This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Remote Access .scx file invalid

I'm trying to configure an IPSEC remote access VPN. When I download and extract the configuration archive, the .tgb file appear to be valid, but the .sck file only contains the following:

cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/generateJSONVPNClientConf.pl line 331.

I am using the appliance certificate for the local cert and an uploaded certificate for the remote. The remote certificate uploaded successfully and looks fine when I select it in the IPSEC config in the firewall.

This is running on: SFVH (SFOS 19.0.0 GA-Build317))

Any suggestions would be welcome.

This thread was automatically locked due to age.

Top Replies

Vishal_R over 1 year ago +2 verified

Hi Craig Glaser : Based on provided error it seems it is getting matched with a known issue NC-85383 and fixed for the same has been taken in V18.5 MR-4 and V19.0.1 MR-1. This is mostly getting observed…

Parents

+1 Vishal_R over 1 year ago

Hi Craig Glaser: Based on provided error it seems it is getting matched with a known issue NC-85383 and fixed for the same has been taken in V18.5 MR-4 and V19.0.1 MR-1. This is mostly getting observed when cert or cert chain is containing german umlaut characters and translation of same details fetching in SCX is creating a problem.

Regards,

Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up +2 Vote Down

Cancel
0 Holger Krieg1 over 1 year ago in reply to Vishal_R

Hi,
I have the same problem.
Updating to SFOS 19.0.1 MR-1-Build350 did not help.
Trying to create a new local certificate and remote certificate didn't change anything either.
When exporting the VPN configuration, there is still an error in client_ipsec.tgb:
......
-----END CERTIFICATE-----

[client_ipsec-Public-RootCA-Key]
unable to load certificate
4154918656:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

[client_ipsec-secret-client-key]
-----BEGIN RSA PRIVATE KEY-----
...

and in the client_ipsec.scx:
cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/generateJSONVPNClientConf.pl line 331.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Holger Krieg1 over 1 year ago in reply to Vishal_R

Hi,
I have the same problem.
Updating to SFOS 19.0.1 MR-1-Build350 did not help.
Trying to create a new local certificate and remote certificate didn't change anything either.
When exporting the VPN configuration, there is still an error in client_ipsec.tgb:
......
-----END CERTIFICATE-----

[client_ipsec-Public-RootCA-Key]
unable to load certificate
4154918656:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

[client_ipsec-secret-client-key]
-----BEGIN RSA PRIVATE KEY-----
...

and in the client_ipsec.scx:
cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/generateJSONVPNClientConf.pl line 331.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Vishal_R over 1 year ago in reply to Holger Krieg1

Hi Holger Krieg1 In recent cases it has been observed that apart from german umlaut characters "Spaces in the cert" also creates a problem and results in the above error. The Fix will be included in the SFOS v19.0MR2 release and the ID is NC-95633.

Regards,

Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
+1 Holger Krieg1 over 1 year ago in reply to Vishal_R

Hi,
I fixed the problem.
It is the space in the company name in the default certificate.
Cancel
Vote Up +2 Vote Down

Cancel