Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 11523 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'PUSH_REQUEST' (status=1) :: Continual LOOP for SSL-VPN users

zzzp8

Hi there

 

We are having intermittent issues on our SophosUTM which is using RADIUS . It's been in production for about 2.5 years and hasnt been big enough of an issue to spend much time of, as if the user persists they will eventually get in -  though as our staff base has grown we have multiple complaints.

 

SSL-VPN users complain of struggling to authenticate sometimes, and I can see in thelogs the below:

 

2019-11-14 18:54:08.569398 MANAGEMENT: >STATE:1573757648,GET_CONFIG,,,,,,

  1. 2019-11-14 18:54:08.569576 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  2. 2019-11-14 18:54:13.888576 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  3. 2019-11-14 18:54:19.207091 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  4. 2019-11-14 18:54:24.374064 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  5. 2019-11-14 18:54:29.476723 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  6. 2019-11-14 18:54:34.602803 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  7. 2019-11-14 18:54:39.726780 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  8. 2019-11-14 18:54:44.848667 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  9. 2019-11-14 18:54:49.962876 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  10. 2019-11-14 18:54:55.080464 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  11. 2019-11-14 18:55:00.203806 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  12. 2019-11-14 18:55:05.531944 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
  13. 2019-11-14 18:55:11.189347 No reply from server after sending 12 push requests

 

Is there a known issue for this to happen? What exactly is the PUSH_REQUEST, is that a RADIUS thing? The same RADIUS server it being used for other things inside of our network without issue e.g. we use it for WiFi authentication and Single Sign on into other things, however only the Sophos seems to have this exact issue.

 

 

Any ideas?



This thread was automatically locked due to age.
  • 0

    The PUSH_REQUEST is sent as part of authentication with Sophos UTM for SSL VPN. Usually, Sophos UTM follows this with an Authentication control message. Would you please provide SSL VPN logs from UTM9 as well?

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    Hi there

     

    Here is the full set of logs from the SSLVPN user who is using Tunnelblick  (i have editted some of the text which could identify us) . This was logs from multiple attempts.

    Below these logs are the logs from the firewall side.

     

    Thanks for your help on this one :)

     

     

