repeating short time 'disconnecting'

I'm using Sophos vpn to connect to the office. I'm experiencing some connection error quite often. The log shows the following lines several times:

 

Fri May 22 13:34:53 2020 Authenticate/Decrypt packet error: packet HMAC authentication failed
Fri May 22 13:34:53 2020 Fatal decryption error (process_incoming_link), restarting
Fri May 22 13:34:53 2020 SIGUSR1[soft,decryption-error] received, process restarting
Fri May 22 13:34:53 2020 MANAGEMENT: >STATE:1590147293,RECONNECTING,decryption-error,,,,,
Fri May 22 13:34:53 2020 Restart pause, 5 second(s)

 

What i have tested so far:

- re-install spohos client software

- use VPN with ANTIvirus disabled / removed (G-data)

- use VPN, logged in as a different user 

 

I would really like to resolve this issue, any sugestions?

  • Hoi and welcome to the UTM Community!

    Show us a picture of the left side of the 'Advanced' tab in 'SSL VPN'.  Also, copy here about 30 lines from the SSL VPN log file and 30 lines after including 13:34:53.

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob, 

    Thanks for the warm welcome and helping out! I'm not sure where i can find the advanced tab... I have uploaded a screenshot what i do have (in dutch). (RMB sophos SSL client icon / settings / ... ) Is this what you were looking for or should i look somewehere else?

     

    Here's a part of the log from just now... (changed the original names for now to 'COMPANY')

    Sun May 24 21:08:04 2020 OPTIONS IMPORT: timers and/or timeouts modified
    Sun May 24 21:08:04 2020 OPTIONS IMPORT: --ifconfig/up options modified
    Sun May 24 21:08:04 2020 OPTIONS IMPORT: route options modified
    Sun May 24 21:08:04 2020 OPTIONS IMPORT: route-related options modified
    Sun May 24 21:08:04 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Sun May 24 21:08:04 2020 Preserving previous TUN/TAP instance: Ethernet 2
    Sun May 24 21:08:04 2020 Initialization Sequence Completed
    Sun May 24 21:08:04 2020 MANAGEMENT: >STATE:1590347284,CONNECTED,SUCCESS,10.242.2.15,46.145.113.121,443,192.168.178.14,53092
    Sun May 24 21:21:10 2020 Authenticate/Decrypt packet error: packet HMAC authentication failed
    Sun May 24 21:21:10 2020 Fatal decryption error (process_incoming_link), restarting
    Sun May 24 21:21:10 2020 SIGUSR1[soft,decryption-error] received, process restarting
    Sun May 24 21:21:10 2020 MANAGEMENT: >STATE:1590348070,RECONNECTING,decryption-error,,,,,
    Sun May 24 21:21:10 2020 Restart pause, 5 second(s)
    Sun May 24 21:21:15 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sun May 24 21:21:15 2020 MANAGEMENT: >STATE:1590348075,RESOLVE,,,,,,
    Sun May 24 21:21:26 2020 Attempting to establish TCP connection with [AF_INET]46.145.113.121:443 [nonblock]
    Sun May 24 21:21:26 2020 MANAGEMENT: >STATE:1590348086,TCP_CONNECT,,,,,,
    Sun May 24 21:21:27 2020 TCP connection established with [AF_INET]46.145.113.121:443
    Sun May 24 21:21:27 2020 TCPv4_CLIENT link local: [undef]
    Sun May 24 21:21:27 2020 TCPv4_CLIENT link remote: [AF_INET]46.145.113.121:443
    Sun May 24 21:21:27 2020 MANAGEMENT: >STATE:1590348087,WAIT,,,,,,
    Sun May 24 21:21:27 2020 MANAGEMENT: >STATE:1590348087,AUTH,,,,,,
    Sun May 24 21:21:27 2020 TLS: Initial packet from [AF_INET]46.145.113.121:443, sid=2b18a675 189d3f0b
    Sun May 24 21:21:27 2020 VERIFY OK: depth=1, C=nl, L=Rotterdam, O=COMPANY, CN=COMPANY VPN CA, emailAddress=it@COMPANY.nl
    Sun May 24 21:21:27 2020 VERIFY X509NAME OK: C=nl, L=Rotterdam, O=COMPANY, CN=vpn.COMPANY.nl, emailAddress=it@COMPANY.nl
    Sun May 24 21:21:27 2020 VERIFY OK: depth=0, C=nl, L=Rotterdam, O=COMPANY, CN=vpn.COMPANY.nl, emailAddress=it@COMPANY.nl
    Sun May 24 21:21:28 2020 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Sun May 24 21:21:28 2020 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sun May 24 21:21:28 2020 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Sun May 24 21:21:28 2020 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sun May 24 21:21:28 2020 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Sun May 24 21:21:28 2020 [vpn.COMPANY.nl] Peer Connection Initiated with [AF_INET]46.145.113.121:443
    Sun May 24 21:21:29 2020 MANAGEMENT: >STATE:1590348089,GET_CONFIG,,,,,,
    Sun May 24 21:21:30 2020 SENT CONTROL [vpn.COMPANY.nl]: 'PUSH_REQUEST' (status=1)
    Sun May 24 21:21:30 2020 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 10.119.10.0 255.255.254.0,dhcp-option DNS 10.119.10.33,dhcp-option DNS 10.119.10.34,dhcp-option DOMAIN bf.local,ifconfig 10.242.2.15 255.255.255.0'
    Sun May 24 21:21:30 2020 OPTIONS IMPORT: timers and/or timeouts modified
    Sun May 24 21:21:30 2020 OPTIONS IMPORT: --ifconfig/up options modified
    Sun May 24 21:21:30 2020 OPTIONS IMPORT: route options modified
    Sun May 24 21:21:30 2020 OPTIONS IMPORT: route-related options modified
    Sun May 24 21:21:30 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Sun May 24 21:21:30 2020 Preserving previous TUN/TAP instance: Ethernet 2
    Sun May 24 21:21:30 2020 Initialization Sequence Completed
    Sun May 24 21:21:30 2020 MANAGEMENT: >STATE:1590348090,CONNECTED,SUCCESS,10.242.2.15,46.145.113.121,443,192.168.178.14,53133

    Hope there something in the Log that could help :)

     

    Kind regards, Homer

  • In reply to HOMER Simpson1:

    Please show the corresponding information from the UTM's log and configuration.  If you're not the admin of the UTM, you might request that information from the admin.

    Cheers - Bob