Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 0 replies
  • Subscribers 27 subscribers
  • Views 197 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect Using EE LTE Mobile Connection

Shaun Sutton

We have used Sophos Connect without issue for months with our XGS SSL VPN using wireless only.

For the first time this week we have issued a couple of users cellular Surface Tablets with an EE LTE sim. Having installed the Sophos Connect client, and having working internet, we expected the SSL VPN connection to work as normal, however the connection times out every time. I should note also, that connection via wifi to an EE mifi device (using the same sims involved) worked fine with no issues connecting via ipv4, this issue only occurs when LTE connection is used from the Windows 10 Surface tablets.

So looking at the mobile connection properties of the LTE connection, it would appear that EE has moved to using ipv6 and this seems confirmed by what I have read on the forums. Our XGS firewall has an external ipv4 address which we have used to date, and has no ipv6 configuration. Not knowing much about ipv6, I assume this is why the connection times out since it cannot connect to this ipv4 address which has always been used in the Sophos Connect configuration file.

Now what I do not understand is that if I ping the FQDN of the firewall (which only has an "A" record published with our dns provider), an ipv6 response is received. If I then use this fqdn in the sophos connect config file, the vpn connection works fine. This makes no sense to me how this can possibly work since the firewall has no ipv6 interface.

I have queried our dns provider and trying to get more info from EE about this but struggling to get any info to date, so maybe someone has some experience using such connections?

I also tried playing about with the APN setting of the LTE connection on the tablet. As mentioned the default APN would not ping the public ipv4 address of the XG. I created a new APN and changed the "IP type" to "IPV4V6XLAT". After applying this APN profile, I could ping the ipv4 address of the firewall. All good I thought, and set the sophos connect config file to use the ipv4 address again for connection. However every time "Connect" is clicked in the Sophos Connect client, the LTE mobile connection drops and does not return until the Connect client has timed out. Tried all the "IP Type" options, this being the only one that generates a successful ping response from the firewall via ip4.

Will update if I get any info from other areas, hoping I can find answers to this particular scenario.....



This thread was automatically locked due to age.
Unfiltered HTML