Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 26 subscribers
  • Views 1329 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect Client - No Connection to WAN or Internal Systems

Jonnie

Hey together, 

I've some issues with the Connect Client at MacOS. I'm not able to reach internal or external system through the established vpn. 

VPN is established, rule for traffic is matched with a network object to the configured IP address range and also with two users. 

It seems like the vpn client gets no IP address. Also tried another range like 192.168.20.10 - 192.168.20.100, also without success. 

From my understanding we don't need an extra Zone or DHCP configuration for the vpn?

Also nothing at the packet capture if I try to reach internal systems by ICMP. Traffic is set to "Tunnel All".

happy for any suggestions, looks like I'm missed something... 

 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    When you say, "I'm not able to reach an internal or external system through the established VPN." Did you mean you can connect to the Connect Client? 

    What is the current firmware version on the firewall? Did you configure the new Connect Client 2.0? 

    You do not need an extra zone or DHCP server for Connect Client. Just ensure that the Connect Client network does not overlap with any other internal network on the firewall.

    Could you run a packet capture on the source public IP address on the firewall and check if you see any client traffic? 

    Thanks,

  • 0 in reply to FormerMember

    Hey, 

    Thanks for the quick reply. 

    Unknown said:
    When you say, "I'm not able to reach an internal or external system through the established VPN." Did you mean you can connect to the Connect Client? 

    I'm using a MacBook with Catalina, Sophos Connect Client 1.4 (IPSec), imported the .tgb connection and also tried an exported connection from the sophos connect admin utility .scx. The vpn is established without any issues, but no virtual address is assigned. 

    Unknown said:

    What is the current firmware version on the firewall? Did you configure the new Connect Client 2.0? 

    18 MR3, no just 1.4 because of the missing SSL VPN feature for MacOS.

    Unknown said:
    You do not need an extra zone or DHCP server for Connect Client. Just ensure that the Connect Client network does not overlap with any other internal network on the firewall.

    Already checked this. The only thing I have done, is creating an network object with 10.10.81.0/24, so I am able to create some firewall rules for the connect client (IPSec). The subnet of my regular SSL VPN is 10.10.80.0/24. 

    I've read some other forum posts regarding issues with the sophos connect client. I can see that in all screenshots a virtual address is assigned, which I actual missing at my vpn client. It seems like the traffic is not redirected into the vpn tunnel. 

    Paket Capture is looking good for the vpn, but no incoming ICMP requests.  

  • 0 in reply to Jonnie

    *push* Sorry this topic is a little bit urgent.  

  • FormerMember
    0 FormerMember in reply to Jonnie

    Hi ,

    Thank you for the update. 

    When you connect to the Connect Client and do not get an IP address from the configured network range, it could be the virtual interface issue or DHCP. Did you try to re-install the Connect Client? 

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to Jonnie

    Hi ,

    Thank you for the update. 

    When you connect to the Connect Client and do not get an IP address from the configured network range, it could be the virtual interface issue or DHCP. Did you try to re-install the Connect Client? 

    Thanks,

Children
  • 0 in reply to FormerMember

    Hey

    Thanks for your reply. I tried already a reinstallation of the client but without any success. Still no virtual address. 

    Which virtual interface or DHCP do you mean? I haven't created a dedicated virtual interface for the subnet which is configured at the Sophos Connect Configuration. Also not for SSL VPN subnet, but the ssl vpn is working flawless. 

    Best regards,

    Jonny

  • FormerMember
    +1 FormerMember in reply to Jonnie

    Hi ,

    Apologies for the delay in getting back to you.

    You do not need to configure the virtual interface, it is created automatically, and when the user connects to the Connect Client, they get an IP address from the configured network. I was not able to find any reference for your issue. I would advise you to open a support case for further investigation if you haven't opened a case already. 

    Thanks,