Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 4108 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Can't connect OpenVPN anymore

sparkytech

I can't seem to connect remotely to my network anymore with OpenVPN. I don't remember making any drastic changes to the config. I am not using dynamic dns, but rather the WAN IP, which I verified has not changed and is correct. I also temporarily created a "Pass All Traffic" firewall rule at the top, just to rule out a firewall rule change causing problems. My OpenVPN will only connect when I am on the local LAN. Other than the logs, which don't seem to be helping at the moment, what settings might cause this problem? Is there anything else I can do to troubleshoot this? Thanks in advance for any assistance!



This thread was automatically locked due to age.
  • 0

    Hello there.  A firewall rule isn't required in order to connect to the SSL VPN, so you can disable that and close the hole in your network.  Could you paste in the client side log from the OpenVPN (truncating any private information) here?  Likely that would be the first place to look when encountering issues of not being able to connect via SSL.

    Tim

  • 0 in reply to TimHansen

    Thanks Tim. The client log is pretty sparse. It shows: Contacting <WAN IP> via UDP, Event: Wait, Event: Connection Timeout (Err). I can ping the firewall WAN IP from outside my network, but it seems like the OpenVPN Client isn't able to make a connection for some reason. The really odd thing is this: I can connect to VPN (WAN IP or firewall hostname) from WiFi on my iPad. When I try to connect via 4G, it times out. It seems like the OpenVPN server and client are setup ok, but my cellular provider is blocking the VPN connection. Maybe I should try changing the VPN port?

  • 0 in reply to sparkytech

    Hello sparkytech,

    You may try to change the port but I would recommend checking if the permission to create a virtual adapter is an issue here. Please try to run the Open VPN setup again with the administrator account and UAC disabled.

  • 0 in reply to sparkytech

    Either the packets from the client for SSL VPN traffic are not arriving at the UTM, in which case you would want to change the port, or they are arriving at the UTM but you have a DNAT or something configured which is also using that port, in which case you would also want to change the port.  

    So yah, change the port, likely this will fix it.  

    Tim