Setup OPNsense as a VPN Site2Site to a Sophos XG firewall SSL OpenVPN server

yannis · May 07, 2024, 03:55:07 PM

Hi
Is it possible to setup OPNsense appliance as a VPN Site2Site to Sophos XG firewall SSL OpenVPN server?

Has anyone managed this setup to work reliably or is this just theoretical ?

Regards
Yannis Terzakis

Monviech (Cedrik) · May 07, 2024, 03:58:31 PM

Oh sheesh, the XG Firewall... one of my favorites.

It's already a fight to keep an IPsec Tunnel from OPNsense to XG Firewall with a few SAs running... /kinda/ stable. Can't even imagine how incredibly annoying an SSL VPN tunnel will be.

So, I suggest to use IPsec, at least it kinda works, with IKEv2 and RSA PSK (Public Key) it's also pretty stable. Short lifetimes are a must, I use 2000s rekey time in phase 1 and 500s rekey time in the children (phase2).

yannis · May 07, 2024, 04:07:02 PM

Hi Monviech and thank you for your comment.
I am sure IPsec is the best all-around solution but there are too many OpenVPN tunnels installed using Sophos XG firewall and I want to do a gradual migration.

Regards

Setup OPNsense as a VPN Site2Site to a Sophos XG firewall SSL OpenVPN server

yannis

May 07, 2024, 03:55:07 PM

Monviech (Cedrik)

May 07, 2024, 03:58:31 PM #1 Last Edit: May 07, 2024, 04:02:13 PM by Monviech

yannis

May 07, 2024, 04:07:02 PM #2