Hello all!
Anyone ever had an issue where in the user portal when downloading an SSL VPN Configuration you're clicking on "Download for Windows, macOS, Linux" and what's downloaded is a 1 KB ovpn file. When opening this file in notepad it displays:
"Could not generate config file. Please contact your Administrator."
We have previously seen trouble when generating the configs when the ApplianceCertificate is just upgraded from CyberRoam however this is not the case in this instance. We have also seen issues where the Default Certificate authority hasn't been correctly filled out, but in this case it has.
Any help from anyone who has been in a similar situation would be greatly appreciated
Hey Reece Weston,So, I found out that content on the appliance which is currently active in HA is missing XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpnXG230_WP02_SFOS 19.0.0 GA-Build317# lsXG230_WP02_SFOS…
Hello Reece Weston,Thank you for reaching out to the community, the following community article may help for the reported issue: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/119348/sophos-xg-firewall-troubleshooting-0-byte-ssl-vpn-file
Thanks & Regards,
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Thanks for your suggestion, I have just double checked and we seem to be on the latest pattern update for SSLVPN Clients -
SSLVPN Clients 1.0.009 20:10:35, Jan 11 2022 Success
I am unsure if this is helpful information but our Firewalls run in High Availability mode, I have tried swapping to the Auxiliary firewall and didn't have any extra luck.
I have also regenerated the user a new certificate to no luck and the TMP location is not full using the df -h command
The only step we could not check was "Navigate to the /tmp partition and investigate if the following SSL VPN files are present" because in advanced Shell running the commands cd tmp responds with "no such file or directory"
Hey Reece Weston, So, the following content is present? cd /content/sslvpnlsU2DVERSION client-config-template.ovpn ssl-vpn-client-installer.exe s sl-vpn-config-installer.exe
Thank you for following up, I have ran these commands and obtained this result:I assume this means there is trouble in this location. Are we able to regenerate the content for this location?
Hello Vivek,
So I have tried to complete a pattern update but it either fails when I try and upload the individual pattern or when I upload the pattern bundle it seems to have been "successful" however none of the patterns have been updated. I do believe from further research a pattern update may be the solution, it's just finding a way to re-install this troublesome pattern.
Any suggestions?
Hey Reece Weston, I think I might have a way, but that it will remove all the patterns from the appliance and install it again from the scratch OR we can make it work just right for the SSL VPN. PM me directly I'll share the steps there !!
Hey Reece Weston,So, I found out that content on the appliance which is currently active in HA is missing XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpnXG230_WP02_SFOS 19.0.0 GA-Build317# lsXG230_WP02_SFOS 19.0.0 GA-Build317#But the content under the second aux appliance has the content present XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpnXG230_WP02_SFOS 19.0.0 GA-Build317# lsU2DVERSION client-config-template.ovpn ssl-vpn-client-installer.exe ssl-vpn-config-installer.exe=================================================================XG230_WP02_SFOS 19.0.0 GA-Build317# tail -f u2d.logDEBUG 2022-06-30 15:58:00Z [13944]: Received name : redfw_2.00_3.0.007.tar.gz.gpgDEBUG 2022-06-30 15:58:00Z [13944]: Received location : xg-up2date-patterns.sophosupd.com/redfw_2.00_3.0.007.tar.gz.gpgDEBUG 2022-06-30 15:58:00Z [13944]: Received version : 3.0.007DEBUG 2022-06-30 15:58:00Z [13944]: Received size : 69390245DEBUG 2022-06-30 15:58:00Z [13944]: Received md5sum : 25c1a5899ffbab1ce2f1a1e00e2ff17bDEBUG 2022-06-30 15:58:00Z [13944]: Received module : redfwDEBUG 2022-06-30 15:58:00Z [13944]: Received cv : 2.00DEBUG 2022-06-30 15:58:00Z [13944]: Received type : fullWARNING 2022-06-30 15:58:00Z [13944]: A new update is available for apfw but we are ignoring it as download for a previous update is in progress.WARNING 2022-06-30 15:58:00Z [13944]: A new update is available for redfw but we are ignoring it as download for a previous update is in progress.2022-06-30 15:58:27Z pt_dload_checker: Starting download for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg2022-06-30 15:58:27Z pt_dload_checker: Starting download for file sslvpn_1.02_1.0.009.tar.gz.gpg2022-06-30 15:59:28Z pt_dload_checker: Download completed for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg2022-06-30 15:59:28Z pt_dload_checker: We are primary machine in HA. Syncing download for module avira to auxiliary machinegpg: Signature made Thu Jun 30 15:47:26 2022 BST using RSA key ID 6A20EB0Bgpg: NOTE: trustdb not writablegpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"2022-06-30 15:59:44Z pt_dload_checker: Download for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg passed integrity and gpg checks2022-06-30 15:59:44Z pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, avira_419514-419515.tar.gz,2022-06-30 15:59:44Z pt_dload_checker: Current avira patterns are at /content/avira_4.00/1.0.4195142022-06-30 15:59:44Z pt_dload_checker: New updated patterns are now at /content/avira_4.00/1.0.4195152022-06-30 15:59:59Z pt_dload_checker: Updated signature db for avira, version = 1.0.419515.2022-06-30 15:59:59Z pt_dload_checker: Deleted pattern for module avira, version = 1.0.419514 at /content/avira_4.00/1.0.419514.2022-06-30 15:59:59Z pt_dload_checker: Download completed for file sslvpn_1.02_1.0.009.tar.gz.gpg2022-06-30 15:59:59Z pt_dload_checker: We are primary machine in HA. Syncing download for module sslvpn to auxiliary machinegpg: Signature made Fri Jun 5 09:13:31 2020 BST using RSA key ID 6A20EB0Bgpg: NOTE: trustdb not writablegpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"2022-06-30 16:00:00Z pt_dload_checker: Download for file sslvpn_1.02_1.0.009.tar.gz.gpg passed integrity and gpg checks2022-06-30 16:00:00Z pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, sslvpn_1.02_1.0.009.tar.gz,2022-06-30 16:00:00Z pt_dload_checker: Current sslvpn patterns are at /content/sslvpn_1.02/02022-06-30 16:00:00Z pt_dload_checker: New updated patterns are now at /content/sslvpn_1.02/1.0.0092022-06-30 16:00:00Z pt_dload_checker: Updated signature db for sslvpn, version = 1.0.009.2022-06-30 16:00:00Z pt_dload_checker: Deleted pattern for module sslvpn, version = 0 at /content/sslvpn_1.02/0.XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpnXG230_WP02_SFOS 19.0.0 GA-Build317# lsU2DVERSION client-config-template.ovpn ssl-vpn-client-installer.exe s sl-vpn-config-installer.exeXG230_WP02_SFOS 19.0.0 GA-Build317#It's done, you may check now !!