Openvpn Sophos

/ Comments off



  1. Openvpn Sophos Download
  2. Sophos Vpn Ssl Client Download
  3. Sophos Ssl Vpn Client App
  4. Openvpn Sophos
  5. Sophos Vpn Ssl

This guide will explain how to setup SSL VPN to access your home network (LAN). While the Sophos website has an official “SSL VPN Remote Access” How-To video, it’s missing some important steps. I’d recommend watching the video as it’s fairly short and following this guide.

In this video i will show you how to install the SSL VPN in Sophos XG firewall.#SSL #VPNwith #Sophos #VPN #OpenVPN. If you haven’t already set up users on your network, you will need to implement at least.

OpenvpnSophos

Dynamic DNS

Openvpn Sophos Download

If you do not have a static WAN IP address, create a Fully Qualified Domain Name (FQDN) using a Dynamic DNS service. There are free services available such as DuckDNS.org but Sophos also offers its own DDNS service for free.

1. Open the ‘Dynamic DNS’ tab on the ‘Network’ page and click ‘Add’.

2. Type in your desired FQDN in the ‘Hostname’ field. It must end with *.myfirewall.co if using Sophos as your DDNS service provider (ex: myname.myfirewall.co).

3. Select your WAN ‘interface’ (likely Port2) and choose ‘NATed Public IP’ next to ‘IPv4 Address’ and set the ‘IP Edit Checking Interval’ as desired (default value of ’20’ works fine).

4. Select ‘Sophos’ as the ‘Service Provider’ and click ‘Save’. After about 3-5 minutes, try accessing or pinging your newly created FQDN.

Sophos Vpn Ssl Client Download

Setting up SSL VPN

1. Setup your hostname. Open the ‘Admin Settings’ tab on the ‘Administration’ page and type in your FQDN or WAN IP address in the ‘Hostname’ field (ex: myname.myfirewall.co) and click ‘Apply’. The reason for this is that when you download the VPN configuration file, it uses this hostname as the address your device will try to access. There is also an option to use a different hostname which will be explained later.

Openvpn

2. Create a user account. Open the ‘Users’ tab on the ‘Authentication’ page and click ‘Add’. Fill out the ‘Username’, ‘Name’, ‘Password’ and ‘Email’ fields. ‘User Type’ can be set as desired (leaving the default setting of ‘User’ will suffice). Select ‘Open Group’ under the ‘Group’ drop down which is simply a default group Sophos XG created during setup that allows for unlimited access at all times. The remaining fields can be left to their default settings. Click ‘Save’ at the bottom.

3. Create an IP Host. Open the ‘IP Host’ tab on the ‘Host and Services’ page and click ‘Add’. Enter a ‘Name’ as desired (i.e. ‘Local subnet’), select ‘IPv4’ for ‘IP Version’ and select ‘Network’ for ‘Type’. In the ‘IP Address’ field, enter your subnet address (i.e. 172.16.16.0) and select the appropriate ‘Subnet’ (i.e. /24 255.255.255.0). Click ‘Save’ at the bottom.

(Optional) Create another IP Host using an IP Range that the VPN connection will use (default is 10.81.234.5 to 10.81.234.55). This can be utilized for the ‘Source Network and Devices’ in the firewall rule during Step 7 for increased security.

4. Setup SSL VPN. Open the ‘SSL VPN (Remote Access)’ tab on the ‘VPN’ page and click ‘Add’. Type in a ‘Name’ and ‘Description’ as desired and add your user account created in step 2 to the ‘Policy Members’. Additionally, add the IP Host created in step 3 to the ‘Permitted Network Resources (IPv4)’ section. Everything else can be left to the default settings. Click ‘Apply’ at the bottom.

5. Adjust VPN settings. On the same page (VPN), click the ‘Show VPN Settings’ on the top right section above the tabs. Set the ‘Protocol’ to ‘UDP’ (not required but recommended for better VPN performance). As mentioned in Step 1, you can add your FQDN or WAN IP address to the ‘Override Hostname’ field. This will likely be required for your VPN configuration file to use the correct address, so it’s recommended to just type in your FQDN or WAN IP address again. Click ‘Apply’ at the bottom.

6. Enable SSL VPN. Open the ‘Device Access’ tab on the ‘Administration’ page and make sure ‘SSL VPN’ is checked for LAN and WAN. You can also check ‘HTTPS’ for VPN if you want access to the Sophos XG web UI you’re currently using when connected through VPN. Click ‘Apply’ in the ‘Local Services ACL’ section you just modified.

7. Create a firewall rule for VPN. Open the ‘Firewall’ page and add a ‘User/Network Rule’. Fill in the applicable fields and set ‘Source Zones’ to ‘VPN’, ‘Source Network and Devices’ to ‘Any’ or the IP Host for the VPN IP range created in the optional step, ‘Destination Zone’ to ‘LAN’ and ‘Destination Network’ to the IP Host you created in Step 3 (i.e. ‘Local subnet’). Other settings can be setup as desired. See my previous post on Firewall Rules for more information.

Setting up OpenVPN

At this point, VPN is setup on Sophos XG and now you just need to configure your client that will be used to VPN into your home network. In this example, we’ll use an iOS device.

Sophos Ssl Vpn Client App

1. Download ‘OpenVPN’ on your iOS device from the App Store.

Openvpn

Openvpn Sophos

2. Open the web browser on your iOS device and browse to the same IP address used to configure Sophos XG except on port 443 (ex: https://172.16.16.16:443) which should bring you to the Sophos User Portal. Log in using the account created earlier and download the configuration file for iOS.

Sophos Vpn Ssl

3. Open the configuration file in the OpenVPN app on your iOS device. The remainder of the steps should be self explanatory as you simply need to add the configuration file to OpenVPN, fill in your username and password and click connect at which point you’re now able to connect to your local network from outside the network.