Hello Sophos Community,
I have another question regarding route based VPN tunnels (VPN with tunnel interfaces).
When I enable such a vpn connection, I experience an interruption of our internet connection (we use sophos as webproxy and did not yet migrate to DPI engine with transparent proxy), that lasts until I disable the vpn connection again. I didn't have much time to troubleshoot because it was not a scheduled downtime but it seemed to me as if either the default route was not working anymore (can enabling the tunnel interface for some reason inject a 0.0.0.0/0 route?) or if the wan link itself had an issue after I enabled the tunnel.
Sophos docs contain a line in the description of the feature that makes me wonder if it is in general not possible to use policy based and route based vpn simultanously. This would be really bad for us, because that would mean, that we would need to migrate ALL of our remote offices at the same time to switch vrom policy based vpn to route based vpn. Is this really the case or what is meant by the last line below?
And if that is the case, is it possible, that this will be improved so a step-by-step migration is possible?
Anyone have experience with a "mixed" setup or a hint what I might have overlooked?
The tunnel interface has correct IP setup in a dedicated private network with /30 subnetmask and a route for the remote-office network is pointing at the tunnel interface.
The firewall shows, that the vpn connection is established correctly after activation so I do not assume, there is a basic misconfiguration. If noone here has an easy/obvious answer then I will have to do further troubleshooting. Only thing that irritates me is that line in Sophos docs:
"Route-based VPN tunnels don’t work together with policy-based VPN tunnels in most cases, so you shouldn’t mix them."
Thank you in advance!
Kind regards,
David
This thread was automatically locked due to age.
