Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
We had problems using the SCC when connections close unexpectedly after about 60 minutes.
So we have changed the settings in the IPsec profile. We have changed the key life in phase 2 from 3600 to 36000 and have changed the dead peer detection to re-initate. I think that this would be the right solution.
But now here comes the problem:
After saving the changes we have exported the connection. Now after importing the new scx file in the Sophos Connect Client and after authentication we receive a message "connection could not be loaded".
After comparing the old scx file with the new one we notice that there is a certificate missing.
We suspect a bug in the new firmware, that we had installed some days ago.
Any idea?
Example old scx:
"remote_auth" : { "pubkey" : { "cacert" : "-----BEGIN CERTIFICATE-----\nMIIEfTCCA2WgAwIBAgIJAIDApT8FUBCaMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYD...blabla blabla blabla...\nLzdHp/E4kYFe5ImLnYLMCdd9Ax7A66jfcPKdq8yNB8RJb8CePxEgQmom+ao7QNPu\n6ynSPAp6NXLV9pdWO7wxvY0vGGcBJWiyo8ry+idTsALCSFEDd0ej0ObNzpnHejBg\nnQ==\n-----END CERTIFICATE-----\n", "id" : "vpn.thisisthedomain.de" }, "otp" : false }
Example new scx:
"remote_auth" : { "pubkey" : { "cacert" : "\n", "id" : "vpn.thisisthedomain.de" }, "otp" : false },