HI ALL,
i configure Policy for ssl vpn remote into sophos xg with firmware SFOS 17.5.9 MR-9,
but i could not connect,
>i regenerate default certificate 5 times with ssl certificate but the problem still.
>i do reset factory for the firewall but still have same problem
bellow there is all log from my vpn client
2020-02-20 02:11:43.040211 *Tunnelblick: macOS 10.15.3 (19D76); Tunnelblick 3.8.1 (build 5400); prior version 3.8.0 (build 5370)
2020-02-20 02:11:43.203074 *Tunnelblick: Attempting connection with thewarehouse__ssl_vpn_config (8); Set nameserver = 769; monitoring connection
2020-02-20 02:11:43.203865 *Tunnelblick: openvpnstart start thewarehouse__ssl_vpn_config\ (8).tblk 63348 769 0 3 0 1098032 -ptADGNWradsgnw 2.4.7-openssl-1.0.2t
2020-02-20 02:11:43.231277 *Tunnelblick: openvpnstart starting OpenVPN
2020-02-20 02:11:43.552606 OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 11 2019
2020-02-20 02:11:43.552707 library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
2020-02-20 02:11:43.554245 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:63348
2020-02-20 02:11:43.554297 Need hold release from management interface, waiting...
2020-02-20 02:11:43.830475 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2t/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sthewarehouse__ssl_vpn_config (8).tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098032.63348.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/thewarehouse__ssl_vpn_config (8).tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5400 3.8.1 (build 5400)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/thewarehouse__ssl_vpn_config (8).tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/thewarehouse__ssl_vpn_config (8).tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Shared/thewarehouse__ssl_vpn_config (8).tblk/Contents/Resources
--management 127.0.0.1 63348 /Library/Application Support/Tunnelblick/gbgogjoabaiioonejjcpchbeidfcghanljohmfoe.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2020-02-20 02:11:43.842471 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:63348
2020-02-20 02:11:43.883308 MANAGEMENT: CMD 'pid'
2020-02-20 02:11:43.883380 MANAGEMENT: CMD 'auth-retry interact'
2020-02-20 02:11:43.883422 MANAGEMENT: CMD 'state on'
2020-02-20 02:11:43.883476 MANAGEMENT: CMD 'state'
2020-02-20 02:11:43.883552 MANAGEMENT: CMD 'bytecount 1'
2020-02-20 02:11:43.887755 *Tunnelblick: Established communication with OpenVPN
2020-02-20 02:11:43.889663 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2020-02-20 02:11:43.898280 MANAGEMENT: CMD 'hold release'
2020-02-20 02:11:57.141672 MANAGEMENT: CMD 'username "Auth" "thewarehouse"'
2020-02-20 02:11:57.141742 MANAGEMENT: CMD 'password [...]'
2020-02-20 02:11:57.143351 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
2020-02-20 02:11:57.143390 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-20 02:11:57.168827 TCP/UDP: Preserving recently used remote address: [AF_INET]86.108.14.185:8443
2020-02-20 02:11:57.169013 Socket Buffers: R=[131072->131072] S=[131072->131072]
2020-02-20 02:11:57.169052 Attempting to establish TCP connection with [AF_INET]86.108.14.185:8443 [nonblock]
2020-02-20 02:11:57.169126 MANAGEMENT: >STATE:1582157517,TCP_CONNECT,,,,,,
2020-02-20 02:11:58.232595 TCP connection established with [AF_INET]86.108.14.185:8443
2020-02-20 02:11:58.232701 TCP_CLIENT link local: (not bound)
2020-02-20 02:11:58.232753 TCP_CLIENT link remote: [AF_INET]86.108.14.185:8443
2020-02-20 02:11:58.233043 MANAGEMENT: >STATE:1582157518,WAIT,,,,,,
2020-02-20 02:11:58.295885 MANAGEMENT: >STATE:1582157518,AUTH,,,,,,
2020-02-20 02:11:58.296032 TLS: Initial packet from [AF_INET]86.108.14.185:8443, sid=18fcfc5a 5d6ff0e4
2020-02-20 02:11:58.296385 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-02-20 02:11:59.265231 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=JO, ST=Jordan, L=Amman, O=Maintech, OU=OU, CN=thewarehousecafefirewall, emailAddress=t.albaik@maintechjo.com
2020-02-20 02:11:59.266080 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2020-02-20 02:11:59.274263 TLS_ERROR: BIO read tls_read_plaintext error
2020-02-20 02:11:59.274301 TLS Error: TLS object -> incoming plaintext read error
2020-02-20 02:11:59.274318 TLS Error: TLS handshake failed
2020-02-20 02:11:59.274415 Fatal TLS error (check_tls_errors_co), restarting
2020-02-20 02:11:59.274651 SIGUSR1[soft,tls-error] received, process restarting
2020-02-20 02:11:59.274686 MANAGEMENT: >STATE:1582157519,RECONNECTING,tls-error,,,,,
