This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN SSL. What in the world. Need it dumbed down. I followed the tutorial.

OK im trying to get the SSL VPN working.

First question is what in the heck is the hostname supposed to be? Youd think this would be the first question thats answered but the tutorials and help are so ambiguous about it. Do I connect to the ASTARO wan address or do I connec t to my WEB SITE DOMAIN NAME web address. Because those are two totally different IP addresses. One is the WAN and one is another IP on the WAN.

I set up everything just like the Astaro tutorial showed me and all I get is:
connect to [astaro ip address] failed, will try again in five seconds. Connection timed out.

Im running 7.305 and whatever the latest and greatest SSL VPN is when you download it off the portal.

In Remote Access/SSL I set up a cpl users in USERS AND GROUPS and set up INTERNAL (Network) for Local Networks. Left pool and certificate untouched.

In ADVANCED its TCP 443 and AES 192 MD5 2048 encrpytion (just like tutorial suggested).

In MANAGEMENT/USER PORTAL Allowed Networks is ANY and only Allow Specific Users specifies the ones I set up.

In ADVANCED, I set the hostname to my Astaro WAN address and port 443.

I downloaded the client and installed it on my laptop.

The error I mentioned is what Im getting. No idea what Im doing wrong.

Help.

This thread was automatically locked due to age.

0 BAlfson over 16 years ago in reply to UDPride

I believe that automatic thing only applies to the rule for letting the VPN connect over port 443. You still need to explicitly allow traffic through other ports.

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 patrick.schneider over 16 years ago in reply to BAlfson

Hi UDPride,

another thing to check:
If the Astaro is not your default gateway, your clients might receive the ping requests and answer it, but if the Astaro is not their default gateway and they don't have a route explicitely set for your VPN-Pool, they will send it to their default gateway, which will of course drop (RFC1918) it.

Kind regards,
Patrick
Cancel
Vote Up 0 Vote Down

Cancel
0 cyberknutte over 16 years ago in reply to UDPride

If you are running Vista on the VPN client you need to start the SSL VPN client manually and use the "Run as Administrator" option, otherwise the routing won't be set up correctly when the client connects.

You can check this by running: "route print" in a command prompt and look if there is an entry for the network you are trying to reach.

// Andreas
Cancel
Vote Up 0 Vote Down

Cancel
0 UDPride over 16 years ago in reply to cyberknutte

yes all clients and machines on my office network uses the astaro as the default gateway.

im testing on a WinXP laptop right now (but Vista is imminent).

so I need to add a manual filter rule or something for the 10.x.x.x VPN Pool?
Cancel
Vote Up 0 Vote Down

Cancel
0 UDPride over 16 years ago in reply to UDPride

well tried the vpn tonight and voila, it worked. no idea why because i tried it late last week and it didnt work and i dont think i changed any settings. i tested from a winxp laptop using NO manual packet filters or nats. just set up with remote access and added VPN Pool 10.x.x.x to the allowed local networks in the SSL VPN. no more no less other than specifying what IP address and port to connect to the VPN to in Advanced

Hmm. Glad its working. Just not sure why it all of a sudden decided to cooperate. Oh well. Welcome to the happy secure road warrior world of computing.

ill keep that vista tip handy. i have a vista laptop on another astaro network i need to set up....
Cancel
Vote Up 0 Vote Down

Cancel