Hey everyone,
There’s probably a simple explanation for this, but for some reason, just recently, when I connect to a Sophos VPN using my standard program Viscosity, I can’t seem to connect to the internet. The VPN connection itself is fine, as in I can remotely connect to the Sophos firewall that the VPN is linked to, but I can’t do anything else using the internet.
It seems to be a new development as well since I’ve previously had no issues, and have even been able to connect to multiple VPN’s at once.
Any help is much appreciated.
Thanks!
Do you have DNS in the VPN Settings? We had this issue and I noticed there was no DNS so no internet would work.
Do you use the default Route for the VPn then your traffic is rooted through the Sophos. Then you need Firewall Rules and Nat rules
If you use your VPN on another device, does it work properly? If so, the problem is probably on your device and if not, it is likely to be a firewall configuration
You must créate a policy to have internet access
Sorry, would this be something I would enable on my end or on the Sophos?
I do have a DNS when connected to the VPN, it’s very specific, definitely not a 8.8.8.8 or anything.
Well the VPN is for a production firewall that’s been up for quite a while now, and I’ve only just started to have this problem. It also only seems to be affecting me for some reason, my other coworkers are able to use the internet while connected to VPN no problem.
It’s a setting in the VPN profile to use it as the default gateway. If that’s checked, that means all traffic is routed back through your VPN tunnel to the firewall. If you don’t have the appropriate rule set up, then your client would not be able to communicate to the web. If that option is unchecked in the VPN profile then only the traffic that is set in that allowed networks is what gets routed over the VPN.
Do you have access to the firewall?
When you are connected in the VPN and you do a traceroute to google.com or 1.1…1 is one of the hops the Sophos firewall?
When I do traceroute to google.com the error is: Unable to resolve target system name google.com.
But you are correct that while connected to the VPN I can access the firewall itself.
Sounds like a DNS issue. What DNS is specified?
And traceroute to 1.1.1.1?
Did you see the firewall as an hop
Could be, it’s a very specific DNS, not anything generic like 8.8.8.8. I’d share it, but I think it might have been specified by the Sophos which is a production firewall.
It was actually able to complete that traceroute. It took 9 hops, averaging around 40ms and no sign of the actual firewall from what I can tell. I would take a screenshot, but there could be some private IPs in it.
Okay, let’s shoot for it. Is the DNS the WAN address for your broadband connection at the firewall end?
It’s not, no. And I don’t know if this matters, but the DNS address that it’s using on the one VPN is also being used when I’m connected to other Sophos VPN’s. It’s a 127.x.x.x address. I also have a Private Internet Access VPN and there’s no issues when I’m connected to it.
That dns won’t resolve to anything outside your local host. It sounds like the Sophos Connect config file you are using isn’t setup properly.
So funnily enough, I actually tried using the Sophos Connect software with the VPN instead of Viscosity and it works just fine. So must be something going on with Viscosity and their DNS servers maybe.