Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 28 subscribers
  • Views 1135 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN does not resolve local hosts on linux

oldgoodname

Hi guys,

I am using a Sophos XG v19 as gateway and try to connect via SSL VPN from a Linux notebook.

I configured the SSL VPN as in the sophos own video-tutorial and I found some other tutorials showing the same steps.

When I try to connect from terminal, it works fine, except the DNS resolution. The DNS resolves only public domain-entries. So I think it uses a public-dns-server.

I tried different SSL Settings, configuring no dns or the IP of the sophos itself, because the sophos firewall is the internal dns server.  I also activated the "Use as default Gateway" switch, for not having a split-tunnel.

I think everything should be correct, but I am not able to ping internal hosts by there fqdn, but IP address works fine. So I think the DNS could be wrong. I checkt the /etc/resolv.conf, but there is only one entry showing up:

# Generated by Network Manager

nameserver127.0.0.53

So I am not sure, which one really is in use, when connected by VPN. When I am connected directly to the lan, the DNS on the Sophos firewall works without problems.

I also tried to import the config file into the network manager, which works. But when I try to connect, password field always shows up, so I think it does not work generally or with MFA, or I did it wrong.

So my 2 questions are:

  1. Do you have any suggestion, what to configure, that resolving local DNS host is possible via VPN?
  2. How to correctly import the sophos openvpn config file into the network manager, and where to type in the password and where the MFA token, that i correctly works? -> I would prefer this over connecting via terminal.

I currently use KDEneon distribution.

Thanks a lot in advance and best regards



Edited TAGs
[edited by: Erick Jan at 6:25 AM (GMT -8) on 15 Nov 2022]
  • 0 in reply to Bharat J

    Hi Bharat,

    sorry for my late response. I was a littel bit busy the last days.

    I can try your suggestion, but I need some more days. I will come back to you in a few days.

    best regards

  • 0 in reply to Bharat J

    Hi Bharat,

    this is a really pain to investigate. I deleted the imported openvpn-config file in the network-manager an reimported it, but while connected to the vpn, the old dns-servers are still present, even if they are not in the vpn config. Seems they are saved somewhere else in the network-adapter tun0 config, but I don't know how to reset. The reason why I wanted that was, because I added the sophos xg and 9.9.9.9 as dns server manually to the vpn-config on the client, and I thought, it will use the sophos xg and 9.9.9.9 only when the sophos can't resolve it. This is not the case, it is more like round-robin, so the current dns-server always jumping from sophos to 9.9.9.9 and back, which causes problems.

    I tried to open a website in the browser and then check the firewall logs. I see an accepted firewall-entry to the IP on port 443, but nothing in the web-filter-log (maybe because no webfilter is applied?). So may this is a hint, why i can resolve the url to ip, but not able to open the website in the browser?

    tcpdump shows, that the URL of the website i tried, was successfully resolved by the sophos xg and the IP was sent back to the vpn client. So this seems to work, but as I described above, not when I open it with a browser. So I also did a tcpdum with port 443. But here I also see a connection form the client to the website on port 443.

    Last was to check with the command drop-packet-capture, and the result may help:

    Hope you have a final hint for me.

    Thanks and best regards

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML