SSL VPN Error : Connection successful then dropping

I'm having an error with my VPN configuration to where after giving the client the correct creds, it connect momentarily (10 Seconds) and then drops to attempting to connect in a contentious loop. I know it is not a appliance issue because my coworkers are not having any issues with their instance. I've already tried to uninstall and reinstall the client and using a new config file and ever tired making a new user for the application to be successful. Below are my logs.

 

Tue May 15 12:13:15 2018 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue May 15 12:13:15 2018 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue May 15 12:13:15 2018 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue May 15 12:13:15 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue May 15 12:13:15 2018 [SophosApplianceCertificate] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:8443
Tue May 15 12:13:16 2018 MANAGEMENT: >STATE:1526400796,GET_CONFIG,,,,,,
Tue May 15 12:13:17 2018 SENT CONTROL [SophosApplianceCertificate]: 'PUSH_REQUEST' (status=1)
Tue May 15 12:13:17 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.81.234.5,ping 45,ping-restart 180,route XXX.XXX.XXX.XXX 255.255.255.255,route 172.31.0.0 255.255.254.0,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,ifconfig 10.81.234.6 255.255.255.0'
Tue May 15 12:13:17 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue May 15 12:13:17 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue May 15 12:13:17 2018 OPTIONS IMPORT: route options modified
Tue May 15 12:13:17 2018 OPTIONS IMPORT: route-related options modified
Tue May 15 12:13:17 2018 ROUTE_GATEWAY 10.20.55.253/255.255.255.0 I=10 HWADDR=9c:b6:d0:69:ca:ad
Tue May 15 12:13:17 2018 open_tun, tt->ipv6=0
Tue May 15 12:13:17 2018 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{22876FB3-DE6A-4001-A5A9-C1100534D35B}.tap
Tue May 15 12:13:17 2018 TAP-Windows Driver Version 9.21
Tue May 15 12:13:17 2018 Set TAP-Windows TUN subnet mode network/local/netmask = 10.81.234.0/10.81.234.6/255.255.255.0 [SUCCEEDED]
Tue May 15 12:13:17 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.81.234.6/255.255.255.0 on interface {22876FB3-DE6A-4001-A5A9-C1100534D35B} [DHCP-serv: 10.81.234.254, lease-time: 31536000]
Tue May 15 12:13:17 2018 Successful ARP Flush on interface [28] {22876FB3-DE6A-4001-A5A9-C1100534D35B}
Tue May 15 12:13:17 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue May 15 12:13:17 2018 MANAGEMENT: >STATE:1526400797,ASSIGN_IP,,10.81.234.6,,,,
Tue May 15 12:13:21 2018 TEST ROUTES: 4/4 succeeded len=4 ret=1 a=0 u/d=up
Tue May 15 12:13:21 2018 MANAGEMENT: >STATE:1526400801,ADD_ROUTES,,,,,,
Tue May 15 12:13:21 2018 C:\Windows\system32\route.exe ADD XXX.XXX.XXX.XXX MASK 255.255.255.255 10.20.55.253
Tue May 15 12:13:21 2018 Route addition via service succeeded
Tue May 15 12:13:21 2018 C:\Windows\system32\route.exe ADD XXX.XXX.XXX.XXX MASK 255.255.255.255 10.81.234.5
Tue May 15 12:13:21 2018 Route addition via service succeeded
Tue May 15 12:13:21 2018 C:\Windows\system32\route.exe ADD 172.31.0.0 MASK 255.255.254.0 10.81.234.5
Tue May 15 12:13:21 2018 Route addition via service succeeded
Tue May 15 12:13:21 2018 C:\Windows\system32\route.exe ADD XXX.XXX.XXX.XXX MASK 255.255.255.255 10.20.55.253
Tue May 15 12:13:21 2018 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=10]
Tue May 15 12:13:21 2018 Route addition via service failed
Tue May 15 12:13:21 2018 Initialization Sequence Completed
Tue May 15 12:13:21 2018 MANAGEMENT: >STATE:1526400801,CONNECTED,SUCCESS,10.81.234.6,XXX.XXX.XXX.XXX,8443,10.20.55.140,53862
Tue May 15 12:13:40 2018 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Tue May 15 12:13:40 2018 Connection reset, restarting [-1]
Tue May 15 12:13:40 2018 SIGUSR1[soft,connection-reset] received, process restarting
Tue May 15 12:13:40 2018 MANAGEMENT: >STATE:1526400820,RECONNECTING,connection-reset,,,,,
Tue May 15 12:13:40 2018 Restart pause, 5 second(s)
Tue May 15 12:13:45 2018 Socket Buffers: R=[65536->65536] S=[64512->64512]
Tue May 15 12:13:45 2018 Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:8443 [nonblock]
Tue May 15 12:13:45 2018 MANAGEMENT: >STATE:1526400825,TCP_CONNECT,,,,,,
Tue May 15 12:13:55 2018 TCP: connect to [AF_INET]XXX.XXX.XXX.XXX:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Tue May 15 12:13:55 2018 SIGUSR1[soft,init_instance] received, process restarting
Tue May 15 12:13:55 2018 MANAGEMENT: >STATE:1526400835,RECONNECTING,init_instance,,,,,
Tue May 15 12:13:55 2018 Restart pause, 5 second(s)
Tue May 15 12:14:00 2018 Socket Buffers: R=[65536->65536] S=[64512->64512]
Tue May 15 12:14:00 2018 Attempting to establish TCP connection with [AF_INET]10.255.255.1:8443 [nonblock]
Tue May 15 12:14:00 2018 MANAGEMENT: >STATE:1526400840,TCP_CONNECT,,,,,,
Tue May 15 12:14:10 2018 TCP: connect to [AF_INET]10.255.255.1:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Tue May 15 12:14:10 2018 SIGUSR1[soft,init_instance] received, process restarting
Tue May 15 12:14:10 2018 MANAGEMENT: >STATE:1526400850,RECONNECTING,init_instance,,,,,
Tue May 15 12:14:10 2018 Restart pause, 5 second(s)
Tue May 15 12:14:15 2018 Socket Buffers: R=[65536->65536] S=[64512->64512]
Tue May 15 12:14:15 2018 Attempting to establish TCP connection with [AF_INET]172.31.0.1:8443 [nonblock]
Tue May 15 12:14:15 2018 MANAGEMENT: >STATE:1526400855,TCP_CONNECT,,,,,,
Tue May 15 12:14:25 2018 TCP: connect to [AF_INET]172.31.0.1:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Tue May 15 12:14:25 2018 SIGUSR1[soft,init_instance] received, process restarting
Tue May 15 12:14:25 2018 MANAGEMENT: >STATE:1526400865,RECONNECTING,init_instance,,,,,
Tue May 15 12:14:25 2018 Restart pause, 5 second(s)
Tue May 15 12:14:29 2018 MANAGEMENT: Client disconnected
Tue May 15 12:14:29 2018 Assertion failed at misc.c:779
Tue May 15 12:14:29 2018 Exiting due to fatal error

