Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 893 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos: OpenVPN

browl ciba

Hey! Anyone have experience using Sophos xgs with OpenVPN. Some of my employees use openvpn to connect to their IoT devices. They like to test this in house before using them off network.. but since we changed to a new xgs firewall it stopped working. There is a OpenVPN server hosted on AWS which they connect to for the VPN tunnel, the traffic would then come back through our sophos firewall.. I am assuming. Seems like router login that might be where its failing. The logs show a ton of invalid traffic errors related to the VPn subnet they are using

Basically want to make sure I don't poke holes in my network that make security risks but ideally would like this to work for them. So any ideas are appreciated. Not sure what rules etc to setup. 192.168.0.1



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Moving this thread to Sophos (XG) Firewall forum.

    Could you please let me know how VPN user traffic needs to be routed to the AWS server?

    Does it need to be routed through Sophos Firewall after connecting the VPN tunnel?

    It would be great if you can share a rough diagram explaining how user will connect to AWS server.

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Moving this thread to Sophos (XG) Firewall forum.

    Could you please let me know how VPN user traffic needs to be routed to the AWS server?

    Does it need to be routed through Sophos Firewall after connecting the VPN tunnel?

    It would be great if you can share a rough diagram explaining how user will connect to AWS server.

Children
  • 0 in reply to FormerMember

    And describe which "logs" are indicating errors: the XGS (which ones), the IoT device, the OpenVPN server?

    It sounds like you intend for your IoT devices to connect from employee homes, on the road, wherever to the AWS OpenVPN server, and you're testing the IoT devices and their VPN connection from inside your corporate LAN which uses an XGS firewall.

    I'd note that most VPN traffic will be stopped by the XGS' Application Control settings. (Because people will otherwise use VPNs to work around firewall controls.) You might need to turn off Application Controls on a special, internal testing subnet, or for specific internal devices.