VPN: Allow UTM to act as a VPN Client
Add a VPN Client support such as L2TP inside ASG so it can connect to a VPN solution without needing to setup Site2Site.

21 comments
-
Guy Barwood commented
There are many low VPN providers on the market that support a wide range of connection options however I have been unable to get the UTM to establish a connection to their service. All you need is to be able to create an interface based on a VPN client such as OpenVPN, connecting to either a single, or preferably a prioritised list of IP/DNS addresses authenticating with a username/password.
Perhaps the comment below is accurate and such new 'features' won't ever be added to the UTM.
-
Ex-Sophos Client commented
Sophos is a rebranding of astaro and they never had any part of its development. essentially they bought the rights and thats it.
When it was still under astaro control, features were updated all the time, as they actuually had the programmers to implements requests, Sophos does not..they are just reselling the same software rebranded, and do not have the skill set to add code.
Thus the core sophos utm is still the same from years ago.
I ended up using a dd-wrt as a transparent bridge (ie. fwd ALL tarffic to Sophos), and configured it to use openvpn. Then just use the dd-wrt as the wan connection. Works like a charm....
hence why features are requested over ad over, but never implemented. That becuase soh
It's like walmart generic brands, Walmart does not actually produce any of their products directly, they re brand products already on the market.
-
traxxus commented
Please add this feature!
-
millions4me commented
How 40$ TP-LINK can handle this but no Sophos?
-
Braedon King commented
Add one for the PPTP/OpenVPN/L2TP client unbound from a physical interface like a modem, the same as any linux ordinary distro would do on the ppp0 interface.
Useful for interfacing with dissimilar remote hardware that we have no control over, or in my case, where the client (UTM) is on mobile broadband, doesn't have a fixed IP, and is behind the ISP's NAT with a 10.0.0.0/16 address range.
-
AlexAgo commented
I am trying UTM and I found very interesting but without OpenVpn/L2TP client support I don't be able to use for my needs.
Please add them, thanks
-
Anonymous commented
Please strongly consider adding this feature. Thank you.
-
Ophidian commented
I think L2TP and OpenVPN client should both be supported. It's a simpler implementation than setting up ipsec tunnels everywhere. It's a VPN/firewall appliance: i would expect it's at least capable of this.
-
Faizy commented
Is this feature still not supported? WOW. I love sophoso, have enjoyed it for last 6+ months but this is really disappointing. Someone out there must know how to implement this and allow the utm to act like vpn client, $50 wifi router can, why can't sophos?
-
Brendan Taylor commented
UTM was looking great and I have enjoyed it a lot, however this just ruins that for me..
Oh well, back to Mikrotik until this is supported.
Ciao Sophos.
-
Anonymous commented
Still need Sophos UTM to act as an OpenVPN or L2TP client.
Really need that! -
Cory commented
Really need this! Just chose Sophos vs my long time Sonicwall and I really need this feature. I need the ability to connect to a VPN server as a CLIENT to route certain traffic. CANNOT believe Sophos does not have this when everyone else DOES.
-
Anonymous commented
This item should be combined with "SSL VPN: Convert .ovpn to .apc/.epc for Site-to-Site SSL Tunnels", because they have the same objective. Combined, they would be the 5th highest requested item.
-
glovato commented
Bob:
this is not available as using that interface option requires a physical port which is senseless.
I'd also like to see this implemented as sometimes having to mass implement pptp connections on the endstations is annoying and leaves me with no control over the traffic passed -
Joshua B. commented
Don't forget OpenVPN too!
This feature entirely can be great for using an out-of-country VPN for your entire network. Especially for countries that block sites such as YouTube, without having to setup a VPN on each computer (unfortunately bypassing the UTM completely) -
BarryG commented
If implemented, I would like this to include an option to disable outgoing traffic if the VPN goes down, as well as an email notification.
-
jpvigneault commented
Additionally the PPPoA client dosen't support any configuration and is currently set to not require-mppe-128, and there is no way to enable this in the gui.
-
jpvigneault commented
Bob, this is right, except that the PPTP client need to be bounded to an interface. So it you want 5 different PPTP connection established you need to dedicate as many NIC.
If Adding a VPN client was implemented the way I suggest it, you could create "virutal PPTP interface" without a network card attached, and be able to use it with the firewall etc.
-
Bob Alfson commented
This already is available for PPTP. In 'Interfaces', select DSL (PPPoA/PPTP). Then make some Firewall rules, and you're done!
-
DaMaN841 commented
OpenVPN would certainly be a nice to have.