Bug Report - SSL VPN global setting "IPv4 lease range" start IP is now the network IP

To compare v18 and v19:

In v18 is clear to enter the start IP of the range.

In v19 is not realy clear to enter the IP of the network/subnet (like in every other form) or to enter the start IP.
Here the config parameter from exports...

v18

-<SSLTunnelAccessSettings transactionid="">
<Protocol>UDP</Protocol>
<SSLServerCertificate>xxxx SSL VPN Cert</SSLServerCertificate>
<OverrideHostName>vpn.xxxxxx.de</OverrideHostName>
<Port>1194</Port>
-<IPLeaseRange>
<StartIP>10.73.10.1</StartIP>
<EndIP>10.73.10.254</EndIP>
</IPLeaseRange>
<SubnetMask>255.255.255.0</SubnetMask>

v19

-<SSLTunnelAccessSettings transactionid="">
<Protocol>UDP</Protocol>
<SSLServerCertificate>Firewall Certificate</SSLServerCertificate>
<OverrideHostName>vpn.xxxxxxx.eu</OverrideHostName>
<Port>1194</Port>
-<IPLeaseRange>
<StartIP>192.168.117.0</StartIP>
</IPLeaseRange>
<SubnetMask>255.255.255.0</SubnetMask>

Since the value name is the same, now think i have to enter the first IP of the network.

But tunnel doesnt come up and without shell access i can't see anything. Log on GUI is empty.

Yes, makes perfect sense. That's what's currently happening with me, and the tunnel is up: I specify the first IP address, 192.168.60.1 -- which will be the server's -- and my laptop is getting the next IP 192.168.60.2. Tunnel comes up, and has been working reliably for weeks.

Looking at my firewall rule for VPN, I did what the tutorial shows and use the VPN Zone as source and also have a group "Remote SSL VPN" for Network, which feels redundant, but it is what it is. That IP range is 192.168.60.1 - 192.168.60.25, so the "start at .1" thing has been around since v18, when I originally configured SSL VPN.

I am still using the old exported VPN configuration on my laptop, since nothing should have changed otherwise. I switched to GCM on the XGS, which is new in v19, but the laptop picks that up without needing any configuration changes. (Which makes sense, since I'm using OpenVPN on my (Mac) laptop, and I believe Sophos is using OpenVPN in the appliance, so I'd expect negotiations to work well.)

So I'm not sure that this is a "bug". If it is a bug, I'm wondering if it's an issue with the exported VPN configuration not including the end of the IP range.

Yes, makes perfect sense. That's what's currently happening with me, and the tunnel is up: I specify the first IP address, 192.168.60.1 -- which will be the server's -- and my laptop is getting the next IP 192.168.60.2. Tunnel comes up, and has been working reliably for weeks.

Looking at my firewall rule for VPN, I did what the tutorial shows and use the VPN Zone as source and also have a group "Remote SSL VPN" for Network, which feels redundant, but it is what it is. That IP range is 192.168.60.1 - 192.168.60.25, so the "start at .1" thing has been around since v18, when I originally configured SSL VPN.

I am still using the old exported VPN configuration on my laptop, since nothing should have changed otherwise. I switched to GCM on the XGS, which is new in v19, but the laptop picks that up without needing any configuration changes. (Which makes sense, since I'm using OpenVPN on my (Mac) laptop, and I believe Sophos is using OpenVPN in the appliance, so I'd expect negotiations to work well.)

So I'm not sure that this is a "bug". If it is a bug, I'm wondering if it's an issue with the exported VPN configuration not including the end of the IP range.