Dear all,
I am not able to connect my Internal Network through SSL-VPN can someone help me where the Problem is?
here is the log file
Mon Nov 01 16:28:11 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]Mon Nov 01 16:28:11 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]Mon Nov 01 16:28:11 2021 MANAGEMENT: >STATE:1635780491,TCP_CONNECT,,,,,,Mon Nov 01 16:28:12 2021 TCP connection established with [AF_INET]192.168.10.2:8443Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link local: [undef]Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link remote: [AF_INET]192.168.10.2:8443Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,WAIT,,,,,,Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,AUTH,,,,,,Mon Nov 01 16:28:12 2021 TLS: Initial packet from [AF_INET]192.168.10.2:8443, sid=76a04405 ce282c32Mon Nov 01 16:28:12 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.comMon Nov 01 16:28:12 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.comMon Nov 01 16:28:12 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.comMon Nov 01 16:28:13 2021 Connection reset, restarting [0]Mon Nov 01 16:28:13 2021 SIGUSR1[soft,connection-reset] received, process restartingMon Nov 01 16:28:13 2021 MANAGEMENT: >STATE:1635780493,RECONNECTING,connection-reset,,,,,Mon Nov 01 16:28:13 2021 Restart pause, 5 second(s)
Hi Nazir Heravi,
Is an upstream router(ISP) configured with static IP or PPPoE?
If it’s configured with static IP then define 'Override hostname' with that IP in SSL VPN settings on the XG firewall.…
Hello Nazir,
Thank you for contacting the Sophos Community.
The logs don't show the SSL VPN trying to connect to any Public IP, but rather Private IPs, (unless you tried to obscure the Public IPs), does your XG has a Public IP?
If not, you’ll need to find the Public IP of the upstream device, and add that to the SSL VPN Override hostname (Configure >> VPN >> Show VPN Settings >> Override hostname.
Regards,
Hello,
before XG-Firewall I have a router and below is my WAN subnet in xg firewall.
If it’s configured with static IP then define 'Override hostname' with that IP in SSL VPN settings on the XG firewall.
For PPPoE with dynamic IP, you may configure dynamic DNS and use it to connect to SSL VPN.
Hello Yash,
thanks for your comment, actually I don't know what you mean with dynamic DNS and where I have to create that. here is my network Diagram and IP infrastructure. can you please tell me what should I do and where I have to create a DDNS?
Regards
Nazir
You can get the Dynamic DNS (DDNS) from supported(by XG) third-party DDNS providers and can use it to connect to SSL VPN.
Once you have got the DDNS, you can add it to Sophos firewall and can map it with NATed public IP.
Dynamic DNS
Hi Yash,
as you meantioned I have createt a DDNS but still I have the same Problem.
Wed Nov 03 22:51:06 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017Wed Nov 03 22:51:06 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09Enter Management Password:Wed Nov 03 22:51:06 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341Wed Nov 03 22:51:06 2021 Need hold release from management interface, waiting...Wed Nov 03 22:51:06 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'state on'Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'log all on'Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'hold off'Wed Nov 03 22:51:06 2021 MANAGEMENT: CMD 'hold release'Wed Nov 03 22:51:15 2021 MANAGEMENT: CMD 'username "Auth" "nheravi"'Wed Nov 03 22:51:15 2021 MANAGEMENT: CMD 'password [...]'Wed Nov 03 22:51:15 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]Wed Nov 03 22:51:15 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]Wed Nov 03 22:51:15 2021 MANAGEMENT: >STATE:1635976275,TCP_CONNECT,,,,,,Wed Nov 03 22:51:25 2021 TCP: connect to [AF_INET]192.168.10.2:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen. Wed Nov 03 22:51:25 2021 SIGUSR1[soft,init_instance] received, process restartingWed Nov 03 22:51:25 2021 MANAGEMENT: >STATE:1635976285,RECONNECTING,init_instance,,,,,Wed Nov 03 22:51:25 2021 Restart pause, 5 second(s)Wed Nov 03 22:51:30 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]Wed Nov 03 22:51:30 2021 Attempting to establish TCP connection with [AF_INET]192.168.20.101:8443 [nonblock]Wed Nov 03 22:51:30 2021 MANAGEMENT: >STATE:1635976290,TCP_CONNECT,,,,,,Wed Nov 03 22:51:40 2021 TCP: connect to [AF_INET]192.168.20.101:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen. Wed Nov 03 22:51:40 2021 SIGUSR1[soft,init_instance] received, process restartingWed Nov 03 22:51:40 2021 MANAGEMENT: >STATE:1635976300,RECONNECTING,init_instance,,,,,Wed Nov 03 22:51:40 2021 Restart pause, 5 second(s)Wed Nov 03 22:51:45 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]Wed Nov 03 22:51:45 2021 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock]Wed Nov 03 22:51:45 2021 MANAGEMENT: >STATE:1635976305,TCP_CONNECT,,,,,,Wed Nov 03 22:51:55 2021 TCP: connect to [AF_INET]10.255.0.1:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen. Wed Nov 03 22:51:55 2021 SIGUSR1[soft,init_instance] received, process restartingWed Nov 03 22:51:55 2021 MANAGEMENT: >STATE:1635976315,RECONNECTING,init_instance,,,,,Wed Nov 03 22:51:55 2021 Restart pause, 5 second(s)Wed Nov 03 22:52:00 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]Wed Nov 03 22:52:00 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]Wed Nov 03 22:52:00 2021 MANAGEMENT: >STATE:1635976320,TCP_CONNECT,,,,,,Wed Nov 03 22:52:09 2021 SIGTERM[hard,init_instance] received, process exitingWed Nov 03 22:52:09 2021 MANAGEMENT: >STATE:1635976329,EXITING,init_instance,,,,,
You'll need to re-install the user configuration file after configuring DDNS on Sophos XG. You can also define DDNS hostname as an override hostname in SSL VPN settings.
I have apply your instration, but unfortunately it still not working what I think maybe it did not resolve the IPV6 when I ping the DNS from outside it show me IPV6 see below.
I did DNS lookup and got the correct IP address for starroute.ddns.net
> server 8.8.8.8Default Server: dns.googleAddress: 8.8.8.8
> starroute.ddns.netServer: dns.googleAddress: 8.8.8.8
Non-authoritative answer:Name: starroute.ddns.netAddress: 80.145.240.133
Ensure that you have a NAT rule(port forwarding) configured on the ISP router for SSL VPN port 8443
ich have did the NAT to the ISP router but still dosent work even I have chnage the Port from 8443 to 443 but still the same problem.
I think there should be a problem with the confuguration of VPN, becouse even I can not connect to SSL VPN from my local network.
do you have the possibility to check my sophos SSL-VPN setting though the remote session?
Please change the port back to 8443.
Check tcpdump on XG by following the below steps.
==> Login to SSH > 4. Device Console
console> tcpdump 'port 8443
Connect SSL VPN client and check if you see any incoming packets on the firewall or not. Ensure that you've installed the latest user configuration file.
I have connected with SSH but looks there is no connection see below also in Firewall Roll I see also no data exchange.
VPN connection on UDP Protocol
