Sophos Connect 2.3 MR-3
Released on February 17, 2025
New features and enhancements
We've completed the following upgrades:
- OpenVPN from version 2.6.10 to version 2.6.12.
- Strongswan from version 5.9.5 to 5.9.6.
- Open SSL from version 1.1.1w to 3.3.2.
- Civetweb from version 1.15 to 1.16.
Resolved issues
Resolved issues for this release.
Issue ID |
Description |
NCL-1820 |
Resolved an issue where IPsec users were disconnected sporadically and couldn't reconnect. |
Sophos Connect 2.3 MR-2 - Windows
Released on October 9, 2024
New features and enhancements
This update resolved one issue.
Resolved issues
Resolved issues for this release.
Issue ID |
Description |
NCL-2048 |
Resolved an issue where users couldn't set up SSL VPN tunnels after disabling the VPN portal on the WAN zone. |
Sophos Connect 1.4 MR-1 - macOS
Released on October 9, 2024
New features and enhancements
This update resolved one issue.
Resolved issues
Resolved issues for this release.
Issue ID |
Description |
NCL-1720 |
Resolved a vulnerability in Sophos Connect on macOS. If a user visited a malicious website, it could fetch log files and the technical support report from Sophos Connect. |
Sophos Connect 2.3 MR-1
Released on July 1, 2024
IMPORTANT:
Sophos Connect 2.3 is compatible with the following firewall and UTM versions:
- SFOS 19.0 or later
- UTM 9.7 or later
New features and enhancements
This update resolved various issues.
Resolved issues
Resolved issues for this release.
Issue ID |
Description |
NCL-1847 |
Resolved an issue where Sophos Connect 2.3 installation failed with the following error: "OpenVPN service failed to start". |
NCL-1842 |
Resolved an issue where the SSL VPN connections between Sophos UTM 9.713 and Sophos Connect 2.3 didn't work. |
NCL-1852 |
Resolved an issue where Sophos Connect 2.3 failed to set up a tunnel when the certificate had a weak signature algorithm. |
Sophos Connect 2.3
Released on May 15, 2024
IMPORTANT:
New features and enhancements
- We've upgraded OpenVPN for the Sophos Connect Client to 2.6.10.
- In the provisioning file, you can now use the
vpn_portal_port
syntax to enter the VPN portal port.
- The Sophos Connect window now always displays in the lower right of the screen.
- You can now import a provisioning file with a renamed display name.
Resolved issues
Resolved issues for this release.
Issue ID |
Description |
NCL-1797 |
Resolved an issue where the login script didn't run. |
NCL-1834 |
Addressed the following CVEs which affect OpenVPN: 2.0 - 2.6.9. |
NCL-1763 |
Resolved an issue where authentication failed for SSL VPN in Sophos Connect 2.2.90 when the password contained two consecutive double quote characters. |
NCL-1756 |
Upgraded the OpenSSL version from 1.1.1n to 1.1.1w to address various vulnerabilities. |
NCL-1721 |
Resolved an issue where users couldn't sign into the Sophos Connect client if their username contained a space or a special character. |
NCL-1707 |
Resolved an issue when the GUI didn't show a connection as established if it was renamed. |
NCL-1620 |
Resolved an issue where the display_name field in the provisioning file wasn't working as expected. |
NCL-1383 |
Resolved an issue where the Sophos Connect client added DNS addresses to the end of the TAP adapter list instead of replacing them. |
Sophos Connect 2.2 MR-1 (2.2.090)
Released on January 25, 2023
New features and enhancements
This update resolved various vulnerabilities.
Resolved issues
Resolved issues for this release.
Issue ID |
Description |
NCL-1699 |
Resolved an XXS vulnerability in Windows SCC that occurred when renaming a
connection. |
NCL-1708 |
Resolved a vulnerability in Windows where any website could easily fetch log
files and the technical support report from Sophos Connect 2.2.75. |
NCL-1725 |
Resolved a vulnerability in Windows where malicious VPN files were shared on the
Sophos Connect client (2.2.75). |
Sophos Connect 2.2
Released on July 6, 2022
New features and enhancements
This is primarily a security and quality update that addresses issues in the
libraries used by Sophos Connect and issues in the Sophos Connect client.
Resolved issues
Resolved issues for this release.
Issue ID |
Description |
NCL-1635 |
Security fix for CVE-2022-0778. |
NCL-1585 |
Security fix for CVE-2021-27406 in OpenVPN binary. |
NCL-1490 |
Security fix for CVE-2021-3606 in OpenVPN. |
NCL-1667 |
Security hygiene cleanup for CVE-2020-1967. |
NCL-1622 |
Resolved an issue with a GCM Cipher parsing error. |
NCL-1399 |
Resolved an issue with a random SSL authentication failure. |
NCL-1616 |
Resolved connection issues with special characters in a password. |
NCL-1372 |
Resolved connection issues with special characters in a password. |
NCL-1319 |
Resolved provisioning issues with special characters in a password. |
NCL-1256 |
Resolved provisioning issues with special characters in a password. |
NCL-1261 |
Resolved SSL authentication issues with multiple spaces in a username. |
NCL-569 |
Resolved provisioning issues with special characters in a username. |
Known issues and limitations
Known issues, listed by ID, affected component and a description of
the issue.
