Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 37 replies
  • Answers 3 answers
  • Subscribers 43 subscribers
  • Views 18808 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL-VPN

Nazir Heravi

Dear all,

I am not able to connect my Internal Network through SSL-VPN can someone help me where the Problem is?

here is the log file 

Mon Nov 01 16:28:11 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Nov 01 16:28:11 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]
Mon Nov 01 16:28:11 2021 MANAGEMENT: >STATE:1635780491,TCP_CONNECT,,,,,,
Mon Nov 01 16:28:12 2021 TCP connection established with [AF_INET]192.168.10.2:8443
Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link local: [undef]
Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link remote: [AF_INET]192.168.10.2:8443
Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,WAIT,,,,,,
Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,AUTH,,,,,,
Mon Nov 01 16:28:12 2021 TLS: Initial packet from [AF_INET]192.168.10.2:8443, sid=76a04405 ce282c32
Mon Nov 01 16:28:12 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.com
Mon Nov 01 16:28:12 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.com
Mon Nov 01 16:28:12 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.com
Mon Nov 01 16:28:13 2021 Connection reset, restarting [0]
Mon Nov 01 16:28:13 2021 SIGUSR1[soft,connection-reset] received, process restarting
Mon Nov 01 16:28:13 2021 MANAGEMENT: >STATE:1635780493,RECONNECTING,connection-reset,,,,,
Mon Nov 01 16:28:13 2021 Restart pause, 5 second(s)



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Hi Yash,

    as you meantioned I have createt a DDNS but still I have the same Problem.

    Wed Nov 03 22:51:06 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
    Wed Nov 03 22:51:06 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Enter Management Password:
    Wed Nov 03 22:51:06 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
    Wed Nov 03 22:51:06 2021 Need hold release from management interface, waiting...
    Wed Nov 03 22:51:06 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
    Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'state on'
    Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'log all on'
    Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'hold off'
    Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'hold release'
    Wed Nov 03 22:51:15 2021 MANAGEMENT: CMD 'username "Auth" "nheravi"'
    Wed Nov 03 22:51:15 2021 MANAGEMENT: CMD 'password [...]'
    Wed Nov 03 22:51:15 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Wed Nov 03 22:51:15 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]
    Wed Nov 03 22:51:15 2021 MANAGEMENT: >STATE:1635976275,TCP_CONNECT,,,,,,
    Wed Nov 03 22:51:25 2021 TCP: connect to [AF_INET]192.168.10.2:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.
    Wed Nov 03 22:51:25 2021 SIGUSR1[soft,init_instance] received, process restarting
    Wed Nov 03 22:51:25 2021 MANAGEMENT: >STATE:1635976285,RECONNECTING,init_instance,,,,,
    Wed Nov 03 22:51:25 2021 Restart pause, 5 second(s)
    Wed Nov 03 22:51:30 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Wed Nov 03 22:51:30 2021 Attempting to establish TCP connection with [AF_INET]192.168.20.101:8443 [nonblock]
    Wed Nov 03 22:51:30 2021 MANAGEMENT: >STATE:1635976290,TCP_CONNECT,,,,,,
    Wed Nov 03 22:51:40 2021 TCP: connect to [AF_INET]192.168.20.101:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.
    Wed Nov 03 22:51:40 2021 SIGUSR1[soft,init_instance] received, process restarting
    Wed Nov 03 22:51:40 2021 MANAGEMENT: >STATE:1635976300,RECONNECTING,init_instance,,,,,
    Wed Nov 03 22:51:40 2021 Restart pause, 5 second(s)
    Wed Nov 03 22:51:45 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Wed Nov 03 22:51:45 2021 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock]
    Wed Nov 03 22:51:45 2021 MANAGEMENT: >STATE:1635976305,TCP_CONNECT,,,,,,
    Wed Nov 03 22:51:55 2021 TCP: connect to [AF_INET]10.255.0.1:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.
    Wed Nov 03 22:51:55 2021 SIGUSR1[soft,init_instance] received, process restarting
    Wed Nov 03 22:51:55 2021 MANAGEMENT: >STATE:1635976315,RECONNECTING,init_instance,,,,,
    Wed Nov 03 22:51:55 2021 Restart pause, 5 second(s)
    Wed Nov 03 22:52:00 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Wed Nov 03 22:52:00 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]
    Wed Nov 03 22:52:00 2021 MANAGEMENT: >STATE:1635976320,TCP_CONNECT,,,,,,
    Wed Nov 03 22:52:09 2021 SIGTERM[hard,init_instance] received, process exiting
    Wed Nov 03 22:52:09 2021 MANAGEMENT: >STATE:1635976329,EXITING,init_instance,,,,,

