This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN keep up and down after migration from UTM110 to SG115

Current situation is randomly receiving notification email from sg115, it's over twenty mail per day, telling the VPN is going down, and the VPN is up again after 1 minute. like this:

VPN connection 'from openvpn-xxxxx.xxxxx.xx' [SSL] using Site-to-Site is down.

 

--

System Uptime      : 5 days 6 hours 51 minutes

System Load        : 0.14

System Version     : Sophos UTM 9.509-3

 

Please refer to the manual for detailed instructions.

 

VPN connection 'from openvpn-xxxxx.xxxxx.xx' [SSL] using Site-to-Site is up again.

 

--

System Uptime      : 5 days 6 hours 52 minutes

System Load        : 0.13

System Version     : Sophos UTM 9.509-3

 

Please refer to the manual for detailed instructions.

 

for the OLD UTM 110, the Site-to-Site VPN is working normally without any notification email, once the VPN is up, and will not keep go down and up. 

I just backup the configuration from OLD UTM 110, and then import the configuration to NEW SG115, do i did something wrong?

 

thanks for you help.



This thread was automatically locked due to age.
  • Hi,

    PM me the sslvpn.log and fallback.log.  Refer to, FAQ: Sophos UTM Logfile information

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Billy, Sachin meant the SSL VPN log instead of the IPsec log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I found something in log,

    "[xxxxxx.xxxxxxx.xxx] Inactivity timeout (--ping-restart), restarting",

    "DEPRECATED OPTION: --tls-remote, please update your configuration"

    why inactivity timeout, restarting?

    and what is the meaning of DEPRECATED OPTION: --tls-remote?

    thanks.

  • I have replied to your PM, in addition to that.

    Please refer to, community.openvpn.net/.../Openvpn23ManPage

    "DEPRECATED OPTION: --tls-remote, please update your configuration"


    Until OpenVPN v2.3 the format of the X.509 Subject fields was formatted like this: /C=US/L=Somewhere/CN=John Doe/emailAddress=john@example.com
    The old behaviour was to remap any character other than alphanumeric, underscore ('_'), dash ('-'), dot ('.'), and slash ('/') to underscore ('_').
    The X.509 Subject string as returned by the tls_id environmental variable, could additionally contain colon (':') or equal ('='). When using the --compat-names option, this old formatting and remapping will be re-enabled again.
    This is purely implemented for compatibility reasons when using older plug-ins or scripts which does not handle the new formatting or UTF-8 characters.

    In OpenVPN v2.3 the formatting of these fields changed into a more standardised format. It now looks like: C=US, L=Somewhere, CN=John Doe, emailAddress=john@example.com

    This behavior is changed in v9.5, you might need to download a OPENVPN config file and import it in the VPN client from the Userportal, in this case if you are on the client site, then you need to download the config file from the remote site, located in site to site VPN > SSL VPN > Connections > server config. Refer to the following KB article for more related information.

    https://community.sophos.com/kb/en-us/128089

    https://community.sophos.com/kb/en-us/115835

    Thanks,

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.