    2. 2019-11-14 18:51:48.125595 *Tunnelblick: macOS 10.15.1 (19B88); Tunnelblick 3.8.0 (build 5370)
    3. 2019-11-14 18:51:48.736060 *Tunnelblick: Attempting connection with jjmarc@remote.XX.co.uk using shadow copy; Set nameserver = 769; monitoring connection
    4. 2019-11-14 18:51:48.736334 *Tunnelblick: openvpnstart start jjmarc@remote.XX.co.uk.tblk 49290 769 0 1 0 1098032 -ptADGNWradsgnw 2.4.7-openssl-1.0.2r
    5. 2019-11-14 18:51:48.757510 *Tunnelblick: openvpnstart starting OpenVPN
    6. 2019-11-14 18:51:48.960185 OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jul 19 2019
    7. 2019-11-14 18:51:48.960325 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.10
    8. 2019-11-14 18:51:48.962315 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:49290
    9. 2019-11-14 18:51:48.962393 Need hold release from management interface, waiting...
    10. 2019-11-14 18:51:49.360363 *Tunnelblick: openvpnstart log:
    11.    OpenVPN started successfully.
    12.    Command used to start OpenVPN (one argument per displayed line):
    13.         /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2r/openvpn
    14.         --daemon
    15.         --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sjjmarc-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sjjmarc@remote.XX.co.uk.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098032.49290.openvpn.log
    16.         --cd /Library/Application Support/Tunnelblick/Users/jjmarc/jjmarc@remote.XX.co.uk.tblk/Contents/Resources
    17.         --machine-readable-output
    18.         --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5370 3.8.0 (build 5370)"
    19.         --verb 3
    20.         --config /Library/Application Support/Tunnelblick/Users/jjmarc/jjmarc@remote.XX.co.uk.tblk/Contents/Resources/config.ovpn
    21.         --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/jjmarc/jjmarc@remote.XX.co.uk.tblk/Contents/Resources
    22.         --verb 3
    23.         --cd /Library/Application Support/Tunnelblick/Users/jjmarc/jjmarc@remote.XX.co.uk.tblk/Contents/Resources
    24.         --management 127.0.0.1 49290 /Library/Application Support/Tunnelblick/mncmffiekobclcnmpdffgcjpcnhgiihlgglafmjc.mip
    25.         --management-query-passwords
    26.         --management-hold
    27.         --script-security 2
    28.         --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
    29.         --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
    30. 2019-11-14 18:51:57.310227 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:49290
    31. 2019-11-14 18:51:57.310601 MANAGEMENT: CMD 'pid'
    32. 2019-11-14 18:51:57.310867 *Tunnelblick: Established communication with OpenVPN
    33. 2019-11-14 18:51:57.311943 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
    34. 2019-11-14 18:51:57.313277 MANAGEMENT: CMD 'auth-retry interact'
    35. 2019-11-14 18:51:57.313346 MANAGEMENT: CMD 'state on'
    36. 2019-11-14 18:51:57.313899 MANAGEMENT: CMD 'state'
    37. 2019-11-14 18:51:57.314033 MANAGEMENT: CMD 'bytecount 1'
    38. 2019-11-14 18:51:57.317873 MANAGEMENT: CMD 'hold release'
    39. 2019-11-14 18:51:57.327699 *Tunnelblick: Obtained VPN username and password from the Keychain
    40. 2019-11-14 18:51:57.329150 MANAGEMENT: CMD 'username "Auth" "jjmarc"'
    41. 2019-11-14 18:51:57.329295 MANAGEMENT: CMD 'password [...]'
    42. 2019-11-14 18:51:57.329902 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    43. 2019-11-14 18:51:57.336718 MANAGEMENT: >STATE:1573757517,RESOLVE,,,,,,
    44. 2019-11-14 18:51:57.468768 TCP/UDP: Preserving recently used remote address: [AF_INET]34.248.X.6:443
    45. 2019-11-14 18:51:57.472247 Socket Buffers: R=[131072->131072] S=[131072->131072]
    46. 2019-11-14 18:51:57.472390 Attempting to establish TCP connection with [AF_INET]34.248.X.6:443 [nonblock]
    47. 2019-11-14 18:51:57.472414 MANAGEMENT: >STATE:1573757517,TCP_CONNECT,,,,,,
    48. 2019-11-14 18:51:58.538804 TCP connection established with [AF_INET]34.248.X.6:443
    49. 2019-11-14 18:51:58.538845 TCP_CLIENT link local: (not bound)
    50. 2019-11-14 18:51:58.538863 TCP_CLIENT link remote: [AF_INET]34.248.X.6:443
    51. 2019-11-14 18:51:58.538979 MANAGEMENT: >STATE:1573757518,WAIT,,,,,,