  • FormerMember
    0 FormerMember in reply to Nazir Heravi

    Hi ,

    You'll need to re-install the user configuration file after configuring DDNS on Sophos XG. You can also define DDNS hostname as an override hostname in SSL VPN settings.

  • 0 in reply to FormerMember

    Hi Yash, 

    I have apply your instration, but unfortunately it still not working what I think maybe it did not resolve the IPV6 when I ping the DNS from outside it show me IPV6 see below.

  • FormerMember
    0 FormerMember in reply to Nazir Heravi

    I did DNS lookup and got the correct IP address for starroute.ddns.net

    > server 8.8.8.8
    Default Server: dns.google
    Address: 8.8.8.8

    > starroute.ddns.net
    Server: dns.google
    Address: 8.8.8.8

    Non-authoritative answer:
    Name: starroute.ddns.net
    Address: 80.145.240.133

    Ensure that you have a NAT rule(port forwarding) configured on the ISP router for SSL VPN port 8443

  • 0 in reply to FormerMember

    Hi Yash, 

    ich have did the NAT to the ISP router but still dosent work even I have chnage the Port from 8443 to 443 but still the same problem.

    I think there should be a problem with the confuguration of VPN, becouse even I can not connect to SSL VPN from my local network.

    Regards

    Nazir

  • 0 in reply to Nazir Heravi

    Hi Yash, 

    do you have the possibility to check my sophos SSL-VPN setting though the remote session?

    Regards

    Nazir

  • FormerMember
    0 FormerMember in reply to Nazir Heravi

    Hi ,

    Please change the port back to 8443.

    Check tcpdump on XG by following the below steps.

    ==> Login to SSH > 4. Device Console

    console> tcpdump 'port 8443

    Connect SSL VPN client and check if you see any incoming packets on the firewall or not. Ensure that you've installed the latest user configuration file.

  • 0 in reply to FormerMember

    Hi Yash, 

    I have connected with SSH but looks there is no connection see below also in Firewall Roll I see also no data exchange.

    Regards

    Nazir

    VPN connection on UDP Protocol 

    Tue Nov 09 22:07:29 2021 Restart pause, 2 second (s)
    Tue Nov 09 22:07:31 2021 Socket Buffers: R = [65536-> 65536] S = [65536-> 65536]
    Tue Nov 09 22:07:31 2021 MANAGEMENT:> STATE: 1636492051, RESOLVE ,,,,,,
    Tue Nov 09 22:07:42 2021 MANAGEMENT:> STATE: 1636492062, RESOLVE ,,,,,,
    Tue Nov 09 22:07:48 2021 UDPv4 link local: [undef]
    Tue Nov 09 22:07:48 2021 UDPv4 link remote: [AF_INET] 80.145.240.133:8443
    Tue Nov 09 22:07:48 2021 SIGHUP [hard, init_instance] received, process restarting
    Tue Nov 09 22:07:48 2021 MANAGEMENT:> STATE: 1636492068, RECONNECTING, init_instance ,,,,,
    Tue Nov 09 22:07:48 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
    Tue Nov 09 22:07:48 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Tue Nov 09 22:07:48 2021 Restart pause, 2 second (s)
    Tue Nov 09 22:07:50 2021 Socket Buffers: R = [65536-> 65536] S = [65536-> 65536]
    Tue Nov 09 22:07:50 2021 MANAGEMENT:> STATE: 1636492070, RESOLVE ,,,,,,
    Tue Nov 09 22:07:50 2021 RESOLVE: Cannot resolve host address: starroute.ddns.net: The specified host is unknown.
    Tue Nov 09 22:07:50 2021 MANAGEMENT:> STATE: 1636492070, RESOLVE ,,,,,,
    Tue Nov 09 22:07:50 2021 RESOLVE: Cannot resolve host address: starroute.ddns.net: The specified host is unknown.
    Tue Nov 09 22:07:58 2021 UDPv4 link local: [undef]
    Tue Nov 09 22:07:58 2021 UDPv4 link remote: [AF_INET] 80.145.240.133:8443
    Tue Nov 09 22:07:58 2021 MANAGEMENT:> STATE: 1636492078, WAIT ,,,,,

