Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 2329 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connect Client Routing issue w10?

john_kenny

Ive recently started having a problem on my Windows 10 Sophos Connect client VPN connection to Sophos XG v18 GA-Build354 which had been running fine until recently so I'm unable to pin it down to the 354 update?  Basically its a routing problem as im not tunnelling on this config only routing traffic to the remote LAN subnet, but for some reason im now seeing the traffic on my own XG logs as Spoofed traffic as its not being routed over the VPN connection.  But my local routing table does show the routes been added but for some unknown reason the route for the relevant remote subnet is using an apipa address as the gateway address which doesnt seem right so i checked on a w10 vm with Connect client config to another XG instance but on an older v18 build and that routing table does also use the an apipa address as the local gateway for the remote subnet.  This does tally with the TAP adapters unconnected ip address which is always an apipa address until a connection is made but on the working connection instance the TAP adapters not dropping the apipa ip address like the Tap adapter seems to be doing on my not working VPN connection, on the working connection the initial apipa IP address is still on the NIC as an additional IP address where as on the non working connection im only seeing the configured remote VPN subnet thats setup on the remote XG for the Connect clients VPN?  The problem with the connection still doesnt seem to be routing traffic on the related VPN connection if i manually try to set the TAP NICs IP address statically to include the initial apipa IP aswell as the Remote VPN subnet IP in an attempt to fix the routing table manually but it still isnt sending traffic over the VPN for some reason??

So im posting here now in the hopes somebody might have some knowledge to enlighten me on how the Connect client should be working in regards to its Routing?

Thanks in advance and i look forward to reading replies!

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello JK,

     

    For the spoofed traffic, please check the Virtual IP range you have assigned to the Sophos Connect Client policy on XG. Check to make sure that the Virtual IP range is not the same subnet as one of your LAN subnet. If the above is not true, next if you are not able to get traffic working bi-directional then check that the Virtual IP range for the Sophos Connect Client policy and the SSL VPN Policy is not the same. You cannot use the same subnet for the different remote access VPN you may have configured on your XG.

    The tunnel all gateway pointing to apipa is how the TAP address is configured internally so that is not a problem.

    If you still have problems then you can PM the Technical Support Report from the client that is not working. You take the TSR after the tunnel is established. Please let us know how it goes.

     

    Ramesh

  • 0 in reply to rmk_2018

    Thanks for the reply, regarding the spoofing its on my XG logs not the remote XG where im connecting to via VPN.  Which is why i started looking into my PC's routing, yeah ive been reading up on Strong Swan VPN clients and your right the TAP adapter utilises Virtual Tap adapter which gets an IP from the range set on the remote XG Sophos connect config, so now im just trying to work out why im still not seeing traffic destined for the remote LAN not using the VPN connection and ends up reaching my own local XG?  I dont have an IP conflict on my LAN either as i made sure i setup Sophos Connect range to be something that wouldnt be used on any users LAN's and its been running fine for ages and still is for everyone except me now?  Its just so strange as i can use other VPN clients no problem just not Sophos Connect and ive also recently clean installed my Win 10 when I ran out of ideas and it didn't fix the underlying problem?  Anyway ill post back if i make any progress.

    Thanks

  • 0 in reply to john_kenny

    Hello JK,

     

    It would help significantly if you provide the information in a drawing showing the networks. It will be easy to debug then.

     

    Regards,
    Ramesh

  • 0 in reply to rmk_2018

    I thought id post back that uninstalling and reinstalling the Sophos Connect client fixed my issue after all!  But i have also noticed for some reason Windows 10 Network Detection still seems to mark that I have no internet connection which has a knock on effect as the Connect client wont work if that happens and same for UWP apps, I found that Disabling the TAP NIC and my main NIC and then enabling my main NIC again so my Windows 10 instance picks up the network connections there again and then im able to reenable the TAP NIC and use the VPN as usual!

    Weird behaviour but at least i can use it again that's the main thing for myself anyhow!  Thanks for all the replies!

Reply
  • 0 in reply to rmk_2018

    I thought id post back that uninstalling and reinstalling the Sophos Connect client fixed my issue after all!  But i have also noticed for some reason Windows 10 Network Detection still seems to mark that I have no internet connection which has a knock on effect as the Connect client wont work if that happens and same for UWP apps, I found that Disabling the TAP NIC and my main NIC and then enabling my main NIC again so my Windows 10 instance picks up the network connections there again and then im able to reenable the TAP NIC and use the VPN as usual!

    Weird behaviour but at least i can use it again that's the main thing for myself anyhow!  Thanks for all the replies!

Children
No Data