    52. 2019-11-14 18:51:58.553428 MANAGEMENT: >STATE:1573757518,AUTH,,,,,,
    53. 2019-11-14 18:51:58.553529 TLS: Initial packet from [AF_INET]34.248.X.6:443, sid=73638e3d ff5408e0
    54. 2019-11-14 18:51:58.553678 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    55. 2019-11-14 18:51:58.628872 VERIFY OK: depth=1, C=uk, L=London, O=X, CN=X VPN CA, emailAddress=zz@X.com
    56. 2019-11-14 18:51:58.630262 VERIFY X509NAME OK: C=uk, L=London, O=X, CN=sophos_a, emailAddress=zz@X.com
    57. 2019-11-14 18:51:58.630309 VERIFY OK: depth=0, C=uk, L=London, O=X, CN=sophos_a, emailAddress=zz@X.com
    58. 2019-11-14 18:51:58.719265 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    59. 2019-11-14 18:51:58.719341 [sophos_a] Peer Connection Initiated with [AF_INET]34.X.X.X:443
    60. 2019-11-14 18:51:59.975610 MANAGEMENT: >STATE:1573757519,GET_CONFIG,,,,,,
    61. 2019-11-14 18:51:59.975850 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    62. 2019-11-14 18:52:04.277414 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    63. 2019-11-14 18:52:09.548308 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    64. 2019-11-14 18:52:14.752582 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    65. 2019-11-14 18:52:19.937671 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    66. 2019-11-14 18:52:25.262270 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    67. 2019-11-14 18:52:30.678524 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    68. 2019-11-14 18:52:35.849180 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    69. 2019-11-14 18:52:41.079475 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    70. 2019-11-14 18:52:46.402008 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    71. 2019-11-14 18:52:51.723789 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    72. 2019-11-14 18:52:56.871592 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    73. 2019-11-14 18:53:01.151937 No reply from server after sending 12 push requests
    74. 2019-11-14 18:53:01.154662 SIGUSR1[soft,no-push-reply] received, process restarting
    75. 2019-11-14 18:53:01.154740 MANAGEMENT: >STATE:1573757581,RECONNECTING,no-push-reply,,,,,
    76. 2019-11-14 18:53:01.160294 MANAGEMENT: CMD 'hold release'
    77. 2019-11-14 18:53:01.160384 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    78. 2019-11-14 18:53:01.160594 MANAGEMENT: >STATE:1573757581,RESOLVE,,,,,,
    79. 2019-11-14 18:53:01.162412 TCP/UDP: Preserving recently used remote address: [AF_INET]34.248.XX.6:443
    80. 2019-11-14 18:53:01.162477 Socket Buffers: R=[131072->131072] S=[131072->131072]
    81. 2019-11-14 18:53:01.162496 Attempting to establish TCP connection with [AF_INET]34.248.XX.6:443 [nonblock]
    82. 2019-11-14 18:53:01.162515 MANAGEMENT: >STATE:1573757581,TCP_CONNECT,,,,,,
    83. 2019-11-14 18:53:01.162711 MANAGEMENT: CMD 'hold release'
    84. 2019-11-14 18:53:02.236805 TCP connection established with [AF_INET]34.248.XX.6:443
    85. 2019-11-14 18:53:02.236880 TCP_CLIENT link local: (not bound)
    86. 2019-11-14 18:53:02.236915 TCP_CLIENT link remote: [AF_INET]34.248.XX.6:443
    87. 2019-11-14 18:53:02.236948 MANAGEMENT: >STATE:1573757582,WAIT,,,,,,
    88. 2019-11-14 18:53:02.251959 MANAGEMENT: >STATE:1573757582,AUTH,,,,,,
    89. 2019-11-14 18:53:02.252019 TLS: Initial packet from [AF_INET]34.248.XX.6:443, sid=91430812 0b9b1f0c
    90. 2019-11-14 18:53:02.328529 VERIFY OK: depth=1, C=uk, L=London, O=X, CN=X VPN CA, emailAddress=zz@XX.com
    91. 2019-11-14 18:53:02.328706 VERIFY X509NAME OK: C=uk, L=London, O=X, CN=sophos_a, emailAddress=zz@XX.com
    92. 2019-11-14 18:53:02.328714 VERIFY OK: depth=0, C=uk, L=London, O=X, CN=sophos_a, emailAddress=zz@XX.com
    93. 2019-11-14 18:53:02.410932 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    94. 2019-11-14 18:53:02.411046 [sophos_a] Peer Connection Initiated with [AF_INET]34.248.X.6:443
    95. 2019-11-14 18:53:03.494833 MANAGEMENT: >STATE:1573757583,GET_CONFIG,,,,,,
