This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to authenticate SSL-VPN - but Userportal & IPSec works - ver19.0

Hello, we have a peculiar effect.
We received a username/password error from AD when using SSL RAS VPN.
IPSec-RAS-VPN and user portal work.
We tried the "old" open vpn client and connect 2.2.xx

We chose a very simple password: Kxxxxxxx45#... to no avail.
I'm running out of ideas...any advice?

greetings, Dirk



This thread was automatically locked due to age.
Parents
  • Hello Dirkkotte,

    Thank you for contacting the Sophos Community.

    Just to clarify, you were using SSL VPN with Sophos Connect Client?

    Does your password use umlauts?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    Thanks for your answer.

    Yes, we use SSL VPN with Sophos Connect Client (but try the old client too)

    We try "Kennwort45#" as password.

    It works with Connect+IPSec, but not with Connect+SSL or the old OVPN(SSL).

    FW send the password to AD an AD answer with "Incorrect username or password"

    Is there a "deep authentication debug" like in SG?

    Greetings, Dirk


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • Hi Emmanuel,

    Thanks for your answer.

    Yes, we use SSL VPN with Sophos Connect Client (but try the old client too)

    We try "Kennwort45#" as password.

    It works with Connect+IPSec, but not with Connect+SSL or the old OVPN(SSL).

    FW send the password to AD an AD answer with "Incorrect username or password"

    Is there a "deep authentication debug" like in SG?

    Greetings, Dirk


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
  • Just as a workaround: did you try to change the # to a ! ? Maybe a bug with # at the end of the password, or place the # at another position.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 19.5 MR 2

    If a post solves your question please use the 'Verify Answer' button.

  • all password issues should have been fixed with connect client 2.2

    in 2.1 there have been issues with passwords like this:

    #secure  (# at the beginning)
    pass#?word  (combination of #? in the middle)
    Secure password  (blank / space charactoer)
    pass\word  (backslash in the middle)

    # at the end should have worked.

  • Password issues should only occur in Sophos Connect not the OpenVPN client. So likely SFOS is blocking it. 

    Check authentication services settings, if you selected for SSLVPN the correct server. 

    __________________________________________________________________________________________________________________

  • Hi,

    I see the authentication attempt at the correct AD-server. This server denies the authentication because username/password error.

    Is there some kind of deep authentication debug like within SG?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • You can check the access_server.log first.

    If the information is not available, you can set the debug mode on, but i would suggest to do the investigation first without debug, as the debug mode will log a lot more information. 

    Debug mode: service access_server:debug -ds nosync 

    (same command to disable)

    __________________________________________________________________________________________________________________

  • Hello Dirk,

    Are you using MFA?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    we try it with 2FA disabled too.

    Which 2FA problems do we have to expect?
    I use 2FA within a lot of installations. But never using a provisioning file. 

    ... but the "old" openvpn client we use without provisioning ... and see the same problems. 


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hello Dirk,

    No issues with 2FA/MFA/OTP as far as I know.

    What does the access_server.log in debug mode show?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    I'll have to check with the customer next time I'm on site.

    Greetings, Dirk


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.