     13...00 ff 59 4f 0c df ......TunnelBear Adapter V9
      6...00 28 f8 35 20 90 ......Bluetooth Device (Personal Area Network)
      1...........................Software Loopback Interface 1
     12...00 28 f8 35 20 8c ......Intel(R) Dual Band Wireless-AC 8265
    ===========================================================================

    IPv4 Table de routage
    ===========================================================================
    Itinéraires actifs :
    Destination réseau    Masque réseau  Adr. passerelle   Adr. interface Métrique
              0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.65    500
              0.0.0.0        128.0.0.0      10.81.234.5      10.81.234.6    266
          10.81.234.0    255.255.255.0         On-link       10.81.234.6    266
          10.81.234.6  255.255.255.255         On-link       10.81.234.6    266
        10.81.234.255  255.255.255.255         On-link       10.81.234.6    266
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
            128.0.0.0        128.0.0.0      10.81.234.5      10.81.234.6    266
          192.168.1.0    255.255.255.0         On-link      192.168.1.65    756
         192.168.1.65  255.255.255.255         On-link      192.168.1.65    756
        192.168.1.255  255.255.255.255         On-link      192.168.1.65    756
        194.230.78.39  255.255.255.255      192.168.1.1     192.168.1.65    756
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
            224.0.0.0        240.0.0.0         On-link      192.168.1.65    756
            224.0.0.0        240.0.0.0         On-link       10.81.234.6    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      255.255.255.255  255.255.255.255         On-link      192.168.1.65    756
      255.255.255.255  255.255.255.255         On-link       10.81.234.6    266
    ===========================================================================
    Itinéraires persistants :
      Aucun

Children
No Data