Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 43 subscribers
  • Views 3614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to authenticate SSL-VPN - but Userportal & IPSec works - ver19.0

dirkkotte

Hello, we have a peculiar effect.
We received a username/password error from AD when using SSL RAS VPN.
IPSec-RAS-VPN and user portal work.
We tried the "old" open vpn client and connect 2.2.xx
We chose a very simple password: Kxxxxxxx45#... to no avail.
I'm running out of ideas...any advice?

greetings, Dirk



This thread was automatically locked due to age.
  • 0

     , we have verified the SSLVPN RA with AD user authentication using SCC  with XG on v19.0.GA, did not see any issue and it works fine; if you are still facing this issue, please log support ticket with your topology, all the required configs being used/screenshots and logs related to sslvpn, access server

  • 0 in reply to emmosophos

    Hi Emmanuel,

    I'll have to check with the customer next time I'm on site.

    Greetings, Dirk


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello Dirk,

    No issues with 2FA/MFA/OTP as far as I know.

    What does the access_server.log in debug mode show?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmanuel,

    we try it with 2FA disabled too.

    Which 2FA problems do we have to expect?
    I use 2FA within a lot of installations. But never using a provisioning file. 

    ... but the "old" openvpn client we use without provisioning ... and see the same problems. 


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello Dirk,

    Are you using MFA?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to dirkkotte

    You can check the access_server.log first.

    If the information is not available, you can set the debug mode on, but i would suggest to do the investigation first without debug, as the debug mode will log a lot more information. 

    Debug mode: service access_server:debug -ds nosync 

    (same command to disable)

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi,

    I see the authentication attempt at the correct AD-server. This server denies the authentication because username/password error.

    Is there some kind of deep authentication debug like within SG?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to LHerzog

    Password issues should only occur in Sophos Connect not the OpenVPN client. So likely SFOS is blocking it. 

    Check authentication services settings, if you selected for SSLVPN the correct server. 

    __________________________________________________________________________________________________________________

  • 0 in reply to dirkkotte

    all password issues should have been fixed with connect client 2.2

    in 2.1 there have been issues with passwords like this:

    #secure  (# at the beginning)
    pass#?word  (combination of #? in the middle)
    Secure password  (blank / space charactoer)
    pass\word  (backslash in the middle)

    # at the end should have worked.

  • 0 in reply to dirkkotte

    Just as a workaround: did you try to change the # to a ! ? Maybe a bug with # at the end of the password, or place the # at another position.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML