Bovpn over TLS problems when using default route

hi
(tested with t10 on 12.5.11 als client )

bovpn over tls :

  • client route to trusted network on Main Firewall xtmv / 192.168.22.0
  • server route to trusted network on T10 / 192.168.12.0

everything works as expected , ping (any to any policy) works to T10 lan IP / 192.168.12.1 & 192.168.113.31 TLS wan IP

#

when changing to default route (send all client traffic through tunnel)
ping stops working after reboot of T10
tunnel comes up und ping is working only from diagnostic tasks (xtmv) , but not from lan 192.168.22.0

any idea why it stops working after reboot ?
i can switch from default route to route 192.168.22.0 and it works again , no other changes

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I would suggest turning up the SSLVPN logging so you can see any potential errors. You can change this in Setup -> Logging -> Diagnostic Log in policy manager, or System -> Diagnostic Log in WebUI.

    Unless you have a specific reason to be using BOVPN over TLS, I would suggest using a standard IPSEC BOVPN as it will generally be more performant.

    BOVPN over TLS runs via the firewall's SSLVPN, so any logs related to it will appear there.

    It's also worth noting that the T10 and XTMv are both end of life, and no longer receive security or any other updates. See:
    https://www.watchguard.com/wgrd-trust-center/end-of-life-policy

    -James Carson
    WatchGuard Customer Support

  • i tried 0.0.0.0/0 and 0.0.0.0/1 + 128.0.0.0/1 instead of send all client traffic through tunnel both not working
    btw. its test lab/ not productive firebox V (not xtmv)
    finally building the policy from scratch solved the problem

Sign In to comment.