Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 46 subscribers
  • Views 4347 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Remote Access .scx file invalid

Craig Glaser

I'm trying to configure an IPSEC remote access VPN.  When I download and extract the configuration archive, the .tgb file appear to be valid, but the .sck file only contains the following:

cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/generateJSONVPNClientConf.pl line 331.

I am using the appliance certificate for the local cert and an uploaded certificate for the remote.  The remote certificate uploaded successfully and looks fine when I select it in the IPSEC config in the firewall.

This is running on:   SFVH (SFOS 19.0.0 GA-Build317))

Any suggestions would be welcome.



This thread was automatically locked due to age.
Parents
  • +1

    Hi : Based on provided error it seems it is getting matched with a known issue NC-85383 and fixed for the same has been taken in V18.5 MR-4 and V19.0.1 MR-1. This is mostly getting observed when cert or cert chain is containing german umlaut characters and translation of same details fetching in SCX is creating a problem.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Vishal_R

    Hi,
    I have the same problem.
    Updating to SFOS 19.0.1 MR-1-Build350 did not help.
    Trying to create a new local certificate and remote certificate didn't change anything either.
    When exporting the VPN configuration, there is still an error in client_ipsec.tgb:
    ......
    -----END CERTIFICATE-----

    [client_ipsec-Public-RootCA-Key]
    unable to load certificate
    4154918656:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

    [client_ipsec-secret-client-key]
    -----BEGIN RSA PRIVATE KEY-----
    ...

    and in the client_ipsec.scx:
    cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/generateJSONVPNClientConf.pl line 331.

  • 0 in reply to Holger Krieg1

    Hi  In recent cases it has been observed that apart from german umlaut characters "Spaces in the cert" also creates a problem and results in the above error. The Fix will be included in the SFOS v19.0MR2 release and the ID is NC-95633.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

Reply Children
Unfiltered HTML