This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Disconnecting

Anonymous
Anonymous

XG firmware: SFOS 19.0.1 MR-1-Build365

Users running the legacy SSL VPN client are seemingly ok. This is only affecting 2 users using Sophos Connect.

The VPN doesn't show as disconnected to the end user but I can see termination entries in the SSL VPN log. They lose access to internal resources briefly but can still access websites ok so local connectivity isn't an issue.

Debug mode has been enabled.

Here is a snippet of the log - user was connected at 08:22:47 and then disconnected at 08:54:00:

2022-08-22 08:22:47 Initialization Sequence Completed
2022-08-22 08:22:47 MANAGEMENT: >STATE:1661152967,CONNECTED,SUCCESS,10.242.2.3,195.224.169.210,8443,,
2022-08-22 08:54:00 C:\WINDOWS\system32\route.exe DELETE 195.224.169.210 MASK 255.255.255.255 192.168.1.254
2022-08-22 08:54:00 Route deletion via service succeeded
2022-08-22 08:54:00 C:\WINDOWS\system32\route.exe DELETE 192.168.16.0 MASK 255.255.255.0 10.242.2.1
2022-08-22 08:54:00 Route deletion via service succeeded
2022-08-22 08:54:00 C:\WINDOWS\system32\route.exe DELETE 172.17.23.0 MASK 255.255.255.0 10.242.2.1
2022-08-22 08:54:00 Route deletion via service succeeded
2022-08-22 08:54:00 Closing TUN/TAP interface
2022-08-22 08:54:12 TAP: DHCP address released
2022-08-22 08:54:12 SIGTERM[hard,] received, process exiting
2022-08-22 08:54:12 MANAGEMENT: >STATE:1661154852,EXITING,SIGTERM,,,,,
2022-08-22 08:54:15 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-08-22 08:54:15 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-08-22 08:54:15 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 22 2022
2022-08-22 08:54:15 Windows version 10.0 (Windows 10 or greater) 64bit
2022-08-22 08:54:15 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2022-08-22 08:54:15 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2022-08-22 08:54:15 Need hold release from management interface, waiting...
2022-08-22 08:54:15 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2022-08-22 08:54:15 MANAGEMENT: CMD 'state on'
2022-08-22 08:54:15 MANAGEMENT: CMD 'log all on'
2022-08-22 08:54:15 MANAGEMENT: CMD 'echo all on'
2022-08-22 08:54:15 MANAGEMENT: CMD 'bytecount 5'
2022-08-22 08:54:15 MANAGEMENT: CMD 'hold off'
2022-08-22 08:54:15 MANAGEMENT: CMD 'hold release'
2022-08-22 08:54:15 MANAGEMENT: CMD 'username "Auth" user'
2022-08-22 08:54:15 MANAGEMENT: CMD 'password [...]'
2022-08-22 08:54:15 MANAGEMENT: >STATE:1661154855,RESOLVE,,,,,,
2022-08-22 08:54:15 TCP/UDP: Preserving recently used remote address: [AF_INET]External IP:8443
2022-08-22 08:54:15 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-08-22 08:54:15 UDP link local: (not bound)
2022-08-22 08:54:15 UDP link remote: [AF_INET]External IP:8443
2022-08-22 08:54:15 MANAGEMENT: >STATE:1661154855,WAIT,,,,,,
2022-08-22 08:54:15 MANAGEMENT: >STATE:1661154855,AUTH,,,,,,

Thanks



This thread was automatically locked due to age.
Parents Reply Children
No Data