Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 5930 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Regenerate Remote Access SSL-VPN configuration after hostname change.

nuber1ous
Hi everyone

Just wanted to share the steps I performed to change the external hostname of my Sophos UTM 9 in and regenerate the Remote Access SSL-VPN configuration. 

[SIZE="3"]Basic Information[/SIZE]
After changing the external domain name from olddomain.com to newdomain.com and downloading a fresh copy of the SSL-VPN configuration from the User Portal, I realized that olddomain.com is still hardcoded in the Remote Access SSL-VPN config. 

Device information: 
-Sophos UTM 9.004-34 - Virtual Appliance on ESXi 5.1

Remote Access SSL VPN Config file structure:
C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config
-\admin@olddomain.com
--\admin@olddomain.com.ovpn extract -> "remote olddomain.com 443"
--[COLOR="red"]olddomain.com[/COLOR].crt
--[COLOR="red"]olddomain.com[/COLOR].user.crt
--[COLOR="red"]olddomain.com[/COLOR].user.key

[SIZE="3"]Configuration steps[/SIZE]
The following config steps have been performed:

-Management
--System Settings
---System DNS Hostname: newdomain.com
--Webadmin Settings
---HTTPS Certificate
----Re-generate Webadmin certificate: newdomain.com

-User Portal
--Advanced
---Network Settings :  newdomain.com

-Remote Access
--Certificate Management
---Advanced
----Regenerate Signing CA : newdomain.com

[SIZE="3"]Troubleshooting steps:[/SIZE]
-Disabled/Enabled the "User Portal"
-Disabled/Enabled the "SSL-VPN"
-Verfiy if the config (sslvpn_conf_admin@newdomain.exe) file been cached somewhere : No
-Reboot Sophos UTM

-Remote Access
--SSL
---Server Settings
----Override hostname: newdomain.com
After overriding the hostname, the Remote Access SSL-VPN config files have been updated to newdomain.com  but the connection fails directly after entering the credentials
----Override hostname: BLANK
Again, olddomain.com is used for the config files. 



How to perform the hostname change correctly?

Have a great day.

First post: Done [:D]


This thread was automatically locked due to age.
  • 0
    [SIZE="3"]SOLUTION[/SIZE]
    I figured out that because of the remaining DYNDNS entry for olddomain.com the SSL-VPN configuration was created and based on this information.
  • 0
    Hi, nuber1ous, and welcome to posting in the User BB after lurking for a year!

    Thanks for posting that.  It's also a reminder to newbies that if they failed to assign a hostname that's an FQDN resolvable in public DNS, they should do a factory-reset and start over.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi BAlfson,

    Thanks for your reply. 
    It may be easier to reset to factory defaults, but I prefer to "challenge" the issue rather to reconfigure the firewall from scratch. (Yes, I know how to backup with resetting the host specific data)

    What I don't understand, is why the automatically created SSL VPN config is based on the DYNDNS entry?

    br yvan
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML