This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN Configs not generating on XG230 (SFOS 19.0.0 GA-Build317)

Hello all!

Anyone ever had an issue where in the user portal when downloading an SSL VPN Configuration you're clicking on "Download for Windows, macOS, Linux" and what's downloaded is a 1 KB ovpn file. When opening this file in notepad it displays:

"Could not generate config file. Please contact your Administrator."

We have previously seen trouble when generating the configs when the ApplianceCertificate is just upgraded from CyberRoam however this is not the case in this instance. We have also seen issues where the Default Certificate authority hasn't been correctly filled out, but in this case it has.

Any help from anyone who has been in a similar situation would be greatly appreciated



This thread was automatically locked due to age.

Top Replies

  • Hey ,

    So, I found out that  content on the appliance which is currently active in HA is missing 
    XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpn
    XG230_WP02_SFOS 19.0.0 GA-Build317# ls
    XG230_WP02_SFOS…

Parents
  • Hello ,

    Thank you for reaching out to the community, the following community article may help for the reported issue: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/119348/sophos-xg-firewall-troubleshooting-0-byte-ssl-vpn-file

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Thanks for your suggestion, I have just double checked and we seem to be on the latest pattern update for SSLVPN Clients -

    SSLVPN Clients 1.0.009 20:10:35, Jan 11 2022 Success

    I am unsure if this is helpful information but our Firewalls run in High Availability mode, I have tried swapping to the Auxiliary firewall and didn't have any extra luck.

    I have also regenerated the user a new certificate to no luck and the TMP location is not full using the df -h command

    The only step we could not check was "Navigate to the /tmp partition and investigate if the following SSL VPN files are present" because in advanced Shell running the commands cd tmp responds with "no such file or directory"

  • Hey

    So, the following content is present?

    cd /content/sslvpn
    ls
    U2DVERSION            client-config-template.ovpn           ssl-vpn-client-installer.exe s              sl-vpn-config-installer.exe

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Thank you for following up, I have ran these commands and obtained this result:


    I assume this means there is trouble in this location. Are we able to regenerate the content for this location?

  • Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hello Vivek,

    So I have tried to complete a pattern update but it either fails when I try and upload the individual pattern or when I upload the pattern bundle it seems to have been "successful" however none of the patterns have been updated. I do believe from further research a pattern update may be the solution, it's just finding a way to re-install this troublesome pattern.

    Any suggestions?

  • Hey , I think I might have a way, but that it will remove all the patterns from the appliance and install it again from the scratch OR we can make it work just right for the SSL VPN. PM me directly I'll share the steps there !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hey ,

    So, I found out that  content on the appliance which is currently active in HA is missing 
    XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpn
    XG230_WP02_SFOS 19.0.0 GA-Build317# ls
    XG230_WP02_SFOS 19.0.0 GA-Build317#

    But the content under the second aux appliance has the content present 
    XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpn
    XG230_WP02_SFOS 19.0.0 GA-Build317# ls
    U2DVERSION  client-config-template.ovpn  ssl-vpn-client-installer.exe  ssl-vpn-config-installer.exe

    =================================================================
    XG230_WP02_SFOS 19.0.0 GA-Build317# tail -f u2d.log
    DEBUG 2022-06-30 15:58:00Z [13944]: Received name : redfw_2.00_3.0.007.tar.gz.gpg
    DEBUG 2022-06-30 15:58:00Z [13944]: Received location : xg-up2date-patterns.sophosupd.com/redfw_2.00_3.0.007.tar.gz.gpg
    DEBUG 2022-06-30 15:58:00Z [13944]: Received version : 3.0.007
    DEBUG 2022-06-30 15:58:00Z [13944]: Received size : 69390245
    DEBUG 2022-06-30 15:58:00Z [13944]: Received md5sum : 25c1a5899ffbab1ce2f1a1e00e2ff17b
    DEBUG 2022-06-30 15:58:00Z [13944]: Received module : redfw
    DEBUG 2022-06-30 15:58:00Z [13944]: Received cv : 2.00
    DEBUG 2022-06-30 15:58:00Z [13944]: Received type : full
    WARNING 2022-06-30 15:58:00Z [13944]: A new update is available for apfw but we are ignoring it as download for a previous update is in progress.
    WARNING 2022-06-30 15:58:00Z [13944]: A new update is available for redfw but we are ignoring it as download for a previous update is in progress.
    2022-06-30 15:58:27Z pt_dload_checker: Starting download for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg
    2022-06-30 15:58:27Z pt_dload_checker: Starting download for file sslvpn_1.02_1.0.009.tar.gz.gpg

