This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG SSL VPN Client Connection Issue

I have a few users that are sporadically running into a weird issue when connected to my Sophos XG SSL VPN Client.
They are able to work on the VPN Client for a random period of time (sometimes they are fine for days, sometimes the connection seems to hang multiple times a day). When the connection hangs certain applications hang (Slack, sometimes web browsing) and they are forced to reboot to fully disconnect and be able to connect again.
I've whitelisted the Sophos SSL VPN Client in our AV. I've made sure the network drivers are up-to-date.
I am seeing weird logs (below). One thing that sticks out to me is the "auth failure". The user is not prompted to re-login. Could this have something to do with the OTP configured for all my VPN users? If so why does it only affect certain people? Could it be a bandwidth issue (are they sending too much traffic at once)? I'm honestly a bit lost what to look for next.
 
Sun May 23 16:12:10 2021 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Sun May 23 16:12:10 2021 Connection reset, restarting [-1]
Sun May 23 16:12:10 2021 SIGUSR1[soft,connection-reset] received, process restarting
Sun May 23 16:12:10 2021 MANAGEMENT: >STATE:1621800730,RECONNECTING,connection-reset,,,,,
Sun May 23 16:12:10 2021 Restart pause, 5 second(s)
Sun May 23 16:12:15 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun May 23 16:12:15 2021 Attempting to establish TCP connection with [AF_INET]<"ISP2">:8443 [nonblock]
Sun May 23 16:12:15 2021 MANAGEMENT: >STATE:1621800735,TCP_CONNECT,,,,,,
Sun May 23 16:12:16 2021 TCP connection established with [AF_INET]<"ISP2">:8443
Sun May 23 16:12:16 2021 TCPv4_CLIENT link local: [undef]
Sun May 23 16:12:16 2021 TCPv4_CLIENT link remote: [AF_INET]<"ISP2">:8443
Sun May 23 16:12:16 2021 MANAGEMENT: >STATE:1621800736,WAIT,,,,,,
Sun May 23 16:12:16 2021 MANAGEMENT: >STATE:1621800736,AUTH,,,,,,
Sun May 23 16:12:16 2021 TLS: Initial packet from [AF_INET]<"ISP2">:8443, sid=45be891d 299ade8c
Sun May 23 16:12:17 2021 VERIFY OK: depth=1, C=US, ST=NY, L=New York, O=Company's's, OU=IT, CN=10.10.200.10, emailAddress=email@email.com
Sun May 23 16:12:17 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_ox8khOLi3ULSAxK, emailAddress=na@example.com
Sun May 23 16:12:17 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_ox8khOLi3ULSAxK, emailAddress=na@example.com
Sun May 23 16:12:18 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 23 16:12:18 2021 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 23 16:12:18 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 23 16:12:18 2021 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 23 16:12:18 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun May 23 16:12:18 2021 [Appliance_Certificate_ox8khOLi3ULSAxK] Peer Connection Initiated with [AF_INET]<"ISP2">:8443
Sun May 23 16:12:19 2021 MANAGEMENT: >STATE:1621800739,GET_CONFIG,,,,,,
Sun May 23 16:12:20 2021 SENT CONTROL [Appliance_Certificate_ox8khOLi3ULSAxK]: 'PUSH_REQUEST' (status=1)
Sun May 23 16:12:20 2021 AUTH: Received control message: AUTH_FAILED
Sun May 23 16:12:20 2021 SIGUSR1[soft,auth-failure] received, process restarting
Sun May 23 16:12:20 2021 MANAGEMENT: >STATE:1621800740,RECONNECTING,auth-failure,,,,,
Sun May 23 16:12:20 2021 Restart pause, 5 second(s)
Sun May 23 16:13:20 2021 MANAGEMENT: CMD 'username "Auth" "amitayu.jain"'
Sun May 23 16:13:20 2021 MANAGEMENT: CMD 'password [...]'
