Thread Info
  • State Verified Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 67 replies
  • Answers 6 answers
  • Subscribers 42 subscribers
  • Views 47154 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect vs DNS

Peter-Paul Gras

So i finished all the instructions as posted on page https://community.sophos.com/kb/en-us/133109

Downloaded the client and exported the configuration. Set up the client and finally made a connection.

So far so good. Can ping hosts on the internal network by ip adress, however i can't seem to reach hosts by their name.

I did enter the ip of the DNS server but somehow hosts aren't being resolved.

 

Any thoughts or pointers on this.

 

Thnx, Peter-Paul



This thread was automatically locked due to age.
  • 0 in reply to yvesGourle

    I have a customer that is having the same issue, but with the Sophos SSL VPN client.

    Affected OS: Windows 10, 1903.

    VPN client: SSL VPN Client

    IPConfig /all shows internal DNS servers (IPv4)

    We have a host entry in the Sophos XG, DNS, DNS Host Entry

  • 0 in reply to David Bradbury

    I just encountered this same issue on a Windows 10 Home desktop with update 2004 from May 2020.  As you can see it is a year since this issue was first reported in this forum and the problem still exists.  I applied for the latest version of the Sophos Connect client version 2.0 from the EAP site and the bug with it creating the Sophos TAP Adapter #2 still happens.  Even though there is no other adapter by that name on the machine, perhaps it is hidden, but I can't find it.  Going into the registry and renaming and then restarting worked for me perfectly and I very much appreciate David Bradbury for finding a work around.  I am requesting again that Sophos work on a fix.  Worst case it seems like the installer should be able to detect that it couldn't name the TAP adapter what it wants and to use the alternate name when it tries to update the DNS servers.

    This issue happened on one out of about 15 machines and this one is the users personal computer otherwise I would offer to let Sophos remote onto it to try and figure out the problem. 

  • 0

    Hello Peter,

     

    How is the connection configured? Are you importing the tgb file or modifying the tgb file using scadmin tool? Can you please run this command from the command prompt. ifconfig /all and then paste the adapter details for the Sophos TAP adapter.

     

    Regards,
    Ramesh

  • 0 in reply to Matt Nielsen

    Hello Matt,

    I am not sure which issue are you referring to. Are you having problems with not able to ping by hostname or the issue of an additional Sophos TAP adapter with #x, where x is a number. How are you installing the Sophos Connect Client? Yes we have looking into the issue by performing both clean install and upgrade going from version to version and I do not see the problem. If can help with how it is possible to reproduce the problem we will surely look into asap.

    Ramesh

  • 0 in reply to rmk_2018

    The issue of the VPN connection not getting the DNS server entries from the server configuration,  directly related to the install not naming the TAP adapter correctly.  If the DNS servers are not set then you cannot ping host names on the VPN.  These two issues of the adapter name being wrong the DNS not being set and thus not allowing you to ping a host name are related to each other.  

    I'm installing the .MSI as normal just a a user would install it manually.  I wish I had access to the users home machine to help you replicated it, but I have given it back after solving the problem by changing the registry so that they can work.  

    I would think a very simple fix would be for the installer to just look in the registry to see what the friendly name of the adapter that was just installed is, if it is not "Sophos TAP Adapter", then it can either rename it at that time, that of course runs the risk of failure, if for some reason there is another one, in my case there wasn't, or simply change the client to update the named adapter by whatever was created.  Meaning it could find out the name that didn't match the default and store that in a registry setting and then use that as the reference for the update to the TAP adapter rather than just assuming it is named "Sophos TAP Adapter".  

    This is all well documented in this thread by David Bradbury

  • 0 in reply to rmk_2018

    We are creating a SCX file from a TGB file, this is what we have used for all the other client machines that are working.  I believe that is irrelevant though.  The problem is that the Sophos Connect client seems to have a hard coded reference to the Sophos TAP Adapter by name and that isn't the name, in this case it is "Sophos TAP Adapter #2"

    I don't have access to the computer anymore that has this issue but I can assure you that the output of ipconfig /all shows that the name of the adapter as "Sophos TAP Adapter #2", up until the time that I changed it using the instructions in this thread and restarted, at which time the ipconfig /all shows the adapter name as "Sophos TAP Adapter" and then the DNS settings work as expected when making the connection.

    As I mentioned in the other reply, I believe this is a simple fix.  The Sophos Connect client cannot assume that just because it asks the OS to create an adapter named "Sophos TAP Adapter" that the OS didn't decide to rename it for whatever stupid reason.  It needs to check and if it didn't name it properly then it should be able to reference the new adapter, whatever it's name. 

  • 0 in reply to Matt Nielsen

    It seems my reply is not showing in the correct thread.  This is the one that I'm referring to that has the exact issue I'm having documented.

     

    https://community.sophos.com/products/xg-firewall/f/sophos-connect/109857/sophos-connect-vs-dns/417367