    2022-06-30 15:59:28Z pt_dload_checker: Download completed for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg
    2022-06-30 15:59:28Z pt_dload_checker: We are primary machine in HA. Syncing download for module avira to auxiliary machine
    gpg: Signature made Thu Jun 30 15:47:26 2022 BST using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    2022-06-30 15:59:44Z pt_dload_checker: Download for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg passed integrity and gpg checks
    2022-06-30 15:59:44Z pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, avira_419514-419515.tar.gz,
    2022-06-30 15:59:44Z pt_dload_checker: Current avira patterns are at /content/avira_4.00/1.0.419514
    2022-06-30 15:59:44Z pt_dload_checker: New updated patterns are now at /content/avira_4.00/1.0.419515
    2022-06-30 15:59:59Z pt_dload_checker: Updated signature db for avira, version = 1.0.419515.
    2022-06-30 15:59:59Z pt_dload_checker: Deleted pattern for module avira, version = 1.0.419514 at /content/avira_4.00/1.0.419514.
    2022-06-30 15:59:59Z pt_dload_checker: Download completed for file sslvpn_1.02_1.0.009.tar.gz.gpg
    2022-06-30 15:59:59Z pt_dload_checker: We are primary machine in HA. Syncing download for module sslvpn to auxiliary machine
    gpg: Signature made Fri Jun 5 09:13:31 2020 BST using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    2022-06-30 16:00:00Z pt_dload_checker: Download for file sslvpn_1.02_1.0.009.tar.gz.gpg passed integrity and gpg checks
    2022-06-30 16:00:00Z pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, sslvpn_1.02_1.0.009.tar.gz,
    2022-06-30 16:00:00Z pt_dload_checker: Current sslvpn patterns are at /content/sslvpn_1.02/0
    2022-06-30 16:00:00Z pt_dload_checker: New updated patterns are now at /content/sslvpn_1.02/1.0.009
    2022-06-30 16:00:00Z pt_dload_checker: Updated signature db for sslvpn, version = 1.0.009.
    2022-06-30 16:00:00Z pt_dload_checker: Deleted pattern for module sslvpn, version = 0 at /content/sslvpn_1.02/0.

    XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpn
    XG230_WP02_SFOS 19.0.0 GA-Build317# ls
    U2DVERSION   client-config-template.ovpn   ssl-vpn-client-installer.exe   s sl-vpn-config-installer.exe
    XG230_WP02_SFOS 19.0.0 GA-Build317#


    It's done, you may check now !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hey ,

    So, I found out that  content on the appliance which is currently active in HA is missing 
    XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpn
    XG230_WP02_SFOS 19.0.0 GA-Build317# ls
    XG230_WP02_SFOS 19.0.0 GA-Build317#

    But the content under the second aux appliance has the content present 
    XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpn
    XG230_WP02_SFOS 19.0.0 GA-Build317# ls
    U2DVERSION  client-config-template.ovpn  ssl-vpn-client-installer.exe  ssl-vpn-config-installer.exe