Sun May 23 16:13:20 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun May 23 16:13:20 2021 Attempting to establish TCP connection with [AF_INET]<"ISP2">:8443 [nonblock]
Sun May 23 16:13:20 2021 MANAGEMENT: >STATE:1621800800,TCP_CONNECT,,,,,,
Sun May 23 16:13:21 2021 TCP connection established with [AF_INET]<"ISP2">:8443
Sun May 23 16:13:21 2021 TCPv4_CLIENT link local: [undef]
Sun May 23 16:13:21 2021 TCPv4_CLIENT link remote: [AF_INET]<"ISP2">:8443
Sun May 23 16:13:21 2021 MANAGEMENT: >STATE:1621800801,WAIT,,,,,,
Sun May 23 16:13:21 2021 MANAGEMENT: >STATE:1621800801,AUTH,,,,,,
Sun May 23 16:13:21 2021 TLS: Initial packet from [AF_INET]<"ISP2">:8443, sid=09db39de 4867a55b
Sun May 23 16:13:21 2021 VERIFY OK: depth=1, C=US, ST=NY, L=New York, O=Company's's, OU=IT, CN=10.10.200.10, emailAddress=email@email.com
Sun May 23 16:13:21 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_ox8khOLi3ULSAxK, emailAddress=na@example.com
Sun May 23 16:13:21 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_ox8khOLi3ULSAxK, emailAddress=na@example.com
Sun May 23 16:13:23 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 23 16:13:23 2021 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 23 16:13:23 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 23 16:13:23 2021 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 23 16:13:23 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun May 23 16:13:23 2021 [Appliance_Certificate_ox8khOLi3ULSAxK] Peer Connection Initiated with [AF_INET]<"ISP2">:8443
Sun May 23 16:13:24 2021 MANAGEMENT: >STATE:1621800804,GET_CONFIG,,,,,,
Sun May 23 16:13:25 2021 SENT CONTROL [Appliance_Certificate_ox8khOLi3ULSAxK]: 'PUSH_REQUEST' (status=1)
Sun May 23 16:13:25 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.10.50.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,redirect-gateway def1,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,dhcp-option DNS 10.10.100.100,dhcp-option DNS 10.10.100.101,dhcp-option DOMAIN company.local,ifconfig 10.10.50.6 255.255.254.0'
Sun May 23 16:13:25 2021 OPTIONS IMPORT: timers and/or timeouts modified
Sun May 23 16:13:25 2021 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun May 23 16:13:25 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun May 23 16:13:25 2021 OPTIONS IMPORT: --ifconfig/up options modified
Sun May 23 16:13:25 2021 OPTIONS IMPORT: route options modified
Sun May 23 16:13:25 2021 OPTIONS IMPORT: route-related options modified
Sun May 23 16:13:25 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun May 23 16:13:25 2021 Preserving previous TUN/TAP instance: Ethernet 2
Sun May 23 16:13:25 2021 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sun May 23 16:13:25 2021 C:\WINDOWS\system32\route.exe DELETE <"ISP2"> MASK 255.255.255.255 10.0.0.1
Sun May 23 16:13:25 2021 Route deletion via service succeeded
Sun May 23 16:13:25 2021 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.10.50.5
Sun May 23 16:13:25 2021 Route deletion via service succeeded
Sun May 23 16:13:25 2021 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.10.50.5
Sun May 23 16:13:25 2021 Route deletion via service succeeded
Sun May 23 16:13:25 2021 Closing TUN/TAP interface
Sun May 23 16:13:26 2021 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 I=8 HWADDR=04:ea:56:ad:a2:19
Sun May 23 16:13:26 2021 open_tun, tt->ipv6=0
Sun May 23 16:13:26 2021 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F6A43942-59BC-48D3-B253-D46682242405}.tap
Sun May 23 16:13:26 2021 TAP-Windows Driver Version 9.21
Sun May 23 16:13:26 2021 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.50.0/10.10.50.6/255.255.254.0 [SUCCEEDED]
Sun May 23 16:13:26 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.50.6/255.255.254.0 on interface {F6A43942-59BC-48D3-B253-D46682242405} [DHCP-serv: 10.10.51.254, lease-time: 31536000]