    VPN connection on TCP Protocol 

    Tue Nov 09 22:13:37 2021 MANAGEMENT:> STATE: 1636492417, RESOLVE ,,,,,,
    Tue Nov 09 22:13:37 2021 MANAGEMENT:> STATE: 1636492417, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:13:47 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:13:52 2021 MANAGEMENT:> STATE: 1636492432, RESOLVE ,,,,,,
    Tue Nov 09 22:13:52 2021 MANAGEMENT:> STATE: 1636492432, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:14:03 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:14:08 2021 MANAGEMENT:> STATE: 1636492448, RESOLVE ,,,,,,
    Tue Nov 09 22:14:08 2021 MANAGEMENT:> STATE: 1636492448, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:14:18 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:14:23 2021 MANAGEMENT:> STATE: 1636492463, RESOLVE ,,,,,,
    Tue Nov 09 22:14:23 2021 MANAGEMENT:> STATE: 1636492463, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:14:33 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:14:38 2021 MANAGEMENT:> STATE: 1636492478, RESOLVE ,,,,,,
    Tue Nov 09 22:14:39 2021 MANAGEMENT:> STATE: 1636492479, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:14:49 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:14:54 2021 MANAGEMENT:> STATE: 1636492494, RESOLVE ,,,,,,
    Tue Nov 09 22:14:54 2021 MANAGEMENT:> STATE: 1636492494, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:15:04 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:15:09 2021 MANAGEMENT:> STATE: 1636492509, RESOLVE ,,,,,,
    Tue Nov 09 22:15:09 2021 MANAGEMENT:> STATE: 1636492509, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:15:19 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:15:24 2021 MANAGEMENT:> STATE: 1636492524, RESOLVE ,,,,,,
    Tue Nov 09 22:15:24 2021 MANAGEMENT:> STATE: 1636492524, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:15:34 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:15:39 2021 MANAGEMENT:> STATE: 1636492539, RESOLVE ,,,,,,
    Tue Nov 09 22:15:40 2021 MANAGEMENT:> STATE: 1636492540, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:15:50 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:15:55 2021 MANAGEMENT:> STATE: 1636492555, RESOLVE ,,,,,,
    Tue Nov 09 22:15:55 2021 MANAGEMENT:> STATE: 1636492555, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:16:05 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:16:10 2021 MANAGEMENT:> STATE: 1636492570, RESOLVE ,,,,,,
    Tue Nov 09 22:16:10 2021 MANAGEMENT:> STATE: 1636492570, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:16:20 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:16:25 2021 MANAGEMENT:> STATE: 1636492585, RESOLVE ,,,,,,
    Tue Nov 09 22:16:25 2021 MANAGEMENT:> STATE: 1636492585, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:16:35 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.
    Tue Nov 09 22:16:40 2021 MANAGEMENT:> STATE: 1636492600, RESOLVE ,,,,,,
    Tue Nov 09 22:16:40 2021 MANAGEMENT:> STATE: 1636492600, TCP_CONNECT ,,,,,,
    Tue Nov 09 22:16:50 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to connect to a directory on a JOIN

Unfiltered HTML