    96. 2019-11-14 18:53:03.494927 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    97. 2019-11-14 18:53:08.619830 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    98. 2019-11-14 18:53:13.743681 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    99. 2019-11-14 18:53:18.945667 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    100. 2019-11-14 18:53:24.166674 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    101. 2019-11-14 18:53:29.259926 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    102. 2019-11-14 18:53:34.357898 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    103. 2019-11-14 18:53:39.712090 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    104. 2019-11-14 18:53:45.028692 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    105. 2019-11-14 18:53:50.137933 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    106. 2019-11-14 18:53:55.278663 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    107. 2019-11-14 18:54:00.529114 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    108. 2019-11-14 18:54:06.004620 No reply from server after sending 12 push requests
    109. 2019-11-14 18:54:06.005014 SIGUSR1[soft,no-push-reply] received, process restarting
    110. 2019-11-14 18:54:06.005057 MANAGEMENT: >STATE:1573757646,RECONNECTING,no-push-reply,,,,,
    111. 2019-11-14 18:54:06.008422 MANAGEMENT: CMD 'hold release'
    112. 2019-11-14 18:54:06.008489 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    113. 2019-11-14 18:54:06.008586 MANAGEMENT: >STATE:1573757646,RESOLVE,,,,,,
    114. 2019-11-14 18:54:06.010327 TCP/UDP: Preserving recently used remote address: [AF_INET]34.248.XX.6:443
    115. 2019-11-14 18:54:06.010396 Socket Buffers: R=[131072->131072] S=[131072->131072]
    116. 2019-11-14 18:54:06.010415 Attempting to establish TCP connection with [AF_INET]34.248.XX.6:443 [nonblock]
    117. 2019-11-14 18:54:06.010429 MANAGEMENT: >STATE:1573757646,TCP_CONNECT,,,,,,
    118. 2019-11-14 18:54:06.010562 MANAGEMENT: CMD 'hold release'
    119. 2019-11-14 18:54:07.081398 TCP connection established with [AF_INET]34.248.XX.6:443
    120. 2019-11-14 18:54:07.081480 TCP_CLIENT link local: (not bound)
    121. 2019-11-14 18:54:07.081518 TCP_CLIENT link remote: [AF_INET]34.248.XX.6:443
    122. 2019-11-14 18:54:07.081569 MANAGEMENT: >STATE:1573757647,WAIT,,,,,,
    123. 2019-11-14 18:54:07.102034 MANAGEMENT: >STATE:1573757647,AUTH,,,,,,
    124. 2019-11-14 18:54:07.102110 TLS: Initial packet from [AF_INET]34.248.XX.6:443, sid=1750b804 7c6b58a1
    125. 2019-11-14 18:54:07.179804 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zz@hometrack.com
    126. 2019-11-14 18:54:07.180423 VERIFY X509NAME OK: C=uk, L=London, O=XX, CN=sophos_a, emailAddress=zz@hometrack.com
    127. 2019-11-14 18:54:07.180481 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=sophos_a, emailAddress=zz@hometrack.com
    128. 2019-11-14 18:54:07.273323 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    129. 2019-11-14 18:54:07.273415 [sophos_a] Peer Connection Initiated with [AF_INET]34.248.XX.6:443
    130. 2019-11-14 18:54:08.569398 MANAGEMENT: >STATE:1573757648,GET_CONFIG,,,,,,
    131. 2019-11-14 18:54:08.569576 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    132. 2019-11-14 18:54:13.888576 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    133. 2019-11-14 18:54:19.207091 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    134. 2019-11-14 18:54:24.374064 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    135. 2019-11-14 18:54:29.476723 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    136. 2019-11-14 18:54:34.602803 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    137. 2019-11-14 18:54:39.726780 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    138. 2019-11-14 18:54:44.848667 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    139. 2019-11-14 18:54:49.962876 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    140. 2019-11-14 18:54:55.080464 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    141. 2019-11-14 18:55:00.203806 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    142. 2019-11-14 18:55:05.531944 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    143. 2019-11-14 18:55:11.189347 No reply from server after sending 12 push requests
    144. 2019-11-14 18:55:11.189825 SIGUSR1[soft,no-push-reply] received, process restarting
    145. 2019-11-14 18:55:11.190140 MANAGEMENT: >STATE:1573757711,RECONNECTING,no-push-reply,,,,,
