Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 9512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connect to public VPN

AndrewK

I have home version of XG Firewall on my computer running. I'm planning to use a public VPN service to protect my privacy. I have already created a VPN server on Amazon Web Services. It works fine when I create a tunnel from a PC. I was trying to connect my XG Firewall to that VPN. So far I've had luck creating site-to-site connection to the VPN server. But can't figure out how to sent all traffic through VPN zone. Since I'm not professional in networking, I have a few questions because I don't know if I'm even doing it right:

1. What type of connection I have to use? Site-to-site or something else?

2. What general approach I have to take to send traffic through VPN? Just create LAN-to-VPN and VPN-to-LAN rules? Anything else?

Thanks.    



This thread was automatically locked due to age.
  • 0

    Andrew,


    welcome to Sophos Community. It seems that you did all the necessary settings to establish the VPN. A LAN-to-VPN and VPN-to-LAN policies are required.

    Share some screenshot.

    Thanks

  • 0

    This is what I have. Please help to troubleshoot.

    Configuration:

    Home

    LAN 192.168.1.0

    External XXX.XXX.224.19

    Public VPN server

    External XXX.XXX.160.90

    VPN's LAN 10.0.0.0 (I assume that VPN's lan is 10.0.0.0 because when I connect with a PC, I receive 10.0.0.100 address).

    Here is an object of my home LAN

    This an object of VPN's LAN (destination LAN) 

    I have created connection to the VPN server

    Here are setting of my connection

    Then, I have created LAN_to_VPN and VPN_to_LAN rules

    LAN_to_VPN looks like this

    VPN_to_LAN looks exact the same, just zone switched.

    With those settings I still don't have any luck to route my traffic through VPN zone. I fill like I'm missing something. How can I tell the firewall to send traffic to VPN instead of WAN?

  • 0 in reply to AndrewK

    Hi,

    Make sure the remote LAN subnet is 24(255.255.255.0) as this needs to be explicit.

    Firewall rules- Turn OFF Rewrite source addressing in LAN_VPN rule. It should me turned ON in VPN_LAN rule. 

    Refer this to route the internet traffic through remote IPSec gateway: https://community.sophos.com/kb/en-us/123261 .

    Thanks

  • 0 in reply to sachingurung

    Thank you for your advices. I did all changes as suggested. Here is what I have right now:

    - IPsec connection is active and connected for whole time

    - LAN_to_VPN rule is showing some traffic coming out

    - VPN_to_LAN rule shows no activity (so packages are never returned)

    Then I went to Log Viewer and found interesting records:

    EST-P1: System did not accept any proposal received. Need to reconfigure the connection on either of the ends.

    "PublicVPN-1" EST-P1-MM: Responding to establishment request from peer.

    Any ideas why that Public VPN do not accept anything?

  • 0 in reply to AndrewK

    Hi,

    EST-P1: System did not accept any proposal received. Need to reconfigure the connection on either of the ends. - Generally, this log reflects that there is a IPSec policy mismatch so you must verify that the defined policy matches on both ends.

    Thanks