Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ping kills RED tunnel

Environment:
SFOS: 19.5.1 MR-1-Build278

SiteA: XGS 3xxx
SiteB: XGS 2xxx
SiteC: SD-RED 20

SiteA - SiteB: IPSEC tunnel (route based)
SiteA - SiteC: RED tunnel (standard/unified)

Ping test with host behind the tunnels:
SiteA to SiteB -> OK
SiteA to SiteC -> OK

SiteB to SiteA -> OK
SiteB to SiteC -> NOT OK -> RED tunnel disconnects and re-connects

SiteC to SiteA -> OK
SiteC to SiteB -> NOT OK -> RED tunnel disconnects and re-connects

red.log:
REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xxx.xxx.xxx.xxx': SSL accept attempt failed
REDD ERROR: server: Can not do SSL handshake on Socket accept from 'xxx.xxx.xxx.xxx': SSL accept attempt failed
REDD INFO: server: New connection from xxx.xxx.xxx.xxx with ID RXXXXXXXXXXXXXXXXX (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1

red-RXXXXXXXXXXXXXXXXX.log:
Fri May 5 07:52:22 2023Z REDD INFO command '{"data":{"message":"Unstable peers","type":"RUNTIME_ERROR_OCCURRED"},"type":"DISCONNECT"}'
Fri May 5 07:52:22 2023Z REDD INFO Disconnecting: Unstable peers
Fri May 5 07:52:23 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX is now disconnected
Fri May 5 07:52:23 2023Z REDD INFO device is disconnected.
Fri May 5 07:52:27 2023Z REDD INFO server: New connection from xxx.xxx.xxx.xxx (cipher ECDHE-RSA-AES256-GCM-SHA384), rev1
Fri May 5 07:52:28 2023Z REDD INFO Disabling debug
Fri May 5 07:52:28 2023Z REDD INFO connected OK, pushing config
Fri May 5 07:52:29 2023Z REDD INFO command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
Fri May 5 07:52:29 2023Z REDD INFO Initializing connection running protocol version 0
Fri May 5 07:52:29 2023Z REDD INFO Sending json message {"data":{},"type":"WELCOME"}
Fri May 5 07:52:30 2023Z REDD INFO command '{"data":{},"type":"CONFIG_REQ"}'
Fri May 5 07:52:30 2023Z REDD INFO Sending json message {"data":......................}
Fri May 5 07:52:34 2023Z REDD INFO command '{"data":...........}'
Fri May 5 07:52:34 2023Z REDD INFO Sending json message {"data":{},"type":"SET_KEY_REP"}
Fri May 5 07:52:35 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX is now re-connected after 30000 ms
Fri May 5 07:52:35 2023Z REDD INFO command '{"data":{"uplink":"WAN1","wan1_ip":"xxx.xxx.xxx.xxx"},"type":"STATUS"}'
Fri May 5 07:55:00 2023Z REDD INFO RXXXXXXXXXXXXXXXXX/XXX transfered bytes TX: 3673888 RX: 3686052

8 month ago I think this exact issue has already been reported by "craig A":  Very Strange issue has anyone seen anything like this? - XGS RED 60 

Currently we are within working hours, therefore I haven't tested the suggested workaround: system ipsec-acceleration disable

I can not find this issue in the Sophos Known Issues list https://doc.sophos.com/support/kil/index.html

Do I see a new issue or is it really true that this for a minimum 8 month old issue is till today not fixed?
Hopefully the workaround "system ipsec-acceleration disable" works, but who wants this because this the main reason to buy a XGS!!!



This thread was automatically locked due to age.
Parents Reply
  • Hello,

    Good day and thanks for reaching out to Sophos Community

    As mentioned above, this might not be listed on the KILs. Kindly try to upgrade the firmware to latest and recheck if the issue would still occur. If it still persist, kindly create a support ticket for it to be further investigated. You may also refer to this community post to your case. Then you may share with us the would be generated caseID via DM or by replying to this thread.

    Many thanks for your time and patience and thank you for choosing Sophos

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data