    146. 2019-11-14 18:55:11.193586 MANAGEMENT: CMD 'hold release'
    147. 2019-11-14 18:55:11.193658 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    148. 2019-11-14 18:55:11.193746 MANAGEMENT: >STATE:1573757711,RESOLVE,,,,,,
    149. 2019-11-14 18:55:11.195717 TCP/UDP: Preserving recently used remote address: [AF_INET]34.248.XX.6:443
    150. 2019-11-14 18:55:11.195783 Socket Buffers: R=[131072->131072] S=[131072->131072]
    151. 2019-11-14 18:55:11.195804 Attempting to establish TCP connection with [AF_INET]34.248.XX.6:443 [nonblock]
    152. 2019-11-14 18:55:11.195817 MANAGEMENT: >STATE:1573757711,TCP_CONNECT,,,,,,
    153. 2019-11-14 18:55:11.195948 MANAGEMENT: CMD 'hold release'
    154. 2019-11-14 18:55:12.269195 TCP connection established with [AF_INET]34.248.XX.6:443
    155. 2019-11-14 18:55:12.269347 TCP_CLIENT link local: (not bound)
    156. 2019-11-14 18:55:12.269424 TCP_CLIENT link remote: [AF_INET]34.248.XX.6:443
    157. 2019-11-14 18:55:12.269498 MANAGEMENT: >STATE:1573757712,WAIT,,,,,,
    158. 2019-11-14 18:55:12.288674 MANAGEMENT: >STATE:1573757712,AUTH,,,,,,
    159. 2019-11-14 18:55:12.288757 TLS: Initial packet from [AF_INET]34.248.XX.6:443, sid=aadb4641 164758f3
    160. 2019-11-14 18:55:12.363759 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zz@X.com
    161. 2019-11-14 18:55:12.364298 VERIFY X509NAME OK: C=uk, L=London, O=XX, CN=sophos_a, emailAddress=zz@X.com
    162. 2019-11-14 18:55:12.364334 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=sophos_a, emailAddress=zz@X.com
    163. 2019-11-14 18:55:12.449763 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    164. 2019-11-14 18:55:12.449869 [sophos_a] Peer Connection Initiated with [AF_INET]34.248.XX.6:443
    165. 2019-11-14 18:55:13.582821 MANAGEMENT: >STATE:1573757713,GET_CONFIG,,,,,,
    166. 2019-11-14 18:55:13.583107 SENT CONTROL [sophos_a]: 'PUSH_REQUEST' (status=1)
    167. 2019-11-14 18:55:13.615195 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 172.20.0.0 255.255.0.0,route 172.18.0.0 255.255.0.0,route 172.28.0.0 255.255.0.0,route 192.168.0.0 255.255.0.0,dhcp-option DNS 172.18.110.115,dhcp-option DNS 172.18.210.214,dhcp-option DOMAIN int.XX.co.uk,ifconfig 10.242.2.3 255.255.255.0'
    168. 2019-11-14 18:55:13.615468 OPTIONS IMPORT: timers and/or timeouts modified
    169. 2019-11-14 18:55:13.615504 OPTIONS IMPORT: --ifconfig/up options modified
    170. 2019-11-14 18:55:13.615525 OPTIONS IMPORT: route options modified
    171. 2019-11-14 18:55:13.615544 OPTIONS IMPORT: route-related options modified
    172. 2019-11-14 18:55:13.615562 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    173. 2019-11-14 18:55:13.617717 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
    174. 2019-11-14 18:55:13.617779 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
    175. 2019-11-14 18:55:13.618332 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
    176. 2019-11-14 18:55:13.618379 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
    177. 2019-11-14 18:55:13.620009 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
    178. 2019-11-14 18:55:13.620076 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
    179. 2019-11-14 18:55:13.620349 Opened utun device utun2
    180. 2019-11-14 18:55:13.620427 MANAGEMENT: >STATE:1573757713,ASSIGN_IP,,10.242.2.3,,,,
    181. 2019-11-14 18:55:13.620530 /sbin/ifconfig utun2 delete
    182.                          ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
    183. 2019-11-14 18:55:13.631061 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
    184. 2019-11-14 18:55:13.631172 /sbin/ifconfig utun2 10.242.2.3 10.242.2.3 netmask 255.255.255.0 mtu 1500 up
    185. 2019-11-14 18:55:13.634729 /sbin/route add -net 10.242.2.0 10.242.2.3 255.255.255.0
    186.                          add net 10.242.2.0: gateway 10.242.2.3
    187. 2019-11-14 18:55:17.781845 MANAGEMENT: >STATE:1573757717,ADD_ROUTES,,,,,,
    188. 2019-11-14 18:55:17.782094 /sbin/route add -net 34.248.XX.6 192.168.0.1 255.255.255.255
    189.                          add net 34.248.XX.6: gateway 192.168.0.1
    190. 2019-11-14 18:55:17.786805 /sbin/route add -net 172.20.0.0 10.242.2.1 255.255.0.0
    191.                          add net 172.20.0.0: gateway 10.242.2.1