    =================================================================
    XG230_WP02_SFOS 19.0.0 GA-Build317# tail -f u2d.log
    DEBUG 2022-06-30 15:58:00Z [13944]: Received name : redfw_2.00_3.0.007.tar.gz.gpg
    DEBUG 2022-06-30 15:58:00Z [13944]: Received location : xg-up2date-patterns.sophosupd.com/redfw_2.00_3.0.007.tar.gz.gpg
    DEBUG 2022-06-30 15:58:00Z [13944]: Received version : 3.0.007
    DEBUG 2022-06-30 15:58:00Z [13944]: Received size : 69390245
    DEBUG 2022-06-30 15:58:00Z [13944]: Received md5sum : 25c1a5899ffbab1ce2f1a1e00e2ff17b
    DEBUG 2022-06-30 15:58:00Z [13944]: Received module : redfw
    DEBUG 2022-06-30 15:58:00Z [13944]: Received cv : 2.00
    DEBUG 2022-06-30 15:58:00Z [13944]: Received type : full
    WARNING 2022-06-30 15:58:00Z [13944]: A new update is available for apfw but we are ignoring it as download for a previous update is in progress.
    WARNING 2022-06-30 15:58:00Z [13944]: A new update is available for redfw but we are ignoring it as download for a previous update is in progress.
    2022-06-30 15:58:27Z pt_dload_checker: Starting download for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg
    2022-06-30 15:58:27Z pt_dload_checker: Starting download for file sslvpn_1.02_1.0.009.tar.gz.gpg

    2022-06-30 15:59:28Z pt_dload_checker: Download completed for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg
    2022-06-30 15:59:28Z pt_dload_checker: We are primary machine in HA. Syncing download for module avira to auxiliary machine
    gpg: Signature made Thu Jun 30 15:47:26 2022 BST using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    2022-06-30 15:59:44Z pt_dload_checker: Download for file avira_4.00_1.0.419515_immdiff.tar.gz.gpg passed integrity and gpg checks
    2022-06-30 15:59:44Z pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, avira_419514-419515.tar.gz,
    2022-06-30 15:59:44Z pt_dload_checker: Current avira patterns are at /content/avira_4.00/1.0.419514
    2022-06-30 15:59:44Z pt_dload_checker: New updated patterns are now at /content/avira_4.00/1.0.419515
    2022-06-30 15:59:59Z pt_dload_checker: Updated signature db for avira, version = 1.0.419515.
    2022-06-30 15:59:59Z pt_dload_checker: Deleted pattern for module avira, version = 1.0.419514 at /content/avira_4.00/1.0.419514.
    2022-06-30 15:59:59Z pt_dload_checker: Download completed for file sslvpn_1.02_1.0.009.tar.gz.gpg
    2022-06-30 15:59:59Z pt_dload_checker: We are primary machine in HA. Syncing download for module sslvpn to auxiliary machine
    gpg: Signature made Fri Jun 5 09:13:31 2020 BST using RSA key ID 6A20EB0B
    gpg: NOTE: trustdb not writable
    gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"
    2022-06-30 16:00:00Z pt_dload_checker: Download for file sslvpn_1.02_1.0.009.tar.gz.gpg passed integrity and gpg checks
    2022-06-30 16:00:00Z pt_dload_checker: Either FILE or MSID received in U2DVERSION is blank, sslvpn_1.02_1.0.009.tar.gz,
    2022-06-30 16:00:00Z pt_dload_checker: Current sslvpn patterns are at /content/sslvpn_1.02/0
    2022-06-30 16:00:00Z pt_dload_checker: New updated patterns are now at /content/sslvpn_1.02/1.0.009
    2022-06-30 16:00:00Z pt_dload_checker: Updated signature db for sslvpn, version = 1.0.009.
    2022-06-30 16:00:00Z pt_dload_checker: Deleted pattern for module sslvpn, version = 0 at /content/sslvpn_1.02/0.

    XG230_WP02_SFOS 19.0.0 GA-Build317# cd /content/sslvpn
    XG230_WP02_SFOS 19.0.0 GA-Build317# ls
    U2DVERSION   client-config-template.ovpn   ssl-vpn-client-installer.exe   s sl-vpn-config-installer.exe
    XG230_WP02_SFOS 19.0.0 GA-Build317#


    It's done, you may check now !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children
No Data