Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 10 replies
  • Subscribers 7 subscribers
  • Views 2998 views
  • Users 0 members are here
Options
Suggested

Bug Report - SSL VPN global setting "IPv4 lease range" start IP is now the network IP

cougarman

I updated via export/import all settings and now i saw, that the "Assign IPv4 addresses" is the value of "IPv4 lease range" start IP. So now i had 192.168.111.10/24 as network, what is wrong and hard to find, because configuration was running before ;-)

I dont know if it is relevant in an upgrade path other than export/import complete configuration.

Despite that I found the error, I can no longer connect to the Sophos from the iphone with openVPN and the GUI logfiles show nothing.

Parents
  • 0

    I also had Remote access SSL VPN setup using OpenVPN since v17. It worked on v18 as well but after upgrading to v19 EAP, I can still connect using OpenVPN but I can’t access anything on my network. I haven’t changed any settings with SSL VPN but I double checked everything just to make sure it’s still the same and everything looks correct. In the logs, I can see I’m connecting/authenticating successfully when I connect using OpenVPN, but that’s it.

    Update: Figured out what my issue was. In v17 (or maybe v18), the IP range that was assigned to remote clients use to be 10.81.234.5 to 10.81.234.55, so I had an IP range setup for that which was used in my firewall rule. I noticed that when I was connected with OpenVPN, I was being assigned an IP address outside that range. I updated the firewall to just use a IP host for the entire subnet 10.81.234.0/24, and now everything works fine.

    Not sure when that changed with Sophos XG. I must have just missed it in the change logs.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

  • 0 in reply to shred

    I can't remember if both IPSEC and SSL Remote VPN allowed for an IP range to be specified in v18/18.5. In v19, for IPSEC you can still set a range, but for SSL you can only set the first IP address. This address becomes the server's, and SSL VPN clients get addresses starting at one more than that.

Reply Children
  • 0 in reply to Wayne Folta

    It looks like you can set the IP addresses SSL VPN will use in the CIDR notation (e.g. 10.81.234.5/24). I only have one instance of Sophos XG running for my home network so I can’t compare it to v18 but I’m fairly certain it use to specify a range from 10.81.234.5 to 10.81.234.55 as the default.

    So for anyone coming from pre v19 with SSL VPN set using the default range it use to specify, you may have to update your IP host used in the firewall rule for SSL VPN.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

Unfiltered HTML