Configuring a site-to-site VPN tunnel with Coro Network and Sophos

As part of a virtual office, Coro enables customers to configure virtual private networks (VPNs) together with site-to-site tunnels.

The VPN tunnels provide a secure, encrypted secure connection for transmitting data privately over the internet. VPN uses internet protocol security (IPsec), which authenticates and encrypts packets of data to provide secure encrypted communication between two devices.

This guide describes how to configure Coro to integrate with Sophos's firewall, and how to configure Sophos to allow traffic for your VPN from both inside and outside the network.

Prerequisites

Before you start, make sure you have the following:

  • Access as an admin user to the Coro console for your workspace.
  • An active subscription (or trial) for the Coro Network module.
  • Access to the Sophos admin portal.

Coro Network configuration

Configure Coro with details of your site-to-site tunnel and firewall:

  1. Sign in to the Coro console .
  2. From the sidebar, select Control Panel to access the Control Panel .
  3. Select Network :

    Control Panel Network icon

  4. Select Site-to-site tunnels :

    Network Site-to-site tunnels tab

  5. Select + ADD to add a site-to-site tunnel configuration:

    Add tunnel dialog

  6. Configure your site details :
    note

    Avoid using special characters in your site details.

    • Site name : Enter a suitable name for your site-to-site tunnel.
    • Site description : Enter a suitable short description for the tunnel.
    • Remote gateway IP : Enter the firewall/router WAN IP address for the remote site.
    • Remote network IP : Enter the private IP address range used at the remote site.
    • Preshared key : Enter a shared password (secret) that both sites use to authenticate and secure the tunnel. Use a minimum of 20 characters, and keep a note of the key for configuration on the Sophos device.
    • Lifetime key : Enter 86400 .
  7. In the same dialog, configure the firewall settings :
    • Remote network mask : Select your local network subnet mask. For example, 16 or 24.
    • IKE version : Select IKEv2 .
    • Phase 1 encryption : Select AES256-SHA1-D14 .
    • Phase 2 encryption : Select AES256-SHA1-D14 .
    • Aggressive mode : Select No .
  8. To save your configuration, select SAVE .
  9. Make a note of your virtual office IP address for configuring your Sophos firewall. Locate the IP address displayed at the top of the Virtual Office tab:

    Virtual Office IP address

Sophos configuration

Configure your Sophos firewall to allow traffic from inside and outside the network:

  1. Sign in to your Sophos admin portal.
  2. Create an IPsec VPN connection:
    • Go to Site-to-site VPN > IPsec and select Wizard :

    Sophos console - site-to-site VPN IPsec wizard button

    Sophos opens the VPN connection wizard.

  3. In Overview , enter the following:
    • Name : a name for the connection.
    • Description : a description for the connection.
  4. Select Start to start the wizard:

    VPN connection wizard start

  5. In Select a connection type , select Site To Site , then specify the following:
    • Select a base location : Select Head Office .
    • Action : Select Initiate :

      VPN connection wizard - connection type

    Select Wizard next step button .

  6. In Authentication details , specify the following:
    • Authentication type : Select Preshared key .
    • Preshared key : Enter the preshared key you set in the Coro site-to site configuration , and then confirm the preshared key:

      VPN connection wizard - authentication details

    Select Wizard next step button .

  7. In Local network details , specify the following:
    • Local WAN port : From the dropdown, select the local network port that you want to use for the VPN tunnel.
    • Local subnet : Select or add your local subnet for the VPN tunnel:

      VPN connection wizard - local network details

      Then select Apply selected items.

    Select Wizard next step button .

  8. In Remote network details , specify the following:
    • Remote VPN server : Enter your Coro virtual office IP address .
    • IP version : Select IPv4 .
    • Remote subnet : Add the Coro virtual office remote subnet 10.8.0.0/16 .

      VPN connection wizard - remote network details

    Select Wizard next step button .

  9. In User authentication , specify the following:
    • User authentication mode , select Disabled .

    Select Wizard next step button :

    VPN connection wizard - user authentication

  10. In IPsec connection summary , review the configuration and then select Finish :

    VPN connection wizard - configuration summary

  11. Go to Site-to-Site VPN > IPsec , and locate the IPsec connection:

    IPsec connection

  12. To activate the IPsec connection, select the relevant Status indicator:

    IPsec connection status

    In the confirmation dialog, select OK:

    Confirm

    Sophos displays confirmation that the IPsec connection is activated.

    IPsec connection

Important

You must configure a static route and firewall policy in your Sophos configuration to allow Coro access to the subnet. Since each customer's LAN configuration may be unique, Coro cannot provide instructions. This guide describes establishing the site-to-site tunnel only.

Test the configuration

After you have completed configuration of Coro Network and your Sophos firewall, test the connection from the Coro console:

  1. Sign in to the Coro console .
  2. Go to Control Panel > Network > Site-to-site tunnels .
  3. Select the three-dot menu adjacent to your tunnel configuration, then select Test tunnel to trigger a synchronization test.
  4. On completion of a successful test, Coro updates the Test status field to show Success .