Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connection could not be loaded

We had problems using the SCC when connections close unexpectedly after about 60 minutes. 

So we have changed the settings in the IPsec profile. We have changed the key life in phase 2 from 3600 to 36000 and have changed the dead peer detection to re-initate. I think that this would be the right solution.

But now here comes the problem:

After saving the changes we have exported the connection. Now after importing the new scx file in the Sophos Connect Client and after authentication we receive a message "connection could not be loaded". 

After comparing the old scx file with the new one we notice that there is a certificate missing.

We suspect a bug in the new firmware, that we had installed some days ago.

Any idea?

Example old scx: 

"remote_auth" : {
"pubkey" : {
"cacert" : "-----BEGIN CERTIFICATE-----\nMIIEfTCCA2WgAwIBAgIJAIDApT8FUBCaMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYD
...blabla blabla blabla...
\nLzdHp/E4kYFe5ImLnYLMCdd9Ax7A66jfcPKdq8yNB8RJb8CePxEgQmom+ao7QNPu\n6ynSPAp6NXLV9pdWO7wxvY0vGGcBJWiyo8ry+idTsALCSFEDd0ej0ObNzpnHejBg\nnQ==\n-----END CERTIFICATE-----\n",
"id" : "vpn.thisisthedomain.de"
},
"otp" : false
}

Example new scx:

"remote_auth" : {
"pubkey" : {
"cacert" : "\n",
"id" : "vpn.thisisthedomain.de"
},
"otp" : false
},



This thread was automatically locked due to age.
Parents Reply
  • Hello Avinash,

    we simply click on "remote access vpn" and "ipsec" and then "export connection". 

    then we unzip the archive so we get the  .scx file. In the .SCX file now the certificate is missing like mentioned above. 

    If we copy and paste the part of the certificate from a .scx file created 6 months ago, the .scx file is working.

    For me this is surely a bug. 

Children