Sun May 23 16:13:26 2021 Successful ARP Flush on interface [20] {F6A43942-59BC-48D3-B253-D46682242405}
Sun May 23 16:13:26 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun May 23 16:13:26 2021 MANAGEMENT: >STATE:1621800806,ASSIGN_IP,,10.10.50.6,,,,
Sun May 23 16:13:30 2021 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sun May 23 16:13:30 2021 C:\WINDOWS\system32\route.exe ADD <"ISP2"> MASK 255.255.255.255 10.0.0.1
Sun May 23 16:13:30 2021 Route addition via service succeeded
Sun May 23 16:13:30 2021 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.10.50.5
Sun May 23 16:13:30 2021 Route addition via service succeeded
Sun May 23 16:13:30 2021 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.10.50.5
Sun May 23 16:13:30 2021 Route addition via service succeeded
Sun May 23 16:13:30 2021 MANAGEMENT: >STATE:1621800810,ADD_ROUTES,,,,,,
Sun May 23 16:13:30 2021 C:\WINDOWS\system32\route.exe ADD <"ISP2"> MASK 255.255.255.255 10.0.0.1
Sun May 23 16:13:30 2021 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=8]
Sun May 23 16:13:30 2021 Route addition via service failed
Sun May 23 16:13:30 2021 C:\WINDOWS\system32\route.exe ADD <"ISP2"> MASK 255.255.255.255 10.0.0.1
Sun May 23 16:13:30 2021 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=8]
Sun May 23 16:13:30 2021 Route addition via service failed
Sun May 23 16:13:30 2021 Initialization Sequence Completed
Sun May 23 16:13:30 2021 MANAGEMENT: >STATE:1621800810,CONNECTED,SUCCESS,10.10.50.6,<"ISP2">,8443,10.0.0.94,62558
Sun May 23 16:16:20 2021 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Sun May 23 16:16:20 2021 Connection reset, restarting [-1]
Sun May 23 16:16:20 2021 SIGUSR1[soft,connection-reset] received, process restarting
Sun May 23 16:16:20 2021 MANAGEMENT: >STATE:1621800980,RECONNECTING,connection-reset,,,,,
Sun May 23 16:16:20 2021 Restart pause, 5 second(s)
Sun May 23 16:16:25 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun May 23 16:16:25 2021 Attempting to establish TCP connection with [AF_INET]<"ISP2">:8443 [nonblock]
Sun May 23 16:16:25 2021 MANAGEMENT: >STATE:1621800985,TCP_CONNECT,,,,,,
Sun May 23 16:16:26 2021 TCP connection established with [AF_INET]<"ISP2">:8443
Sun May 23 16:16:26 2021 TCPv4_CLIENT link local: [undef]
Sun May 23 16:16:26 2021 TCPv4_CLIENT link remote: [AF_INET]<"ISP2">:8443
Sun May 23 16:16:26 2021 MANAGEMENT: >STATE:1621800986,WAIT,,,,,,
Sun May 23 16:16:26 2021 MANAGEMENT: >STATE:1621800986,AUTH,,,,,,
Sun May 23 16:16:26 2021 TLS: Initial packet from [AF_INET]<"ISP2">:8443, sid=cb90b893 e5df2fa6
Sun May 23 16:16:27 2021 VERIFY OK: depth=1, C=US, ST=NY, L=New York, O=Company's's, OU=IT, CN=10.10.200.10, emailAddress=email@email.com
Sun May 23 16:16:27 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_ox8khOLi3ULSAxK, emailAddress=na@example.com
Sun May 23 16:16:27 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_ox8khOLi3ULSAxK, emailAddress=na@example.com
Sun May 23 16:16:28 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 23 16:16:28 2021 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 23 16:16:28 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun May 23 16:16:28 2021 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun May 23 16:16:28 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun May 23 16:16:28 2021 [Appliance_Certificate_ox8khOLi3ULSAxK] Peer Connection Initiated with [AF_INET]<"ISP2">:8443
Sun May 23 16:16:29 2021 MANAGEMENT: >STATE:1621800989,GET_CONFIG,,,,,,
Sun May 23 16:16:30 2021 SENT CONTROL [Appliance_Certificate_ox8khOLi3ULSAxK]: 'PUSH_REQUEST' (status=1)
Sun May 23 16:16:30 2021 AUTH: Received control message: AUTH_FAILED
Sun May 23 16:16:30 2021 SIGUSR1[soft,auth-failure] received, process restarting
Sun May 23 16:16:30 2021 MANAGEMENT: >STATE:1621800990,RECONNECTING,auth-failure,,,,,
Sun May 23 16:16:30 2021 Restart pause, 5 second(s)


This thread was automatically locked due to age.
Parents Reply Children