Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 3961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't connect with SSL VPN UTM 9

Matthew Stevens

My configuration is this:

Remote Access > SSL > Profiles:

Users and groups: test.user
Local networks: Internal (Network)
Automatic Firewall Rule: Enabled

VPN Settings:

Interface Adress: Any
Protocol: TCP
Port: 4442 (we use 4443 for a different NAT translation)
Override hostname: -----
Pool Network: VPN Pool (SSL)
Allow multiple concurrent connections per user: Enabled

Advanced:
Encryption algorithm: AES 256 CBC
Authentication algorithm: sha 256
Key size: 1024 bit
Server certificate: imported go-daddy cert
Key lifetime: 28800 seconds
Compress SSL VPN Traffic: Enabled


UserPortal: Enabled
Allowed networks: Any
Allowed users: Allow all users

My version of sophos is UTM  9.506-2

My user account is able to login to the User Portal and download the Windows exe for Windows 10 and install. However, once trying to connect with account information I get these results..

Where 1.1.1.1 is my External IP

Wed Dec 27 11:10:59 2017 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jun 23 2017
Wed Dec 27 11:10:59 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Wed Dec 27 11:10:59 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Dec 27 11:10:59 2017 Need hold release from management interface, waiting...
Wed Dec 27 11:10:59 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Dec 27 11:11:00 2017 MANAGEMENT: CMD 'state on'
Wed Dec 27 11:11:00 2017 MANAGEMENT: CMD 'log all on'
Wed Dec 27 11:11:00 2017 MANAGEMENT: CMD 'hold off'
Wed Dec 27 11:11:00 2017 MANAGEMENT: CMD 'hold release'
Wed Dec 27 11:11:07 2017 MANAGEMENT: CMD 'username "Auth" "test.user"'
Wed Dec 27 11:11:07 2017 MANAGEMENT: CMD 'password [...]'
Wed Dec 27 11:11:07 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Dec 27 11:11:07 2017 MANAGEMENT: >STATE:1514391067,RESOLVE,,,,,,
Wed Dec 27 11:11:07 2017 Attempting to establish TCP connection with [AF_INET]1.1.1.1:4442 [nonblock]
Wed Dec 27 11:11:07 2017 MANAGEMENT: >STATE:1514391067,TCP_CONNECT,,,,,,
Wed Dec 27 11:11:17 2017 TCP: connect to [AF_INET]1.1.1.1:4442 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Wed Dec 27 11:11:22 2017 MANAGEMENT: >STATE:1514391082,RESOLVE,,,,,,
Wed Dec 27 11:11:22 2017 MANAGEMENT: >STATE:1514391082,TCP_CONNECT,,,,,,
Wed Dec 27 11:11:32 2017 TCP: connect to [AF_INET]1.1.1.1:4442 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Wed Dec 27 11:12:14 2017 SIGTERM[hard,init_instance] received, process exiting
Wed Dec 27 11:12:14 2017 MANAGEMENT: >STATE:1514391134,EXITING,init_instance,,,,,



This thread was automatically locked due to age.
  • 0

    Hi Matthew and welcome to the UTM Community!

    Although it's unrelated to this issue, you should know that 4443 is reserved in UTM for Central Management by the Sophos UTM Manager software.  I don't believe that can be changed, so, to avoid future issues, I would use a different port for your NAT.

    Please show the lines from the UTM's SSL VPN log related to this connection attempt.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML