Thread Info
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 2204 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - VPN SSL finally FIXED same IP between Work and Home - Issue on Routing table in Windows -> SOPHOS TO FIX

Samuel Venker

Hi All,

Here is my tutorial in case you have issues with your VPN.

First, follow the standard tutorial done by Sophos SSL VPN -> https://community.sophos.com/kb/en-us/122769

When done, in the VPN section, under "Allowed Networks", we have added ALL the different host missing like our SMB server or Web Server.

Then when you connect to the VPN on your client, please read the log of your VPN client and especially the route.exe one.

If you don't find a route.exe add "YOUR WORK IP" mask "YOUR WORK SUBNET" "YOUR VPN SERVER"

In my case, I don't know why, but it was missing. This means that even if my PC get the correct IP of my file server, (ie: 192.168.1.5), my computer will want to check it first on my local PC versus the VPN network

To fix, open and CMD in Administrator, type route -p add "YOUR WORK IP" mask "YOUR WORK SUBNET" "YOUR VPN SERVER IP" IF XX (XX = the ID of your VPN network adapter)

To find the ID of your adapter, just do in cmd "route print". At the top of the list, you get the VPN adaptor and it is the 1st number -> in my case 25

For the IP of your VPN SERVER IP, it should be 10.81.234.5 if you did follow the official guidance from Sophos to install the VPN.

in my case: I have added "route -p ADD 192.168.1.0 MASK 255.255.255.0 10.81.234.5 IF 25" and no more problem with my VPN.

Feel free to contact me if needed.

 

FOR SOPHOS TEAM, in the VPN Setting window, could you not add an optional segment called specfic route to be added. Therefore, we enter what we need as DESTINATION SUBNET GATEWAY and automatically it gets added to our routing table when we launch the VPN on client . Now I need to go on all PCs of my colleagues to avoid the problem if they have the same IP range than at work. Not optimised...

The question is: why is it not done automatically and why do you add the below lines in my routing table when I connect:

XXX.xxx.XXX.xxx are private and removed.

Mon Nov 19 21:55:55 2018 C:\WINDOWS\system32\route.exe ADD XXX.xxx.XXX.xxx MASK 255.255.255.255 192.168.1.1
Mon Nov 19 21:55:55 2018 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.81.234.5
Mon Nov 19 21:55:55 2018 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.81.234.5
Mon Nov 19 21:55:55 2018 C:\WINDOWS\system32\route.exe ADD XXX.xxx.XXX.xxx MASK 255.255.255.255 192.168.1.1
Mon Nov 19 21:55:55 2018 C:\WINDOWS\system32\route.exe ADD XXX.xxx.XXX.xxx MASK 255.255.255.255 192.168.1.1

Mon Nov 19 21:55:55 2018 MANAGEMENT: >STATE:1542660955,CONNECTED,SUCCESS,10.81.234.6,XXX.xxx.XXX.xxx9123,,

IDEAL WOULD BE: route  ADD "WORK IP" MASK "WORK SUBNET" "VPN SERVER GATEWAY"

Honestly, I lost days in something which I beleive should be part of the Sophos VPN system...



This thread was automatically locked due to age.