Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting script error when trying to connect to SSL Remote through Sophos Connect

I've installed Sophos Connect and double clicked a ,pro file I've created, and I'm getting the following error when I try to connect:

And the connection sits at:

Any help would really be appreciated!

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • I've setup a test environment with a VM Firewall 18.5.2 with local users to test certificate changes and connect client scenarios.

    When connecting to the imported .pro file, I get the same issues as described here.

    file:///C:/Program%20Files%20(x86)/Sophos/Connect/GUI/js/connections.js

    In logviewer it is clear that the user can successfully login

    The user has access to the SSP profile

    The test user can log on to the userportal and can see and download vpn config.exe

    How can I debug that error? The SC logs are absolutely no help.

    2022-02-10 06:47:22PM [24932] dbg Provisioning connection from gateway: vpn.fqdn.lan
    2022-02-10 06:47:34PM [24932] err Failed to download the configuration from vpn.fqdn.lan
    2022-02-10 06:47:34PM [24932] dbg Sending notification: Failed to load connection

    I'm using self generated Certificates on the Firewall for Userportal and SSL VPN and have imported the Firewall CA into the machine store of Windows.

    Wireshark shows successful TLS negotiation between client and firewall.

    in the auth log of firewall i see "connected through clientless access" and the user has no clientless ssl vpn policy. I think I have never configured that before.

    any idea?

  • It's very hard to troubleshoot this as you say.  I've seen it before as I said if they don't have an email address in their user profile in the XG and I've also seen it if they weren't in a group that had access as well.  I'd double check that they are in a group in the XG, and that that group has access and that they also have an email address in their user profile.

  • thanks for your quick reply.

    the user had a generic mail address.

    it was in open group - so I created a new local group, put in the user and allowed the group to the ssl vpn profile. no change unfortunately.

  • Do you use some sort of old browser on the client? 

    __________________________________________________________________________________________________________________

  • No, I don't. This is a computer that can successfully connect to the production firewall system SSL VPN with Connect Client.

    The usernames on the test system are different than on the live system.

    To clarify what happens:

    connect client starts,

    the pro file has been doubleclicked and the connection appears in SC client

    When I connect it, I enter username password, do not get a message that anything is wrong

    In eventviewer on firewall I can see the user logging in, like seen here:

    SC client brings error: failed to load connection

    If I try connect again, I get the .js error message popup

    file:///C:/Program%20Files%20(x86)/Sophos/Connect/GUI/js/connections.js

  • I've seen, that when I download the config manually from the userportal, it has 0kb and not the regular file icon

  • __________________________________________________________________________________________________________________

  • thanks. yes, it's because it's an isolated test environment and the SFOS does not come shipped with the client installers.

    Requested file could not be provided. Make sure Pattern Updates are working correctly.
    You can find it under 'Backup & Firmware' -> 'Pattern Updates'

    Unfortunately, the manual pattern update file does not contain the installers, too.

    https://airgap.u2d.sophos.com/sfos_patterns_update.tar

    2022-02-11 10:41:27
    Up2Date
    Failed
    Failed to download file sophosconnect_1.00_2.1.001.tar.gz.gpg

  • with the help of the link you posted,  I was able to pull the SC installers from the production machine /content/ipsec_1.00/2.1.001, copy that on the test machine, created the links

    # ln -s /content/ipsec_1.00/2.1.001/ /content/ipsec

    # pwd
    /content
    # ls ipsec -al
    lrwxrwxrwx    1 root     0               27 Mar 10  2021 ipsec -> /content/ipsec_1.00/2.1.001

    After a firewall reboot, I could download the files from userportal and then SC could load the config and successfully create the SSL VPN.