Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 4535 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN not working on iOS but works fine on Windows

Matt_NZ

So, I've got a SSL VPN set up (on UDP port 443) which is working perfectly on Windows.  I can connect, I get an IP, if I go to Google and type "what's my ip" it shows my home public IP address, all my traffic is routed through the VPN and I can connect to internal DNS names.  However, on iOS I can connect fine and I get an IP but the VPN doesn't actually work.  If I ping an internal IP it doesn't work (internal DNS host names don't resolve either) and if I go to Google and type "what's my IP" it shows the IP of my phones cellphone connection.

Here's the log file from the iOS client:

2016-01-31 15:28:04 VERIFY OK: depth=0
cert. version    : 3
serial number    : FF:4C:2C:E8:9F:20:3D:F1
issuer name      : C=nz, L=city, O=Home, CN=Home VPN CA, emailAddress=email@domain.com
subject name      : C=nz, L=city, O=Home, CN=vpn.domain.com, emailAddress=email@domain.com
issued  on        : 2014-05-10 07:10:36
expires on        : 2038-01-01 00:00:01
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : vpn.domain.com
key usage        : Digital Signature, Non Repudiation, Key Encipherment

2016-01-31 15:28:05 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-01-31 15:28:05 Session is ACTIVE
2016-01-31 15:28:05 EVENT: GET_CONFIG
2016-01-31 15:28:05 Sending PUSH_REQUEST to server...
2016-01-31 15:28:06 Sending PUSH_REQUEST to server...
2016-01-31 15:28:08 Sending PUSH_REQUEST to server...
2016-01-31 15:28:08 OPTIONS:
0 [route] [10.242.2.1]
1 [topology] [net30]
2 [ping] [10]
3 [ping-restart] [120]
4 [redirect-gateway] [def1]
5 [dhcp-option] [DNS] [192.168.0.104]
6 [dhcp-option] [DNS] [192.168.0.105]
7 [dhcp-option] [DOMAIN] [domain.local]
8 [ifconfig] [10.242.2.6] [10.242.2.5]

2016-01-31 15:28:08 LZO-ASYM init swap=0 asym=1
2016-01-31 15:28:08 Comp-stub init swap=0
2016-01-31 15:28:08 EVENT: ASSIGN_IP
2016-01-31 15:28:08 TunPersist: saving tun context:
Session Name: vpn.domain.com
Remote Address: 111.111.111.111
Tunnel Addresses:
  10.242.2.6/30 -> 10.242.2.5 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ] Block IPv6: no Add Routes:
Exclude Routes:
  2406:e001:1:6700:215:5dff:fe00:6601/128 [IPv6] DNS Servers:
  192.168.0.104
  192.168.0.105
Search Domains:
  domain.local

2016-01-31 15:28:08 Connected via tun
2016-01-31 15:28:08 EVENT: CONNECTED Matt@vpn.domain.com:443 (111.111.111.111) via /UDPv4 on tun/10.242.2.6/
2016-01-31 15:28:08 SetStatus Connected



This thread was automatically locked due to age.
  • 0

    Matt, I haven't seen a subnet listing like "10.242.2.6/30" before. Please show us the lines from the UTM's SSL VPN log for the same connection attempt.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML