Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 31455 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN, Sudenly stopped working and no clue in logs as to reason?

JohnKenny
Hi,

Id really appreciate it if anyone could help me resolve my SSL VPN problem?

I had it working and been using it for a while now and its just stopped working, ive tried recreating the SSL VPN profile, regenerating the Cert & the Signing cert.  Ive checked the firewall rule is ok and i can see the NAT & Firewall rules activating in the live log and it is allowing port 443, the users are local authenticated so there cant be much to go wrong so i thought.  I have uninstalled the Open SSL profile and redownloaded that, but no help.  I have another server else where that my OpenSSL still connects to so its not the software on my machine.

The log my machines OpenSSL generated isnt of much help as its not giving me much to go on, see below: -

Sun Jun 28 20:59:26 2015 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Mar 23 2015
Enter Management Password:
Sun Jun 28 20:59:26 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jun 28 20:59:26 2015 Need hold release from management interface, waiting...
Sun Jun 28 20:59:27 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jun 28 20:59:27 2015 MANAGEMENT: CMD 'state on'
Sun Jun 28 20:59:27 2015 MANAGEMENT: CMD 'log all on'
Sun Jun 28 20:59:27 2015 MANAGEMENT: CMD 'hold off'
Sun Jun 28 20:59:27 2015 MANAGEMENT: CMD 'hold release'
Sun Jun 28 20:59:34 2015 MANAGEMENT: CMD 'username "Auth" "johnkenny"'
Sun Jun 28 20:59:34 2015 MANAGEMENT: CMD 'password [...]'
Sun Jun 28 20:59:34 2015 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sun Jun 28 20:59:34 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Jun 28 20:59:34 2015 Socket Buffers: R=[65536->65536] S=[64512->64512]
Sun Jun 28 20:59:34 2015 Attempting to establish TCP connection with [AF_INET]62.31.***.XX:443 [nonblock]
Sun Jun 28 20:59:34 2015 MANAGEMENT: >STATE:1435521574,TCP_CONNECT,,,
Sun Jun 28 20:59:44 2015 TCP: connect to [AF_INET]62.31.***.XX:443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  
Sun Jun 28 20:59:55 2015 SIGTERM[hard,init_instance] received, process exiting
Sun Jun 28 20:59:55 2015 MANAGEMENT: >STATE:1435521595,EXITING,init_instance,,

It all looks fine then the only bit that tells me anything is the word "Failed" upto that point its identical to the log my other server generated which is fine.

Also the Remote Access log on my server doesnt tell me much either, where else can i look to get an idea what may be wrong?

Any Ideas people?

Many thanks in advance,

JK


This thread was automatically locked due to age.
  • 0
    JK, try a google with site:astaro.org "The system tried to join a drive to a directory on a joined drive."

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    yep first thing i did but couldn't find anything that helped, not sure what that could be in my case as it was working and ive gone over the config several times, even using another server as reference. Still yet to find an explanation in my searches as to what that line actually means? "The system tried to join a drive to a directory on a joined drive".  Also this error isn't machine or user specific which makes this error even more confusing. 

    Oh and Site to Site SSL VPN still works and it uses the same settings as the remote access SSL VPN.

    JK

    CompKickers

  • 0
    Have you tried changing the Protocol to UDP and re-installing the config file?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Yeah Ive uninstalled Sophos SSL VPN completely from the PC and then redownloaded it from the user portal, but again this did not solve the issue.  As i said its not specific to one desktop ive tried on different machines but no difference.  If SSL VPN Site to Site is working using the same Port, Cert and Algorithm why has Remote Access SSL VPN stopped?  I cant work it out, I would have thought the Site to Site would be the same but that works.

    Any more ideas?

    JK

    JK

    CompKickers

  • 0
    Changing to UDP did work but why should TCP just stop working?  I would ideally like to use TCP again.

    Thanks

    JK

    JK

    CompKickers

  • 0
    My first guess would be that you added a DNAT for 443 TCP, and that takes precedence (see #2 in Rulz).

    In any case, I always start a new configuration with a UDP port because it makes for a significantly faster connection.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    We had this same problem with a customer and it plagued us for a week. Ended up being a DNS problem. The domain name configured on the UTM somehow had 2 A records setup to 2 different IPs. Resolving the A record fixed the issue.

  • 0

    I had this problem occour sporadically on a single firewall for the last 6-8 months now. (Maybe every 2 months)

    If I go to the Remote Access tab, and turn VPN OFF/ON, then the problem disappears, but will appear again later.

     

    I have yet to find out what causes this issue.

     

    The problem have persistet across several updates now.

    Maybe it´s a problem with the OpenVPN component.

     

    //Hans-Peder

Unfiltered HTML