    192. 2019-11-14 18:55:17.789497 /sbin/route add -net 172.18.0.0 10.242.2.1 255.255.0.0
    193.                          add net 172.18.0.0: gateway 10.242.2.1
    194. 2019-11-14 18:55:17.792216 /sbin/route add -net 172.28.0.0 10.242.2.1 255.255.0.0
    195.                          add net 172.28.0.0: gateway 10.242.2.1
    196. 2019-11-14 18:55:17.794241 /sbin/route add -net 192.168.0.0 10.242.2.1 255.255.0.0
    197.                          add net 192.168.0.0: gateway 10.242.2.1
    198.                          18:55:17 *Tunnelblick:  **********************************************
    199.                          18:55:17 *Tunnelblick:  Start of output from client.up.tunnelblick.sh
    200.                          18:55:20 *Tunnelblick:  Disabled IPv6 for 'USB 10/100/1000 LAN'
    201.                          18:55:20 *Tunnelblick:  Disabled IPv6 for 'Wi-Fi'
    202.                          18:55:20 *Tunnelblick:  Disabled IPv6 for 'Bluetooth PAN'
    203.                          18:55:20 *Tunnelblick:  Disabled IPv6 for 'Thunderbolt Bridge'
    204.                          18:55:20 *Tunnelblick:  Disabled IPv6 for 'Thunderbolt Ethernet Slot  1'
    205.                          18:55:20 *Tunnelblick:  Retrieved from OpenVPN: name server(s) [ 172.18.110.115 172.18.210.214 ], domain name [ int.XX.co.uk ], search domain(s) [ ], and SMB server(s) [ ]
    206.                          18:55:20 *Tunnelblick:  Not aggregating ServerAddresses because running on macOS 10.6 or higher
    207.                          18:55:20 *Tunnelblick:  Setting search domains to 'int.XX.co.uk' because the search domains were not set manually (or are allowed to be changed) and 'Prepend domain name to search domains' was not selected
    208.                          18:55:21 *Tunnelblick:  Saved the DNS and SMB configurations so they can be restored
    209.                          18:55:21 *Tunnelblick:  Changed DNS ServerAddresses setting from '192.168.0.1' to '172.18.110.115 172.18.210.214'
    210.                          18:55:21 *Tunnelblick:  Changed DNS SearchDomains setting from '' to 'int.XX.co.uk'
    211.                          18:55:21 *Tunnelblick:  Changed DNS DomainName setting from '' to 'int.XX.co.uk'
    212.                          18:55:21 *Tunnelblick:  Did not change SMB NetBIOSName setting of ''
    213.                          18:55:21 *Tunnelblick:  Did not change SMB Workgroup setting of ''
    214.                          18:55:21 *Tunnelblick:  Did not change SMB WINSAddresses setting of ''
    215.                          18:55:21 *Tunnelblick:  DNS servers '172.18.110.115 172.18.210.214' will be used for DNS queries when the VPN is active
    216.                          18:55:21 *Tunnelblick:  NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
    217.                          18:55:21 *Tunnelblick:  Flushed the DNS cache via dscacheutil
    218.                          18:55:21 *Tunnelblick:  /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
    219.                          18:55:22 *Tunnelblick:  Notified mDNSResponder that the DNS cache was flushed
    220.                          18:55:22 *Tunnelblick:  Notified mDNSResponderHelper that the DNS cache was flushed
    221.                          18:55:22 *Tunnelblick:  Setting up to monitor system configuration with process-network-changes
    222.                          18:55:22 *Tunnelblick:  End of output from client.up.tunnelblick.sh
    223.                          18:55:22 *Tunnelblick:  **********************************************
    224. 2019-11-14 18:55:22.040845 Initialization Sequence Completed
    225. 2019-11-14 18:55:22.040919 MANAGEMENT: >STATE:1573757722,CONNECTED,SUCCESS,10.242.2.3,34.248.XX.6,443,192.168.0.3,54151
    226. 2019-11-14 18:55:22.351833 *Tunnelblick: DNS address 172.18.110.115 is being routed through the VPN
    227. 2019-11-14 18:55:22.359414 *Tunnelblick: DNS address 172.18.210.214 is being routed through the VPN
    228. 2019-11-14 18:55:26.363433 *Tunnelblick: process-network-changes: A system configuration change was ignored
    229. 2019-11-14 18:55:28.896402 *Tunnelblick: This computer's apparent public IP address (89.34.167.224) was unchanged after the connection was made

