RED15 does not connect anymore to UTM after update to 9.701-6 - Cannot do SSL handshake

Hello,

i am frustrated. Since 4. Februar, after i updated the SG115 UTM to 9.701-6 the connection to a remote RED15 is not working.

Error from the RED Live Log in the UTM:
...
2020:03:17-09:22:35 fw red_server[32740]: SELF: Cannot do SSL handshake on socket accept from '185.153.199.118': SSL accept attempt failed with unknown error error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
2020:03:17-10:12:28 fw red_server[31463]: SELF: (Re-)loading device configurations
...
 
Sophos send me 2 times a replacement RED15, but this did not help.
The method to deleted the RED15 connection and reconfigure it from gound does not help.
 
Update UTM to 9.702-1 did not help.
 
I have the indiction that Sophos has a lot of customers with this SSL Problem, but can not find the reason for the bug.
For me the conclusion is that UTM-RED15 is not a professional VPN solution anymore.
If it works its so easy and simple to setp and use.
But what is the alternative?
 
But with this problem, not the second time after a UTM Firmware update it makes me headache and it costs us money now.
The Homeoffice worker needs to becasue she has 2 kids and they can not go to scjhool anymore.
 
 
Anyone here with the same SSL Problem and an idea for a solution or alternative solution which is easy to use?
 
Regards, Reinhold
 
  • Full Error Message from the RED Live Log is

    SELF: Cannot do SSL handshake on socket accept from 'x.x.x.x': SSL accept attempt failed with unknown error error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown rotoco

    The IP X.x.x.x belongs to a company in Ukraine, this should be the Sophos Provisioning Server, but at such a place?

    IP Location        Ukraine Ukraine Kiev Rm Engineering Llc
    ASN      Ukraine AS49877 RMINJINERING, RU (registered Aug 02, 2016)

  • The Problem with the Firmware 9.701-6 was that the RED Part of this firmware has an DNS Problem.

    In the RED Configuration, which is uploaded to the provissioning Server, i used in the past the UTM Hostname

    Acording to the statement from the online help: „UTM hostname: You need to enter a public IP address or hostname where Sophos UTM is accessible.”

    I now changed this to the public IP adress of the UTM. The UTM uploaded the new config to the provissioning server and the RED15 tunnel started working after a short time.

    I am very disapointed that i found this problem and not the Premium-Support by Shophos, it needed 6 Weeks to get this fixed.

    And i am lucky that this is fixed now.

    Hoefully Sophos fixes this bug and other users can use this workaround.

     

  • Hallo Reinhold,

    This is not a common problem today.  You really should insist that Sophos Support escalate this immediately.  It's probably too late now for you to get a German engineer today, but you should be able to get the case escalated now in preparation for tomorrow.

    Cheers - Bob

  • Hi

    I have the same error in my RED log. (UTM release 9.703-3).

    2020:06:09-04:34:00 utm red_server[12574]: SELF: Cannot do SSL handshake on socket accept from '92.63.194.240': 
    SSL accept attempt failed with unknown error error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

    At the time of this log entry there wasn't any RED devices connected.

    Is it an attempt to connect by an unauthorized party?

    Thanks