Tue Nov 09 22:07:29 2021 Restart pause, 2 second (s)Tue Nov 09 22:07:31 2021 Socket Buffers: R = [65536-> 65536] S = [65536-> 65536]Tue Nov 09 22:07:31 2021 MANAGEMENT:> STATE: 1636492051, RESOLVE ,,,,,,Tue Nov 09 22:07:42 2021 MANAGEMENT:> STATE: 1636492062, RESOLVE ,,,,,,Tue Nov 09 22:07:48 2021 UDPv4 link local: [undef]Tue Nov 09 22:07:48 2021 UDPv4 link remote: [AF_INET] 80.145.240.133:8443Tue Nov 09 22:07:48 2021 SIGHUP [hard, init_instance] received, process restartingTue Nov 09 22:07:48 2021 MANAGEMENT:> STATE: 1636492068, RECONNECTING, init_instance ,,,,,Tue Nov 09 22:07:48 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017Tue Nov 09 22:07:48 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09Tue Nov 09 22:07:48 2021 Restart pause, 2 second (s)Tue Nov 09 22:07:50 2021 Socket Buffers: R = [65536-> 65536] S = [65536-> 65536]Tue Nov 09 22:07:50 2021 MANAGEMENT:> STATE: 1636492070, RESOLVE ,,,,,,Tue Nov 09 22:07:50 2021 RESOLVE: Cannot resolve host address: starroute.ddns.net: The specified host is unknown.Tue Nov 09 22:07:50 2021 MANAGEMENT:> STATE: 1636492070, RESOLVE ,,,,,,Tue Nov 09 22:07:50 2021 RESOLVE: Cannot resolve host address: starroute.ddns.net: The specified host is unknown.Tue Nov 09 22:07:58 2021 UDPv4 link local: [undef]Tue Nov 09 22:07:58 2021 UDPv4 link remote: [AF_INET] 80.145.240.133:8443Tue Nov 09 22:07:58 2021 MANAGEMENT:> STATE: 1636492078, WAIT ,,,,,
VPN connection on TCP Protocol
Tue Nov 09 22:13:37 2021 MANAGEMENT:> STATE: 1636492417, RESOLVE ,,,,,,Tue Nov 09 22:13:37 2021 MANAGEMENT:> STATE: 1636492417, TCP_CONNECT ,,,,,,Tue Nov 09 22:13:47 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:13:52 2021 MANAGEMENT:> STATE: 1636492432, RESOLVE ,,,,,,Tue Nov 09 22:13:52 2021 MANAGEMENT:> STATE: 1636492432, TCP_CONNECT ,,,,,,Tue Nov 09 22:14:03 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:14:08 2021 MANAGEMENT:> STATE: 1636492448, RESOLVE ,,,,,,Tue Nov 09 22:14:08 2021 MANAGEMENT:> STATE: 1636492448, TCP_CONNECT ,,,,,,Tue Nov 09 22:14:18 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:14:23 2021 MANAGEMENT:> STATE: 1636492463, RESOLVE ,,,,,,Tue Nov 09 22:14:23 2021 MANAGEMENT:> STATE: 1636492463, TCP_CONNECT ,,,,,,Tue Nov 09 22:14:33 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:14:38 2021 MANAGEMENT:> STATE: 1636492478, RESOLVE ,,,,,,Tue Nov 09 22:14:39 2021 MANAGEMENT:> STATE: 1636492479, TCP_CONNECT ,,,,,,Tue Nov 09 22:14:49 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:14:54 2021 MANAGEMENT:> STATE: 1636492494, RESOLVE ,,,,,,Tue Nov 09 22:14:54 2021 MANAGEMENT:> STATE: 1636492494, TCP_CONNECT ,,,,,,Tue Nov 09 22:15:04 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:15:09 2021 MANAGEMENT:> STATE: 1636492509, RESOLVE ,,,,,,Tue Nov 09 22:15:09 2021 MANAGEMENT:> STATE: 1636492509, TCP_CONNECT ,,,,,,Tue Nov 09 22:15:19 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:15:24 2021 MANAGEMENT:> STATE: 1636492524, RESOLVE ,,,,,,Tue Nov 09 22:15:24 2021 MANAGEMENT:> STATE: 1636492524, TCP_CONNECT ,,,,,,Tue Nov 09 22:15:34 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:15:39 2021 MANAGEMENT:> STATE: 1636492539, RESOLVE ,,,,,,Tue Nov 09 22:15:40 2021 MANAGEMENT:> STATE: 1636492540, TCP_CONNECT ,,,,,,Tue Nov 09 22:15:50 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:15:55 2021 MANAGEMENT:> STATE: 1636492555, RESOLVE ,,,,,,Tue Nov 09 22:15:55 2021 MANAGEMENT:> STATE: 1636492555, TCP_CONNECT ,,,,,,Tue Nov 09 22:16:05 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:16:10 2021 MANAGEMENT:> STATE: 1636492570, RESOLVE ,,,,,,Tue Nov 09 22:16:10 2021 MANAGEMENT:> STATE: 1636492570, TCP_CONNECT ,,,,,,Tue Nov 09 22:16:20 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:16:25 2021 MANAGEMENT:> STATE: 1636492585, RESOLVE ,,,,,,Tue Nov 09 22:16:25 2021 MANAGEMENT:> STATE: 1636492585, TCP_CONNECT ,,,,,,Tue Nov 09 22:16:35 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to find a drive in a directory on a JOIN-assigned drive to be assigned with SUBST.Tue Nov 09 22:16:40 2021 MANAGEMENT:> STATE: 1636492600, RESOLVE ,,,,,,Tue Nov 09 22:16:40 2021 MANAGEMENT:> STATE: 1636492600, TCP_CONNECT ,,,,,,Tue Nov 09 22:16:50 2021 TCP: connect to [AF_INET] 80.145.240.133:8443 failed, will try again in 5 seconds: The system tried to connect to a directory on a JOIN