     

     

     

    The logs from the firewall side are:

     

    2019:11:14-18:51:23 remote openvpn[5127]: TCP connection established with [AF_INET]50.209.125.57:28992 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:51:23 remote openvpn[5127]: 50.209.125.57:28992 Non-OpenVPN client protocol detected
    2019:11:14-18:51:23 remote openvpn[5127]: 50.209.125.57:28992 SIGTERM[soft,port-share-redirect] received, client-instance exiting
    2019:11:14-18:51:45 remote openvpn[5127]: TCP connection established with [AF_INET]34.248.XX.6:56046 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:51:45 remote openvpn[5127]: 34.248.XX.6:56046 Connection reset, restarting [0]
    2019:11:14-18:51:45 remote openvpn[5127]: 34.248.XX.6:56046 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2019:11:14-18:51:57 remote openvpn[5127]: TCP connection established with [AF_INET]89.34.167.224:6662 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 TLS: Initial packet from [AF_INET]89.34.167.224:6662 (via [AF_INET]172.18.150.100:443), sid=df5b5fba 6201e510
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 TLS: Username/Password authentication deferred for username 'jjmarc' [CN SET]
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2019:11:14-18:51:58 remote openvpn[5127]: 89.34.167.224:6662 [jjmarc] Peer Connection Initiated with [AF_INET]89.34.167.224:6662 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:52:00 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:04 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:09 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:14 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:19 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:25 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:30 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:35 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:41 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:45 remote openvpn[5127]: TCP connection established with [AF_INET]34.248.XX.6:56079 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:52:45 remote openvpn[5127]: 34.248.XX.6:56079 Connection reset, restarting [0]
    2019:11:14-18:52:45 remote openvpn[5127]: 34.248.XX.6:56079 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2019:11:14-18:52:46 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:51 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:52:56 remote openvpn[5127]: 89.34.167.224:6662 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:01 remote openvpn[5127]: 89.34.167.224:6662 Connection reset, restarting [0]
    2019:11:14-18:53:01 remote openvpn[5127]: 89.34.167.224:6662 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2019:11:14-18:53:01 remote openvpn[5127]: TCP connection established with [AF_INET]89.34.167.224:6731 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 TLS: Initial packet from [AF_INET]89.34.167.224:6731 (via [AF_INET]172.18.150.100:443), sid=7b7d492d 0cbe153a
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 TLS: Username/Password authentication deferred for username 'jjmarc' [CN SET]
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2019:11:14-18:53:02 remote openvpn[5127]: 89.34.167.224:6731 [jjmarc] Peer Connection Initiated with [AF_INET]89.34.167.224:6731 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:53:03 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:08 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:13 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:18 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:24 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:25 remote openvpn[5127]: TCP connection established with [AF_INET]50.209.125.57:46570 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:53:25 remote openvpn[5127]: 50.209.125.57:46570 Non-OpenVPN client protocol detected
    2019:11:14-18:53:25 remote openvpn[5127]: 50.209.125.57:46570 SIGTERM[soft,port-share-redirect] received, client-instance exiting
    2019:11:14-18:53:29 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:34 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:39 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:45 remote openvpn[5127]: TCP connection established with [AF_INET]34.248.XX.6:56112 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:53:45 remote openvpn[5127]: 34.248.XX.6:56112 Connection reset, restarting [0]
    2019:11:14-18:53:45 remote openvpn[5127]: 34.248.XX.6:56112 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2019:11:14-18:53:45 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:50 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:53:55 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:00 remote openvpn[5127]: 89.34.167.224:6731 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:06 remote openvpn[5127]: 89.34.167.224:6731 Connection reset, restarting [0]
    2019:11:14-18:54:06 remote openvpn[5127]: 89.34.167.224:6731 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2019:11:14-18:54:06 remote openvpn[5127]: TCP connection established with [AF_INET]89.34.167.224:6770 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 TLS: Initial packet from [AF_INET]89.34.167.224:6770 (via [AF_INET]172.18.150.100:443), sid=2dcd256c 1779d6cc
