Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 5714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Client (ovpn) discussion

Gio Stefani

We were on MR2 for a short time and moved to MR3.  Our WAN IP is dynamic and controlled by DynDNS.  That is working fine.  I noticed that if you edit the .ovpn file that the XG creates, the last 4 lines remote x.x.x.x 8443, the first one is your WAN IP address, next is your LAN IP address, third is your GuestAP and the fourth is your FQDN. I can't be 100% certain on this yet, but since our WAN IP changes, the first entry becomes invalid when your IP address changes and the fourth one is still valid.  I had an issue where I couldn't connect externally and had to either change the first entry to match the fourth entry or remove it all together.  Like I said, I'm not 100% sure that this was the reason yet, but opening a discussion to see if anyone else has had this issue.  It's a real PITA to change the config file once you've deployed it to a user.



This thread was automatically locked due to age.

  • Hello  

     How do you want to use SSL VPN only from WAN interface? If yes, make sure you have enabled SSL VPN only for WAN zone.

     

    Then to point SSL VPN client to some different Domain Name or IP (Live Public IP),  kindly update "Override Hostname" under Configuration > VPN > Show VPN Setting > SSL.

     

    In Override Hostname enter your Domain Name and ensure it is pointing to your all  XG.

     

    Regards, Ronak.

     

     

     

     

  • in reply to Ronak Sheth

    Ronak,

    Thanks, I don't see purpose to have SSL VPN on an interface other than the WAN.  I did turn off the SSL VPN on the LAN, DMZ and WiFi.  I applied the "Override Hostname" with the external FQDN that registers with DynDNS.  I actually took it one step further and applied our GoDaddy certificate to the SSL VPN versus the self-signed "ApplianceCertificate". Now the ovpn config file only has one entry with the FQDN 8443.  We'll see how that works out.