This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN via Viscosity -- Won't Connect

Sophos Forum,

 

Hello. Ive been trying to get this to work for a few days now. Spent the past two days spinning up a brand new UTM instance. -- Still, no workie. Please help.

The situation:

  • I do not have DNS set up for this, so I am putting my exterior IP in the Override hostname.
  • An Nmap of my exterior IP from outside reveals:

    PORT    STATE SERVICE
    21/tcp  open  ftp
    80/tcp  open  http
    443/tcp open  https        so I would gather that the service is up and listening...

  • I followed the instructions on the youtube tutorial ( except I am using Viscosity and not the downloadable client )
  • Configuration is an auto-import into the viscosity client using the *.ovpn config file that came out of the User Portal
  • A rule was auto created when I created the SSL VPN profile

    My viscosity client shows a log of this:

    Oct 16 16:50:04: Viscosity Mac 1.6.5 (1354)
    Oct 16 16:50:04: Viscosity OpenVPN Engine Started
    Oct 16 16:50:04: Running on Mac OS X 10.11.6
    Oct 16 16:50:04: ---------
    Oct 16 16:50:04: Checking reachability status of connection...
    Oct 16 16:50:04: Connection is reachable. Starting connection attempt.
    Oct 16 16:50:06: DEPRECATED OPTION: --tls-remote, please update your configuration
    Oct 16 16:50:06: OpenVPN 2.3.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on May 10 2016
    Oct 16 16:50:06: library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
    Oct 16 16:50:39: Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]
    Oct 16 16:50:40: TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
    Oct 16 16:50:40: TCPv4_CLIENT link local: [undef]
    Oct 16 16:50:40: TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
    Oct 16 16:50:47: Connection reset, restarting [-1]
    Oct 16 16:50:47: SIGUSR1[soft,connection-reset] received, process restarting
    Oct 16 16:50:48: Attempting to establish TCP connection with [AF_INET]5XXX.XXX.XXX.XXX:443 [nonblock]
    Oct 16 16:50:49: TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
    Oct 16 16:50:49: TCPv4_CLIENT link local: [undef]
    Oct 16 16:50:49: TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
    Oct 16 16:50:56: Connection reset, restarting [-1]

    And just keeps repeating the connection reset over and over until its time for me to shave again....

    And the Live Log SSL VPN:  
    2016:10:16-17:38:34 firewall openvpn[15351]: MANAGEMENT: Client disconnected
    2016:10:16-17:53:17 firewall openvpn[15351]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:10:16-17:53:17 firewall openvpn[15351]: MANAGEMENT: CMD 'status -1'
    2016:10:16-17:53:27 firewall openvpn[15351]: MANAGEMENT: Client disconnected
    2016:10:16-18:08:32 firewall openvpn[15351]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:10:16-18:08:32 firewall openvpn[15351]: MANAGEMENT: CMD 'status -1'
    2016:10:16-18:08:42 firewall openvpn[15351]: MANAGEMENT: Client disconnected
    2016:10:16-18:08:44 firewall openvpn[15351]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:10:16-18:08:44 firewall openvpn[15351]: MANAGEMENT: CMD 'status -1'
    2016:10:16-18:08:54 firewall openvpn[15351]: MANAGEMENT: Client disconnected
  • The interface/subnet Im trying to reach does have internet access

Im not sure what other details I can give. Anyone's help would be appreciated gratefully.

 

Thanks

 



This thread was automatically locked due to age.
Parents
  • Hi, Mark and welcome to the UTM Community!

    Unfortunately, the config you download from the User Portal is not an ovpn file.  You might google site:community.sophos.com convert apc ovpn.  You should be able to find a thread with the information you need.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hmmm.... yeah.. Im not sure that's correct.

    When downloading the remote access package from the User Portal, I chose the third option, which downloads a zip file. Opening the zip file produces a folder called config and in that folder there are 4 files.

    a ca.crt  file

    a user.crt  file

    a user.key  file

    and a .ovpn file.


    So Im pretty sure that it is an ovpn file.

    I have tried importing this configuration into tunnelblick as well, with a weird error that is equally unhelpful.

Reply
  • Hmmm.... yeah.. Im not sure that's correct.

    When downloading the remote access package from the User Portal, I chose the third option, which downloads a zip file. Opening the zip file produces a folder called config and in that folder there are 4 files.

    a ca.crt  file

    a user.crt  file

    a user.key  file

    and a .ovpn file.


    So Im pretty sure that it is an ovpn file.

    I have tried importing this configuration into tunnelblick as well, with a weird error that is equally unhelpful.

Children