Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 5 subscribers
  • Views 25313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Vpn public IP

phuongpham
Hi.
I'm trying to setup SSL vpn.
I can connect to the VPN from Android, iPhone, PC etc.
The problem is the public IP doesn't reflect the UTM public IP.
It means if I use 4G connection from my iPhone the public IP on the phone is still the same after connected to VPN. I would like to have same public IP on the phone as define on UTM.

Some ideas?


This thread was automatically locked due to age.
Parents
  • 0
    What is assigned in our local networks in the advanced tab under ssl vpn?  If you want all of your traffic on your device (not tethered, it is typically not included), then you should have any in your local networks definition.  That would remove the split tunneling setting.
  • 0 in reply to darrellr_01

    Hi darrellr_01,

    My current VPN (OPEN VPN) when we connect we get our public which is “aaa,bbb,ccc,ddd” but when we use SOPHOS VPN we get the internal IP “192.168.1.X”

    we should get our public IP when we use SOPHOS VPN.

  • 0 in reply to MuhdRabbani

    Robb, it's not clear to me what you mean when you say that you should get your public IP when you connect with the Sophos SSL VPN Client.  Where are you seeing the “192.168.1.X” IP?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to MuhdRabbani

    Robb, it's not clear to me what you mean when you say that you should get your public IP when you connect with the Sophos SSL VPN Client.  Where are you seeing the “192.168.1.X” IP?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi BAlfson,

    When we use ssl vpn at outside and connected to our office using ssl vpn UTM 9, we should get our office PUBLIC IP  right? But  I get a differrent IP. i try change interface n vpn pool. Also same.

    can u guide me?

    Thank You

  • 0 in reply to MuhdRabbani

    Where are you seeing the “192.168.1.X” IP?  Where do you expect to see your office IP?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to MuhdRabbani

    Hi Rob (Robb?),

    I just got my VPN going in the last couple weeks, so I am hardly an expert, but let me give it a try:

    Before you connect to your Sophos UTM OpenSSL VPN, your device (e.g., laptop) has a public IP address (as you put it, "aaa,bbb,ccc,ddd"). You can find out your public IP address by going to:

    IPv4 only: http://ipchicken.com 

    IPv4 and IPv6: https://www.whatismyip.com

    NOTE: As I understand it, the Sophos UTM OpenSSL VPN works only with IPv4. 

    When you connect to your VPN, your device will be given an additional IP address from the VPN Pool (SSL) on your UTM. Go to Definitions and Users, Network Definitions, and then scroll down the list on the right side until you see "VPN Pool (SSL)". I suspect that this is the 192.168.1.X address you are finding. That's normal. Communications to devices within your office (or wherever your Sophos UTM is installed) will appear to come from that 192.168.1.X address. 

    If you go to IP Chicken as above, you may find that you still have the same public address that you had before. That is because your VPN is configured for Split Tunneling, which is the default. Split tunneling means that if you connect to devices in the office then the communications use the encrypted VPN tunnel. If you go to a website on the public Internet, then the communications bypass the encrypted VPN tunnel and are not secure. (Well, no more secure than when you are not using the VPN.)

    If you wish to use Mandatory (Full) tunnel, so that all of your communications go through the VPN, even to the Internet, then change "Internal (Network)" to "Any" for your Local Networks definition in the VPN configuration in Remote Access, SSL. (See the warning about using "Any", above.) In that case, if you check IP Chicken, it should show you the the public IP address of the office. Remember to add a new masquerading entry for VPN Pool (SSL) to External (WAN) under Network Protection, NAT.

    People choose split tunnels for performance reasons and to avoid overloading the UTM with encryption/decryption processing and extra network bandwidth usage.

    People choose mandatory (full) tunnels for security. All network traffic is encrypted through the VPN. If you are in a hotel room or an Internet cafe, then a hacker watching the WiFi cannot easily eavesdrop or attack your device.

    WARNING: I noticed that IPv6 communications still bypass the VPN tunnel even if the Local Networks is set to "Any". Remember that "Any" is supposed to force a mandatory (full) VPN tunnel, but obviously it ignores IPv6, even if you use "Any/46". I observed that the "6" is "grayed out" in the VPN setting. I am still working on that issue.

    I hope this helps.

  • 0 in reply to utmadm

    HI all, 

    Thank you so much. its working rite now... I love u guys. hehehe

Unfiltered HTML