這陣子IOS升級OPENVPN至3.4.0(5457)後,SOPHOS的VPN忽然不能連線,查了一下果然是SOPHOS的BUG,但之前的OPENVPN版本怎沒問題呢?大概跟新版IOS的OPENVPN安全性更嚴謹有關,很抱歉,如果你有上千台設備,一台一台更新會死人。我的NG防火牆1.5.1版本的OPENVPN設定檔再IOS OPECVPN3.4.0版上連得上但是無法連線內網,目前還沒解決。
Temporary Fix
1. Access via SSH the Sophos Firewall
2. Press 5 > 3 in the Main Menu to land in the Advanced Shell
3. Enter the following line: vi /content/sslvpn/client-config-template.ovpn
The above command will open the file called client-configuration-template in the vi editor
4. Press the Down Arrow on your keyboard until you see the pointer is at "route-delay 4.",
5. Press the letter "i" on your keyboard to enter INSERT mode in vi, and press the semicolon symbol (;) on your keyboard
6. Press the key ESC on your keyboard followed by :x or:wq (you should see the :X On the left bottom corner of your screen (Advanced Shell)
After this change, ask the user to access the User Portal to re-download the configuration, and the user won't be presented with the Unsupported Options error when trying to connect.
Note: This won't survive a Firmware update, so you’ll need to re-enter the commands after doing a Firmware Upgrade
Note: Sophos is aware of this error and plans to work on fixing this in the upcoming v19.5MR4 and v20.0MR1.
For UTM Firewall, kindly check the the following link:
