Issues connecting to 'Third Party' VPN Provider

a_dsmith · March 11, 2025, 5:44pm

So I have a cloud lab that uses a Sophos XG virtual appliance for firewall (with OpenVPN SSL configured). My current OVPN config looks as below however Firewalla deems the configuration invalid, can anyone assist in identifying what might need adjusting.

Thanks in advance

client

dev tun

proto tcp

;verify-x509-name "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance\_Certificate\_x7jEnAbcZxAE8rk, [email protected]"

;route remote\_host 255.255.255.255 net\_gateway

resolv-retry infinite

nobind

persist-key

persist-tun

<ca>

\-----BEGIN CERTIFICATE-----



\-----END CERTIFICATE-----

</ca>

<cert>

\-----BEGIN CERTIFICATE-----



\-----END CERTIFICATE-----

</cert>

<key>

\-----BEGIN RSA PRIVATE KEY-----



\-----END RSA PRIVATE KEY-----

</key>

auth-user-pass

cipher AES-128-CBC

auth SHA256

comp-lzo yes

;can\_save no

;otp no

;run\_logon\_script no

;auto\_connect

route-delay 4

verb 3

reneg-sec 86400

remote publicip 8443 tcp-client

remote 10.0.0.254 8443 tcp-client

remote 10.255.0.1 8443 tcp-client

melvinto · March 11, 2025, 5:44pm

You may try to remove the last two lines and see if it can pass the validation.

remote 10.0.0.254 8443 tcp-client
remote 10.255.0.1 8443 tcp-client

a_dsmith · March 11, 2025, 5:44pm

removed the bottom two same thing, invalid content. anything else i can try?

Salty_Extension_4482 · March 11, 2025, 5:44pm

On IOS, please modify the following config in ovpn profile

from

remote publicip 8443 tcp-client
remote 10.0.0.254 8443 tcp-client
remote 10.255.0.1 8443 tcp-client

to

remote publicip 8443 tcp
remote 10.0.0.254 8443 tcp
remote 10.255.0.1 8443 tcp

Let me know if you still have issue.

a_dsmith · March 11, 2025, 5:44pm

this has worked thanks a lot!