作者 |
文章 |
|
|
2024-03-20, 18:04 |
|
|
|
2024-02-29, 15:33 |
|
|
SFOS的SSLVPN組態範本位置在如下路徑。
/content/sslvpn/client-config-template.ovpn
若有參數調整需求,可以修改此範本,其變動套用到修改後再下載的個人組態。
舉例來說,iOS使用的OpenVPN APP,在2023年10月升版到3.4後不再支援 route-delay 4 此參數,
此升版造成原iOS用戶無法撥接成功。
除了手動修改已匯入的SSLVPN個人組態,去掉此參數外,
也可以直接修改XG/S上的SSLVPN組態範本,註解掉此不支援的參數,
再通知用戶重新下載組態檔,重新匯入,以恢復SSLVPN的正常使用。
[<OPENVPN_WIN_OPTIONS>]
client
dev tun
proto [<OPENVPN_PROTOCOL>]
verify-x509-name "[<OPENVPN_SERVER_DN>]"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca [<OPENVPN_CA_FILE>]
cert [<OPENVPN_CLIENT_CERT>]
key [<OPENVPN_CLIENT_KEY>]
auth-user-pass
cipher [<OPENVPN_CIPHER>]
auth [<OPENVPN_AUTH>]
comp-lzo [<OPENVPN_COMPRESSION>]
;can_save [<OPENVPN_SEVECREDENTIAL>]
;otp [<OPENVPN_TWOFATOKEN>]
;run_logon_script [<OPENVPN_ADLOGON>]
;auto_connect [<OPENVPN_AUTOCONNECT>]
;route-delay 4
verb 3
reneg-sec 0
https://community.sophos.com/sophos-xg-f...-breaks-ssl-vpn
另外,在有多個WAN的情況下,
原本無法指定SSLVPN撥入時,優先透過哪個WAN IP來進行撥接。
在知道範本位置後,我們也可以修改此範本,
將WAN加到組態範本中,例如WAN IP 123.1.2.3。
[<OPENVPN_WIN_OPTIONS>]
client
dev tun
proto [<OPENVPN_PROTOCOL>]
verify-x509-name "[<OPENVPN_SERVER_DN>]"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca [<OPENVPN_CA_FILE>]
cert [<OPENVPN_CLIENT_CERT>]
key [<OPENVPN_CLIENT_KEY>]
auth-user-pass
cipher [<OPENVPN_CIPHER>]
auth [<OPENVPN_AUTH>]
comp-lzo [<OPENVPN_COMPRESSION>]
;can_save [<OPENVPN_SEVECREDENTIAL>]
;otp [<OPENVPN_TWOFATOKEN>]
;run_logon_script [<OPENVPN_ADLOGON>]
;auto_connect [<OPENVPN_AUTOCONNECT>]
route-delay 4
verb 3
reneg-sec 0
remote 123.1.2.3 8443
完成後,使用者重新下載組態並匯入後,第一個撥接的IP就是 123.1.2.3 了∼
♥順子老婆的網拍,請多關照∼
If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
|
|
2024-02-29, 11:41 |
|
|
|
2024-01-22, 11:13 |
|
|
|
2024-01-04, 10:45 |
|
|
如果手邊就是找不到console線,
或是console線接了沒反應(pin腳位不對),
那還可以怎麼處理?
其實Sophos XG/S appliance本身就是一台電腦,
有VGA port,或是HDMI port可接螢幕,
再接上USB鍵盤就可以直接透過螢幕、鍵盤來進行操作,
就跟接console線是一樣的∼
PS.補充說明
協助業務對規格時,突然發現從XGS系列開始,不論大小型號,HDMI完全退出Sophos XGS appliance了!
XGS系列後,客戶找不到console線時,就不能請客戶直接接螢幕來查狀況了...
♥順子老婆的網拍,請多關照∼
If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
|
|
2023-12-22, 13:58 |
|
|
|
2023-12-18, 17:41 |
|
|
|
2023-11-20, 11:42 |
|
|
|
2023-09-18, 17:09 |
|
|
|
2023-08-30, 18:14 |
|