This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cant connect to external pptp vpn through astaro

Hi,

I'm trying to connect to a external vpn from inside astaro protected network.
I've done a basic setup with only the setup wizard firewall rules.
when trying to connect to an external pptp vpn it doesnt work. it stops at verifying user/pass. When i connect to the same vpn using other network (iphone hotspot) it works, any ideias?

thanks

This thread was automatically locked due to age.

0 tgreis over 11 years ago in reply to caguiar

The UTM is on VMWare ESXi 5.5 host and when I add an interface the only option is e1000. So all my 5 nics are e1000. Do you think the problem is with the e1000 nics? That is very strange. Telmo, you say "Make sure you have the VPN protocols allowed and GRE also", well, the rules are the same as the "old" FW, but to be clear: - first rule is "Internal Network" -> Any -> Any This should be enough correct? By the way I have logs of the client and server (pptp), as well as (simple) tcpdump of client and server. Could this help identify the problem?

After my inicial post I changed the nics from e1000 to flexible (edited vmx file by hand with the vm unregistered from esxi) and it worked.
Without changing any of the fw rules I changed the NICS back to e1000 and it stopped working.
So I think e1000 is the problem.
Cancel
Vote Up 0 Vote Down

Cancel
0 caguiar over 11 years ago

Thanks Telmo, on Monday I will try this and let you know.
Cancel
Vote Up 0 Vote Down

Cancel
0 caguiar over 11 years ago

Confirmed.

Configured e1000 nic -> does not work (i.e. VPN does not connect).
Configured vmxnet3 -> works (i.e. VPN connects and works).

Thanks for the tip.
Clemente
Cancel
Vote Up 0 Vote Down

Cancel
0 caguiar over 11 years ago

Now this to me looks like a serious problem.

At least I have no confidence in using e1000 nics, and these are the nics what Sophos recommends to be used in a VMWare ESXi environment.
And the default (and only) nics that can be configured through VSphere in VMware ESXi 5.5.

This should be corrected in Sophos UTM. Unfortunately I cannot open a support ticket, but somebody should.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Clemente, where does Sophos recommend the e1000 instead of VMXNET3?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 caguiar over 11 years ago

Well, I was just remembering this post that I saw:
https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/28577
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

By the way, Clemente, welcome to the User BB!

Thanks for the link. This was discussed more recently: https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/28900

Cheers - Bob
PS Neither link represents an official Sophos position statement. Except for the beta forums, Mario and all of the other Sophos employees that participate here do so only unofficially and on their own time.
Cancel
Vote Up 0 Vote Down

Cancel