Issue ID |
Affects version |
Description |
Workaround |
NCL-1377 |
2.1 |
When you download an IPsec connection via a provisioning file and make a policy
change on Sophos Firewall, the policy doesn't automatically update. |
Trigger an update policy to re-synchronize the policy. |
NCL-1618 |
2.1 |
When you use a third-party certificate on the remote side and restart your
endpoint computer (or restart services related to Sophos Connect), you see the
following error: "Failed to validate certificate". |
Use a self-signed certificate signed by Sophos Firewall on the remote side or
use pre-shared keys instead of certificates. |
NCL-837 |
All versions |
Sophos Connect only supports ASCII characters. It doesn't support umlauts,
UTF-8, or UTF-16. |
Will be resolved shortly. |
NCL-834 |
1.1 |
Sophos Connect fails to start because the port used for the HTTP server (60110)
is already in use on the system. |
Will be resolved shortly. |
NCL-1378 |
2.1 |
If you configured both IPsec and SSL VPN policies on Sophos Firewall, only the
SSL VPN policy has the "Update policy" option available in the settings menu.
|
Will be resolved shortly. |
NCL-1382 |
2.1 |
When you connect to SSL VPN from Windows 7 or 8, you see the following error:
"OpenVPN service is not available". |
Use a legacy SSL VPN client. |
NCL-1391 |
2.1 |
When you deploy the Sophos Connect provisioning file, the first authentication
attempt always fails when OTP is enabled. |
Enter your credentials and one-time password again. |
NCL-836 |
1.1 |
On Macs, you can't import connection files with non-ASCII characters in the file
name. |
Will be resolved shortly. |
NCL-835 |
1.3 |
After Windows devices wake up from sleep, you may see the following error:
"Failed to load connection". |
Will be resolved shortly. |
NCL-833 |
All versions |
You can't unzip Sophos Connect generated TSR zip files on macOS 10.12.6. |
Will be resolved shortly. |
NCL-839 |
1.0 |
DNS servers aren't updated on the network monitor page of the Sophos Connect
client. |
Disconnect the existing connection and then re-establish it. |
Supported platforms
You can establish IPsec and SSL VPN tunnels using the Sophos Connect client
on some endpoint platforms and versions. Check the platform version of your endpoint to see if
you can use the Sophos Connect client.
Note: Currently, the Sophos Connect client doesn't support macOS for
SSL VPN. It also doesn't support mobile platforms for IPsec and SSL VPN.
You can use the provisioning file to enable users to automatically import
remote access configurations into the Sophos Connect client. Make sure you use a compatible
version of the Sophos Connect client. For details, see the following tables:
IPsec VPN
Sophos Connect client version |
Configuration file
(1.0 and later) |
Provisioning file
(2.1 and later) |
Windows (x86) |
Yes (Windows 10, 11, including LTSB, LTSC) |
Yes (Windows 10, 11, including LTSB, LTSC) |
Windows (ARM) |
No |
No |
macOS (x86) |
Yes (macOS 10.13 and later) |
No |
macOS (ARM) |
No |
No |
Android |
No. Use third-party clients. |
No |
iOS |
No. Use third-party clients. |
No |
Note: You can establish remote access IPsec VPN connections using the configuration file on earlier versions of the Sophos Connect client.
However, if you want to use the provisioning file, you must use a later version of the client.
SSL VPN
Sophos Connect client version |
Configuration file
(1.0 and later) |
Provisioning file
(2.1 and later) |
Windows (x86) |
Yes (Windows 10, 11, including LTSB, LTSC) |
Yes (Windows 10, 11, including LTSB, LTSC) |
Windows (ARM) |
No |
No |
macOS (x86) |
No. Recommended: OpenVPN Connect client. |
No |
macOS (ARM) |
No. Recommended: OpenVPN Connect client. |
No |
Android |
No. Recommended: OpenVPN Connect client. |
No |
iOS |
No. Recommended: OpenVPN Connect client. |
No |
Support
You can find technical support for Sophos products in any of these ways:
Legal notices
Copyright © 2023 Sophos Limited. All rights reserved. No part of this publication
may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means,
electronic, mechanical, photocopying, recording or otherwise unless you are either a valid
licensee where the documentation can be reproduced in accordance with the license terms or you
otherwise have the prior permission in writing of the copyright owner.
Sophos and Sophos Anti-Virus are registered trademarks of Sophos Limited and Sophos
Group. All other product and company names mentioned are trademarks or registered trademarks of
their respective owners.