Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 37 replies
  • Answers 3 answers
  • Subscribers 43 subscribers
  • Views 18628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL-VPN

Nazir Heravi

Dear all,

I am not able to connect my Internal Network through SSL-VPN can someone help me where the Problem is?

here is the log file 

Mon Nov 01 16:28:11 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Nov 01 16:28:11 2021 Attempting to establish TCP connection with [AF_INET]192.168.10.2:8443 [nonblock]
Mon Nov 01 16:28:11 2021 MANAGEMENT: >STATE:1635780491,TCP_CONNECT,,,,,,
Mon Nov 01 16:28:12 2021 TCP connection established with [AF_INET]192.168.10.2:8443
Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link local: [undef]
Mon Nov 01 16:28:12 2021 TCPv4_CLIENT link remote: [AF_INET]192.168.10.2:8443
Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,WAIT,,,,,,
Mon Nov 01 16:28:12 2021 MANAGEMENT: >STATE:1635780492,AUTH,,,,,,
Mon Nov 01 16:28:12 2021 TLS: Initial packet from [AF_INET]192.168.10.2:8443, sid=76a04405 ce282c32
Mon Nov 01 16:28:12 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.com
Mon Nov 01 16:28:12 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.com
Mon Nov 01 16:28:12 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_Msmuj2KJdzamsAo, emailAddress=na@example.com
Mon Nov 01 16:28:13 2021 Connection reset, restarting [0]
Mon Nov 01 16:28:13 2021 SIGUSR1[soft,connection-reset] received, process restarting
Mon Nov 01 16:28:13 2021 MANAGEMENT: >STATE:1635780493,RECONNECTING,connection-reset,,,,,
Mon Nov 01 16:28:13 2021 Restart pause, 5 second(s)



This thread was automatically locked due to age.
Parents
  • 0

    Hello Nazir,

    Thank you for contacting the Sophos Community.

    The logs don't show the SSL VPN trying to connect to any Public IP, but rather Private IPs, (unless you tried to obscure the Public IPs), does your XG has a Public IP?

    If not, you’ll need to find the Public IP of the upstream device, and add that to the SSL VPN Override hostname (Configure >> VPN >> Show VPN Settings >> Override hostname.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hallo 

    I am still not able to connect SSL VPN can you advice me where the problem can be ?

    Sat Nov 13 22:06:39 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sat Nov 13 22:06:39 2021 MANAGEMENT: >STATE:1636837599,RESOLVE,,,,,,
    Sat Nov 13 22:06:42 2021 Attempting to establish TCP connection with [AF_INET]79.226.58.37:8443 [nonblock]
    Sat Nov 13 22:06:42 2021 MANAGEMENT: >STATE:1636837602,TCP_CONNECT,,,,,,
    Sat Nov 13 22:06:43 2021 TCP connection established with [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:43 2021 TCPv4_CLIENT link local: [undef]
    Sat Nov 13 22:06:43 2021 TCPv4_CLIENT link remote: [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:43 2021 MANAGEMENT: >STATE:1636837603,WAIT,,,,,,
    Sat Nov 13 22:06:43 2021 MANAGEMENT: >STATE:1636837603,AUTH,,,,,,
    Sat Nov 13 22:06:43 2021 TLS: Initial packet from [AF_INET]79.226.58.37:8443, sid=88b6fc8d e50d8b66
    Sat Nov 13 22:06:43 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.com
    Sat Nov 13 22:06:43 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:43 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:43 2021 Connection reset, restarting [0]
    Sat Nov 13 22:06:43 2021 SIGUSR1[soft,connection-reset] received, process restarting
    Sat Nov 13 22:06:43 2021 MANAGEMENT: >STATE:1636837603,RECONNECTING,connection-reset,,,,,
    Sat Nov 13 22:06:43 2021 Restart pause, 5 second(s)
    Sat Nov 13 22:06:48 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sat Nov 13 22:06:48 2021 MANAGEMENT: >STATE:1636837608,RESOLVE,,,,,,
    Sat Nov 13 22:06:48 2021 Attempting to establish TCP connection with [AF_INET]79.226.58.37:8443 [nonblock]
    Sat Nov 13 22:06:48 2021 MANAGEMENT: >STATE:1636837608,TCP_CONNECT,,,,,,
    Sat Nov 13 22:06:49 2021 TCP connection established with [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:49 2021 TCPv4_CLIENT link local: [undef]
    Sat Nov 13 22:06:49 2021 TCPv4_CLIENT link remote: [AF_INET]79.226.58.37:8443
    Sat Nov 13 22:06:49 2021 MANAGEMENT: >STATE:1636837609,WAIT,,,,,,
    Sat Nov 13 22:06:49 2021 MANAGEMENT: >STATE:1636837609,AUTH,,,,,,
    Sat Nov 13 22:06:49 2021 TLS: Initial packet from [AF_INET]79.226.58.37:8443, sid=da4925a5 69b97a5f
    Sat Nov 13 22:06:49 2021 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_IhUBaUk0QMxUMzm, emailAddress=na@example.com
    Sat Nov 13 22:06:49 2021 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:49 2021 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_0iexzAaWfiuMl7H, emailAddress=na@example.com
    Sat Nov 13 22:06:50 2021 Connection reset, restarting [0]
    Sat Nov 13 22:06:50 2021 SIGUSR1[soft,connection-reset] received, process restarting
    Sat Nov 13 22:06:50 2021 MANAGEMENT: >STATE:1636837610,RECONNECTING,connection-reset,,,,,
    Sat Nov 13 22:06:50 2021 Restart pause, 5 second(s)

    Regards

    Nazir

  • 0 in reply to Nazir Heravi

    Just to ask a basic question, where in your diagram are you trying to connect to the VPN? (Outside, from the internet, or inside?) You need separate permissions to connect from WAN versus LAN (or WIFI or any other zone), if that matters.

  • 0 in reply to Wayne Folta

    I am connecting from outside through WLAN see below diagram.

  • 0 in reply to Nazir Heravi

    You need to set the switch above to enable/on. 
    If you press refresh and do not see any traffic, then the device infront of the firewall accepts the traffic and does not forward it. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    sorry I did not understand what you mean (set the switch above to enable/on.)

  • 0 in reply to Nazir Heravi

    If you mean this when the switch on and I do refresh I get below see the 2 screenshot. but if I switch off the BPF and set port 8443 then the switch get no more on and when I refresh there is no more traffic available see the 1 screenshot

  • 0 in reply to Nazir Heravi

    You need to do " port 8443 " 
    But likely its not getting passed by your Router. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hello Nazir,

    can you leave the field „Remote site“ in Lancom port forwarding config empty?

    And then test again?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Hi Philipp, 

    I can not leave the Remote site field empty I have only two option ether INTERNET which is my local network or Default.

    I have test with Default but dosent work also when I put the Remote site to default and I test the port frowordeing to the outside its closed but when I put to my local (INTERNET) then port 8443 ist open to the ourside

  • 0 in reply to Nazir Heravi

    what I did not understand why I am not able to switch on the packet capture when I put the port 8443 or the WAN IP (192.168.10.2)

  • 0 in reply to Nazir Heravi

    You need to enter a correct filter. either "host 192.168.10.2" or "port 8443"

    __________________________________________________________________________________________________________________

Reply Children
No Data
Unfiltered HTML