SSL-VPN

Dear all,

I am not able to connect my Internal Network through SSL-VPN can someone help me where the Problem is?

here is the log file 

Mon Nov 01 16:28:11 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Nov 01 16:28:11 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]
Mon Nov 01 16:28:11 2021 MANAGEMENT: >STATE:1635780491,TCP_CONNECT,,,,,,
Mon Nov 01 16:28:12 2021 TCP connection established with [AF_INET]192.168.10.2:8443
Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link local: [undef]
Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link remote: [AF_INET]192.168.10.2:8443
Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,WAIT,,,,,,
Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,AUTH,,,,,,
Mon Nov 01 16:28:12 2021 TLS: Initial packet from [AF_INET]192.168.10.2:8443, sid=76a04405 ce282c32
Mon Nov 01 16:28:12 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.com
Mon Nov 01 16:28:12 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.com
Mon Nov 01 16:28:12 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.com
Mon Nov 01 16:28:13 2021 Connection reset, restarting [0]
Mon Nov 01 16:28:13 2021 SIGUSR1[soft,connection-reset] received, process restarting
Mon Nov 01 16:28:13 2021 MANAGEMENT: >STATE:1635780493,RECONNECTING,connection-reset,,,,,
Mon Nov 01 16:28:13 2021 Restart pause, 5 second(s)



Added TAGs
[edited by: emmosophos at 5:53 PM (GMT -7) on 1 Nov 2021]

Top Replies

Parents
  • Hello Nazir,

    Thank you for contacting the Sophos Community.

    The logs don't show the SSL VPN trying to connect to any Public IP, but rather Private IPs, (unless you tried to obscure the Public IPs), does your XG has a Public IP?

    If not, you’ll need to find the Public IP of the upstream device, and add that to the SSL VPN Override hostname (Configure >> VPN >> Show VPN Settings >> Override hostname.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hallo 

    I am still not able to connect SSL VPN can you advice me where the problem can be ?

    Sat Nov 13 22:06:39 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sat Nov 13 22:06:39 2021 MANAGEMENT: >STATE:1636837599,RESOLVE,,,,,,
    Sat Nov 13 22:06:42 2021 Attempting to establish TCP connection with [AF_INET]79.226.58.37:8443 [nonblock]
    Sat Nov 13 22:06:42 2021 MANAGEMENT: >STATE:1636837602,TCP_CONNECT,,,,,,
    Sat Nov 13 22:06:43 2021 TCP connection established with [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:43 2021 TCPv4_CLIENT link local: [undef]
    Sat Nov 13 22:06:43 2021 TCPv4_CLIENT link remote: [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:43 2021 MANAGEMENT: >STATE:1636837603,WAIT,,,,,,
    Sat Nov 13 22:06:43 2021 MANAGEMENT: >STATE:1636837603,AUTH,,,,,,
    Sat Nov 13 22:06:43 2021 TLS: Initial packet from [AF_INET]79.226.58.37:8443, sid=88b6fc8d e50d8b66
    Sat Nov 13 22:06:43 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.com
    Sat Nov 13 22:06:43 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:43 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:43 2021 Connection reset, restarting [0]
    Sat Nov 13 22:06:43 2021 SIGUSR1[soft,connection-reset] received, process restarting
    Sat Nov 13 22:06:43 2021 MANAGEMENT: >STATE:1636837603,RECONNECTING,connection-reset,,,,,
    Sat Nov 13 22:06:43 2021 Restart pause, 5 second(s)
    Sat Nov 13 22:06:48 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sat Nov 13 22:06:48 2021 MANAGEMENT: >STATE:1636837608,RESOLVE,,,,,,
    Sat Nov 13 22:06:48 2021 Attempting to establish TCP connection with [AF_INET]79.226.58.37:8443 [nonblock]
    Sat Nov 13 22:06:48 2021 MANAGEMENT: >STATE:1636837608,TCP_CONNECT,,,,,,
    Sat Nov 13 22:06:49 2021 TCP connection established with [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:49 2021 TCPv4_CLIENT link local: [undef]
    Sat Nov 13 22:06:49 2021 TCPv4_CLIENT link remote: [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:49 2021 MANAGEMENT: >STATE:1636837609,WAIT,,,,,,
    Sat Nov 13 22:06:49 2021 MANAGEMENT: >STATE:1636837609,AUTH,,,,,,
    Sat Nov 13 22:06:49 2021 TLS: Initial packet from [AF_INET]79.226.58.37:8443, sid=da4925a5 69b97a5f
    Sat Nov 13 22:06:49 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.com
    Sat Nov 13 22:06:49 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:49 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:50 2021 Connection reset, restarting [0]
    Sat Nov 13 22:06:50 2021 SIGUSR1[soft,connection-reset] received, process restarting
    Sat Nov 13 22:06:50 2021 MANAGEMENT: >STATE:1636837610,RECONNECTING,connection-reset,,,,,
    Sat Nov 13 22:06:50 2021 Restart pause, 5 second(s)

    Regards

    Nazir

  • Hello Nazir,

    can you give us a screenshot of your LANCOM configuration regarding the port-forwarding?

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Philipp, 

    thank you from your answer, below you can see my port-forwarding in Lancom Router as well my Lancom WAN and LAN configuration 

    192.168.10.2 ist my sophos-firewall wan-port.

    Regards

    Nazir

Reply Children
  • Hello Nazir,

    that notation "8.443" seems odd to me, can you chek this?

    Also, we have had some problems with Lancom configuration through the webinterface, can you try configuration with LANconfig?

    Mit freundlichem Gruß, Regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hello Philipp, 

    I didn't understand what do you mean that notation 8443 seems odd to you? could you please a little bit explain it what should I do here ? I do always the configuration with LAN config tool.

    Regards

    Nazir