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 TLS: Username/Password authentication deferred for username 'jjmarc' [CN SET]
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2019:11:14-18:54:07 remote openvpn[5127]: 89.34.167.224:6770 [jjmarc] Peer Connection Initiated with [AF_INET]89.34.167.224:6770 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:54:08 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:13 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:19 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:24 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:29 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:34 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:39 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:44 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:45 remote openvpn[5127]: TCP connection established with [AF_INET]34.248.XX.6:56145 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:54:45 remote openvpn[5127]: 34.248.XX.6:56145 Connection reset, restarting [0]
    2019:11:14-18:54:45 remote openvpn[5127]: 34.248.XX.6:56145 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2019:11:14-18:54:49 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:54:55 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:55:00 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:55:05 remote openvpn[5127]: 89.34.167.224:6770 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:55:11 remote openvpn[5127]: 89.34.167.224:6770 Connection reset, restarting [0]
    2019:11:14-18:55:11 remote openvpn[5127]: 89.34.167.224:6770 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2019:11:14-18:55:11 remote openvpn[5127]: TCP connection established with [AF_INET]89.34.167.224:6791 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 TLS: Initial packet from [AF_INET]89.34.167.224:6791 (via [AF_INET]172.18.150.100:443), sid=2be888a8 8e2d682e
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 VERIFY OK: depth=1, C=uk, L=London, O=XX, CN=XX VPN CA, emailAddress=zp@ht.com
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 VERIFY OK: depth=0, C=uk, L=London, O=XX, CN=jjmarc
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 TLS: Username/Password authentication deferred for username 'jjmarc' [CN SET]
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2019:11:14-18:55:12 remote openvpn[5127]: 89.34.167.224:6791 [jjmarc] Peer Connection Initiated with [AF_INET]89.34.167.224:6791 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:55:12 remote openvpn[5127]: jjmarc/89.34.167.224:6791 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/jjmarc
    2019:11:14-18:55:12 remote openvpn[5127]: jjmarc/89.34.167.224:6791 MULTI_sva: pool returned IPv4=10.242.2.3, IPv6=(Not enabled)
    2019:11:14-18:55:12 remote openvpn[5127]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="jjmarc" variant="ssl" srcip="89.34.167.224" virtual_ip="10.242.2.3"
    2019:11:14-18:55:12 remote openvpn[5127]: jjmarc/89.34.167.224:6791 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0
    2019:11:14-18:55:12 remote openvpn[5127]: jjmarc/89.34.167.224:6791 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_2f03ff483af127d6bf87ea551a99022c.tmp
    2019:11:14-18:55:12 remote openvpn[5127]: jjmarc/89.34.167.224:6791 MULTI: Learn: 10.242.2.3 -> jjmarc/89.34.167.224:6791
    2019:11:14-18:55:12 remote openvpn[5127]: jjmarc/89.34.167.224:6791 MULTI: primary virtual IP for jjmarc/89.34.167.224:6791: 10.242.2.3
    2019:11:14-18:55:13 remote openvpn[5127]: jjmarc/89.34.167.224:6791 PUSH: Received control message: 'PUSH_REQUEST'
    2019:11:14-18:55:13 remote openvpn[5127]: jjmarc/89.34.167.224:6791 send_push_reply(): safe_cap=940
    2019:11:14-18:55:13 remote openvpn[5127]: jjmarc/89.34.167.224:6791 SENT CONTROL [jjmarc]: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 172.20.0.0 255.255.0.0,route 172.18.0.0 255.255.0.0,route 172.28.0.0 255.255.0.0,route 192.168.0.0 255.255.0.0,dhcp-option DNS 172.18.110.115,dhcp-option DNS 172.18.210.214,dhcp-option DOMAIN int.XX.co.uk,ifconfig 10.242.2.3 255.255.255.0' (status=1)
    2019:11:14-18:55:26 remote openvpn[5127]: TCP connection established with [AF_INET]50.209.125.57:32985 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:55:26 remote openvpn[5127]: 50.209.125.57:32985 Non-OpenVPN client protocol detected
    2019:11:14-18:55:26 remote openvpn[5127]: 50.209.125.57:32985 SIGTERM[soft,port-share-redirect] received, client-instance exiting
    2019:11:14-18:55:45 remote openvpn[5127]: TCP connection established with [AF_INET]34.248.XX.6:56179 (via [AF_INET]172.18.150.100:443)
    2019:11:14-18:55:45 remote openvpn[5127]: 34.248.XX.6:56179 Connection reset, restarting [0]
    2019:11:14-18:55:45 remote openvpn[5127]: 34.248.XX.6:56179 SIGUSR1[soft,connection-reset] received, client-instance restarting

     

  • 0 in reply to zzzp8

     . Sorry to bother . Have you had any time to digest this one? 

     

    Could the issue be with the users VPN client rather than the firewall itself? I'm struggling to understand where the  'PUSH: Received control message: 'PUSH_REQUEST'   , fits into the authentiation chain.

     

    Thanks 

Unfiltered HTML