Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 31 replies
  • Subscribers 46 subscribers
  • Views 7611 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After Upgrade from 17.5 MR13 to MR14 Sophos VPN CLient fails to connect (urgent)

juergenb52

Hello,

i upgrade my MR13 o MR14 and now the Sophos VPN Client fails to connect.

This worked from MR12 to MR13 and after MR14 it fails.
No login possible.

i download the new Client from userportal after MR14 upgrade, but still no connection available.

Log Viewer is no option, this Log Viewer is only spinning a wheel forever..

Thu Aug 13 20:36:22 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Thu Aug 13 20:36:22 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Thu Aug 13 20:36:22 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Aug 13 20:36:22 2020 Need hold release from management interface, waiting...
Thu Aug 13 20:36:22 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'state on'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'log all on'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'hold off'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'hold release'
Thu Aug 13 20:36:28 2020 MANAGEMENT: CMD 'username "Auth" "juergen"'
Thu Aug 13 20:36:28 2020 MANAGEMENT: CMD 'password [...]'
Thu Aug 13 20:36:28 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 13 20:36:28 2020 MANAGEMENT: >STATE:1597343788,RESOLVE,,,,,,
Thu Aug 13 20:36:28 2020 Attempting to establish TCP connection with [AF_INET]93.241.42.218:8443 [nonblock]
Thu Aug 13 20:36:28 2020 MANAGEMENT: >STATE:1597343788,TCP_CONNECT,,,,,,
Thu Aug 13 20:36:38 2020 TCP: connect to [AF_INET]a.b.c.d:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.
Thu Aug 13 20:36:43 2020 MANAGEMENT: >STATE:1597343803,RESOLVE,,,,,,
Thu Aug 13 20:36:43 2020 MANAGEMENT: >STATE:1597343803,TCP_CONNECT,,,,,,
Thu Aug 13 20:36:53 2020 TCP: connect to [AF_INET]a.b.c.d:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    Are you able to see the traffic from your public IP address on port 8443 on the firewall? 

    Check out the following KBA: Sophos XG Firewall: How to monitor traffic using packet capture utility in the GUI.

    Is this issue affecting all the users or only specific users? Have you restarted your workstation after reinstalling the client and config? 

    Thanks,

  • 0 in reply to FormerMember

    Thanks Patel,

    i had my Home Office VPN Client connected to the XG 17.5 MR12 and was connected to my office desktop.
    From Office Desktop i upgraded to MR13, it took some time until the upgrade was done and the VPN Client connected againg to MR13.

    Next Step was to upgrade to MR14, after 20minutes still no VPN.

    MR14 is up and running for most of the rules (i hope).

     

    I did a capture today and Diagnostics with BPF 'dst port 8443' gives two captured packets.

    First packet says ... Source IP, Dest IP, Packet, Ports, and ... 

    Status: Violation
    Reason: Local_ACL

    I use VPN on external E1 (WAN).
    And i had disabled (Apply) enable (Apply) Local Service ACL in Admin/Device Access -> WAN / SSl VPN

    Its not confidence inspiring that a simple Update from Release 1 to Release 2 works for the simplest things in a firewall.

    What else can be wrong in a upgrade ...

    Thanks

    Jürgen

      

  • 0 in reply to emmosophos

    Hi!

    I have exact the same problem, and the offical support doesn't help me further.

    So what's the resolution to get SSL VPN back running with MR14-1?

    Thx,

    Christian

  • 0 in reply to Christian Cigler

    Hi Christian,

    Support just restarted the VPN Service from CLI.
    But i think a reboot would have done the same.

    But you are on 14-1, i tried to upgrade yesterday from MR14 - MR14-1.

    This was a desaster, the firewall rebooted and wasn´t seen anymore.
    The Firmware upgrade didn´t upgrade the network settings, all NIC settings where at factory defaults.

    Please verifiy you NIC settings first, maybe you don´t reach VPN because all is at factory settings.

    I reverted to MR14

    regards

    Jürgen

  • 0 in reply to juergenb52

    Hi Jürgen!

    Thx!

    I tried a restart, but it didn't helped.

    I analyzed the OpenVPN log and it seems that it has something to do with the personal certificates.

    As Sophos messed the wohle certificate thing when the Comodo / Sectigo Root expired, I think they have changed something on the certificate validation method in MR-14/MR-14-1.

    I need to investigate this further.

    Regards,

    Christian

  • 0 in reply to Christian Cigler

    Hi All,

    Any update on this? We have the same issue when I did an upgrade to MR14-1, users cannot connect to ssl vpn.

  • 0 in reply to juergenb52

    Hello,

    Any update about this problem?

  • 0 in reply to Luana Farias

    Hello Luana,

    Thank you for contacting the Sophos Community!

    If you are being affected by this please open a ticket with support for further investigation, Jurgen was able to resolve his issue connecting from a different Client. When opening the ticket please do a drop packet capture and add this to the ticket, also send me the Case ID so I can follow-up!

    console > drop-packet-capture 'port 8443' 

    Modify the port accordingly to the one you are using.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to Jayson Philbert Ted Manaol

    Hello Jayson,

    Thank you for contacting the Sophos Community!

    If you are being affected by this please open a ticket with support for further investigation, Jurgen was able to resolve his issue connecting from a different Client. When opening the ticket please do a drop packet capture and add this to the ticket, also send me the Case ID so I can follow-up!

    console > drop-packet-capture 'port 8443'

    Modify the port accordingly to the one you are using.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmanuel!

    It's ridiculous that WE as a customer should do all the work for support.As you can see, the problem is widespread and the solution "to connect from another PC" borders on mockery. How are we going to tell that to the 100 employees? Buy a new PC now and log on from there?
    I had opened a support case about this, but the great Indian support just closed the case without a solution. I escalated, but that didn't help either.It's really sad to see that Sophos doesn't care about end users.

    Best regards,

    Christian

  • 0 in reply to Christian Cigler

    Hi Christian,

    Can you provide support ID for your issue?

    Regards,

    Alok

  • 0 in reply to Luana Farias

    Hi Luana,

    if you have opened support case, can you provide case ID?

    Regards,

    Alok

Reply Children
No Data
Unfiltered HTML