Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac Sophos Connect can't import SSL VPN Config File

Sophos Connect

I have installed Sophos Connect on 1.4.634.1015 and I'm not able to import a .ovpn file:

The connection could not be paresd - unknown format.

Tunnel Blick

So I was abler to import it to TunneBlick but it is giving me following warning:

This VPN works now, but may not work in a future version of Tunnelblick.

The OpenVPN configuration file for 'SSL VPN' should be updated so it can be used with modern versions of OpenVPN. It contains these OpenVPN options:

• 'comp-lzo' was deprecated in OpenVPN 2.4 and has been or may be removed in a later version


Tunnelblick will use OpenVPN 2.4.11 - OpenSSL v1.1.1k to connect this configuration.

However, you will not be able to connect to this VPN with future versions of Tunnelblick that do not include a version of OpenVPN that accepts the options.

So I'm able to connect at the moment but I'm worried that it wont't work in the future anymore. Where could be the problems or what is the solution?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    The option "comp-lzo" was introduced in OpenVPN 2.4, and it comes with the warning that the "comp-lzo" option is going to disappear in favor of the new "compress lzo" in version 2.5. So, when the configuration is downloaded from the Sophos XG and used with the stock OpenVPN (or Tunnelblick, for that matter), the message is presented.

    You can ignore the warning; it won't affect the remote user's connectivity.

    "The Sophos Connect client 2.0 and later versions are available for SSL VPN connections on Windows 8.1 and Windows 10 devices. macOS, Windows 7 SP2, and Windows 8 users can continue to use the legacy SSL VPN client." 

    Reference: Sophos Connect client

    If possible, I'd suggest using the IPsec(Remote Access) with Connect Client on macOS. 

    Thanks,

  • >You can ignore the warning; it won't affect the remote user's connectivity.
    Okay this I can understand and it doesn't bother me at the moment. But worries me that it won't support the config anymore in the future. What is the solution to that? And I would prefer not to use another method for a couple of mac users.

Reply
  • >You can ignore the warning; it won't affect the remote user's connectivity.
    Okay this I can understand and it doesn't bother me at the moment. But worries me that it won't support the config anymore in the future. What is the solution to that? And I would prefer not to use another method for a couple of mac users.

Children