  • Hey  

    Welcome to the Sophos Community!

    Two entries in your logs are interesting:
    "Tue May 15 12:13:40 2018 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)"
    "Tue May 15 12:13:55 2018 TCP: connect to [AF_INET]XXX.XXX.XXX.XXX:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive."

    Doing a quick search for these OpenVPN errors. When you access the SSL VPN, are you behind another firewall? Are you running the SSL client with admin privileges? For troubleshooting purposes, have you tried using your existing client configuration with another OpenVPN SSL client?

  • In reply to FloSupport:

    Some steps I've taken already have been to deploy a virtual machine on top of the machine that i'm attempting to connect from and run the client there. This configuration is able to work for trouble shooting purposes but not for reliable use. 

     

    Firewall wise, i was behind one yesterday when i was attempting and successful with the virtual system but trying today over a MIFI proved no such luck for the host system.

     

    I attempted running openVPN with the Sophos VPN config file and i'm getting the same issue where the client will disconnect after a few seconds of connect successfully and go in an endless loop attempting to reconnect.  

  • In reply to Justin Lance:

    Thanks for updating me. You did mention that this was an issue specific to your own machine and instance. Are you able to test with the same profile you have, but with a different physical machine? Then try on a different network or on the network where it works for your coworkers?

    What log entries are you able to observe on the XG during this issue (/log/sslvpn.log)?

    Regards,

  • In reply to FloSupport:

    Hey Flo, 

     

    I was able to test that using a different machine using the same credentials it is able to log in without any issue. 

     

    Could you give me more information as to what i'm looking for within the log?

  • In reply to Justin Lance:

    Hey Justin,

    For more context, were you able to successfully sign in to a different machine (on a different network) using your credentials, without any issues?

    What OS is the machine having issues? Have you tried downloading the latest SSL VPN client?

  • In reply to FloSupport:

    So after many long hours of trial and error, i found out that my companies MDM was the issues and adding a specific additional firewall rule set.