2020-02-20 02:11:59.293672 MANAGEMENT: CMD 'hold release'
2020-02-20 02:11:59.293740 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
2020-02-20 02:11:59.293761 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-20 02:11:59.294621 TCP/UDP: Preserving recently used remote address: [AF_INET]86.108.14.185:8443
2020-02-20 02:11:59.294728 Socket Buffers: R=[131072->131072] S=[131072->131072]
2020-02-20 02:11:59.294759 Attempting to establish TCP connection with [AF_INET]86.108.14.185:8443 [nonblock]
2020-02-20 02:11:59.294780 MANAGEMENT: >STATE:1582157519,TCP_CONNECT,,,,,,
2020-02-20 02:11:59.295192 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:00.366596 TCP connection established with [AF_INET]86.108.14.185:8443
2020-02-20 02:12:00.366765 TCP_CLIENT link local: (not bound)
2020-02-20 02:12:00.366856 TCP_CLIENT link remote: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:00.366904 MANAGEMENT: >STATE:1582157520,WAIT,,,,,,
2020-02-20 02:12:00.441857 MANAGEMENT: >STATE:1582157520,AUTH,,,,,,
2020-02-20 02:12:00.441996 TLS: Initial packet from [AF_INET]86.108.14.185:8443, sid=f0a66648 eb085b3d
2020-02-20 02:12:03.374469 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=JO, ST=Jordan, L=Amman, O=Maintech, OU=OU, CN=thewarehousecafefirewall, emailAddress=t.albaik@maintechjo.com
2020-02-20 02:12:03.374686 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2020-02-20 02:12:03.374706 TLS_ERROR: BIO read tls_read_plaintext error
2020-02-20 02:12:03.374717 TLS Error: TLS object -> incoming plaintext read error
2020-02-20 02:12:03.374727 TLS Error: TLS handshake failed
2020-02-20 02:12:03.374803 Fatal TLS error (check_tls_errors_co), restarting
2020-02-20 02:12:03.375020 SIGUSR1[soft,tls-error] received, process restarting
2020-02-20 02:12:03.375069 MANAGEMENT: >STATE:1582157523,RECONNECTING,tls-error,,,,,
2020-02-20 02:12:03.404594 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:03.404662 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
2020-02-20 02:12:03.404684 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-20 02:12:03.404839 TCP/UDP: Preserving recently used remote address: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:03.405612 Socket Buffers: R=[131072->131072] S=[131072->131072]
2020-02-20 02:12:03.405657 Attempting to establish TCP connection with [AF_INET]86.108.14.185:8443 [nonblock]
2020-02-20 02:12:03.405679 MANAGEMENT: >STATE:1582157523,TCP_CONNECT,,,,,,
2020-02-20 02:12:03.406059 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:04.449324 TCP connection established with [AF_INET]86.108.14.185:8443
2020-02-20 02:12:04.449511 TCP_CLIENT link local: (not bound)
2020-02-20 02:12:04.449566 TCP_CLIENT link remote: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:04.449604 MANAGEMENT: >STATE:1582157524,WAIT,,,,,,
2020-02-20 02:12:04.501208 MANAGEMENT: >STATE:1582157524,AUTH,,,,,,
2020-02-20 02:12:04.501349 TLS: Initial packet from [AF_INET]86.108.14.185:8443, sid=c125b8af 7c60d1d0
2020-02-20 02:12:05.936970 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=JO, ST=Jordan, L=Amman, O=Maintech, OU=OU, CN=thewarehousecafefirewall, emailAddress=t.albaik@maintechjo.com
2020-02-20 02:12:05.937139 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2020-02-20 02:12:05.937163 TLS_ERROR: BIO read tls_read_plaintext error
2020-02-20 02:12:05.937180 TLS Error: TLS object -> incoming plaintext read error
2020-02-20 02:12:05.937195 TLS Error: TLS handshake failed
2020-02-20 02:12:05.937287 Fatal TLS error (check_tls_errors_co), restarting
2020-02-20 02:12:05.937436 SIGUSR1[soft,tls-error] received, process restarting
2020-02-20 02:12:05.937520 MANAGEMENT: >STATE:1582157525,RECONNECTING,tls-error,,,,,
2020-02-20 02:12:05.971185 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:05.971253 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
2020-02-20 02:12:05.971276 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-20 02:12:05.972172 TCP/UDP: Preserving recently used remote address: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:05.972277 Socket Buffers: R=[131072->131072] S=[131072->131072]
2020-02-20 02:12:05.972308 Attempting to establish TCP connection with [AF_INET]86.108.14.185:8443 [nonblock]
2020-02-20 02:12:05.972334 MANAGEMENT: >STATE:1582157525,TCP_CONNECT,,,,,,
2020-02-20 02:12:05.972714 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:07.017146 TCP connection established with [AF_INET]86.108.14.185:8443
2020-02-20 02:12:07.017319 TCP_CLIENT link local: (not bound)
