Hi,
I've read many threads about this on this forum, but most of them are too specific and don't really help me forward in this.
Background:
I work mainly with Mac clients, and have since I discovered the Sophos/Astaro UTM some years ago always sold their products to our clients because of the easy of use and powerful capabilities. The only thing not working in our installations has always been using the Sophos built-in vpn. That has been solved by using macOS Server's vpn server by just passing the correct udp ports (1701, 500 and 4500 for L2TP). Since the update of macOS to 10.12.x (Sierra) I've encountered problems with this setup and thought I'd pick up the thread where I left it 4 years ago, in this thread:
and according to Sophos, who declined my suggestion, it is impossible to push routes down to L2TP clients in split tunnel mode, which it appears not to be, since that is the only reason I've been using a separate macOS Server (which has done so well until 10.12.x) and not the Sophos built-in L2TP server:
Question:
Has anybody managed to configure *any* of the available vpn services in Sophos UTM/SG which supports route pushing (i e having the box where you can configure "Local Networks") for use with *any* of the available built-in vpn client protocols in macOS, using split tunnel mode?
I've always had this problem, and I discussed it with the teacher during my certification back in 2013, running whatever version was available then of both UTM and OS X, up until current versions of both. I just want to know if anybody out there has found a way to use Sophos UTM with native macOS vpn client(s), use split tunneling and have routes for local subnets pushed to vpn clients, and share their information.
I found this thread:
where BAlfson mentions that he doesn't do Mac, but expects it to work with the iOS vpn config. I got iOS to connect to Sophos Cisco VPN service even with a certificate, and got my hopes up reading/trying that. But I haven't been able to get that setup to work for macOS.
Before people start replying about tunneling all traffic to the UTM and using 3rd party software like Tunnelblick and Sophos SSL VPN, I can confirm that I'm aware of those solutions and it's working flawlessly, but that is not a satisfactory solution for me/us and I'm not interested in answers suggestioning/insisting reconsidering, thank you. Sorry about mentioning this, but I've read too many threads of people ignoring the specific needs of mentioned in questions, thus not giving helpful answers.
Thank you all in advance,
Kind regards, Håkan
This thread was automatically locked due to age.