2020-02-20 02:12:07.017373 TCP_CLIENT link remote: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:07.017412 MANAGEMENT: >STATE:1582157527,WAIT,,,,,,
2020-02-20 02:12:07.057113 MANAGEMENT: >STATE:1582157527,AUTH,,,,,,
2020-02-20 02:12:07.057252 TLS: Initial packet from [AF_INET]86.108.14.185:8443, sid=fc8f1cb2 ac2f89c7
2020-02-20 02:12:08.105730 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=JO, ST=Jordan, L=Amman, O=Maintech, OU=OU, CN=thewarehousecafefirewall, emailAddress=t.albaik@maintechjo.com
2020-02-20 02:12:08.105849 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2020-02-20 02:12:08.105904 TLS_ERROR: BIO read tls_read_plaintext error
2020-02-20 02:12:08.105913 TLS Error: TLS object -> incoming plaintext read error
2020-02-20 02:12:08.105920 TLS Error: TLS handshake failed
2020-02-20 02:12:08.106043 Fatal TLS error (check_tls_errors_co), restarting
2020-02-20 02:12:08.106207 SIGUSR1[soft,tls-error] received, process restarting
2020-02-20 02:12:08.106271 MANAGEMENT: >STATE:1582157528,RECONNECTING,tls-error,,,,,
2020-02-20 02:12:08.127881 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:08.128003 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:08.129228 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
2020-02-20 02:12:08.129268 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-20 02:12:08.129394 TCP/UDP: Preserving recently used remote address: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:08.129467 Socket Buffers: R=[131072->131072] S=[131072->131072]
2020-02-20 02:12:08.129492 Attempting to establish TCP connection with [AF_INET]86.108.14.185:8443 [nonblock]
2020-02-20 02:12:08.129508 MANAGEMENT: >STATE:1582157528,TCP_CONNECT,,,,,,
2020-02-20 02:12:09.129895 TCP connection established with [AF_INET]86.108.14.185:8443
2020-02-20 02:12:09.129990 TCP_CLIENT link local: (not bound)
2020-02-20 02:12:09.130022 TCP_CLIENT link remote: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:09.130058 MANAGEMENT: >STATE:1582157529,WAIT,,,,,,
2020-02-20 02:12:09.190385 MANAGEMENT: >STATE:1582157529,AUTH,,,,,,
2020-02-20 02:12:09.190543 TLS: Initial packet from [AF_INET]86.108.14.185:8443, sid=663578c8 28276a8d
2020-02-20 02:12:10.203679 VERIFY ERROR: depth=1, error=certificate is not yet valid: C=JO, ST=Jordan, L=Amman, O=Maintech, OU=OU, CN=thewarehousecafefirewall, emailAddress=t.albaik@maintechjo.com
2020-02-20 02:12:10.203877 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2020-02-20 02:12:10.203902 TLS_ERROR: BIO read tls_read_plaintext error
2020-02-20 02:12:10.203919 TLS Error: TLS object -> incoming plaintext read error
2020-02-20 02:12:10.203934 TLS Error: TLS handshake failed
2020-02-20 02:12:10.204057 Fatal TLS error (check_tls_errors_co), restarting
2020-02-20 02:12:10.204242 SIGUSR1[soft,tls-error] received, process restarting
2020-02-20 02:12:10.204316 MANAGEMENT: >STATE:1582157530,RECONNECTING,tls-error,,,,,
2020-02-20 02:12:10.237007 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:10.237088 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html for more info.
2020-02-20 02:12:10.237189 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-02-20 02:12:10.238036 TCP/UDP: Preserving recently used remote address: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:10.238140 Socket Buffers: R=[131072->131072] S=[131072->131072]
2020-02-20 02:12:10.238172 Attempting to establish TCP connection with [AF_INET]86.108.14.185:8443 [nonblock]
2020-02-20 02:12:10.238196 MANAGEMENT: >STATE:1582157530,TCP_CONNECT,,,,,,
2020-02-20 02:12:10.238561 MANAGEMENT: CMD 'hold release'
2020-02-20 02:12:11.055519 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2020-02-20 02:12:11.303054 TCP connection established with [AF_INET]86.108.14.185:8443
2020-02-20 02:12:11.304238 TCP_CLIENT link local: (not bound)
2020-02-20 02:12:11.304904 TCP_CLIENT link remote: [AF_INET]86.108.14.185:8443
2020-02-20 02:12:11.304985 MANAGEMENT: >STATE:1582157531,WAIT,,,,,,
2020-02-20 02:12:11.352447 MANAGEMENT: >STATE:1582157531,AUTH,,,,,,
2020-02-20 02:12:11.352547 TLS: Initial packet from [AF_INET]86.108.14.185:8443, sid=9c821b27 2014b7d7
2020-02-20 02:12:11.363362 *Tunnelblick: Disconnecting using 'kill'
2020-02-20 02:12:11.533125 event_wait : Interrupted system call (code=4)
2020-02-20 02:12:11.533459 SIGTERM[hard,] received, process exiting
2020-02-20 02:12:11.533527 MANAGEMENT: >STATE:1582157531,EXITING,SIGTERM,,,,,
2020-02-20 02:12:12.175614 *Tunnelblick: Expected disconnection occurred.
This thread was automatically locked due to age.