Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1634 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG SSL VPN Stopped

Gkyriako

Hello, I suddenly facing a problem of connecting with SSL VPN. Can you please help?

Below is the log from Sophos Connect Client

2023-08-03 20:39:34 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-08-03 20:39:34 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2023-08-03 20:39:34 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 22 2022
2023-08-03 20:39:34 Windows version 10.0 (Windows 10 or greater) 64bit
2023-08-03 20:39:34 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2023-08-03 20:39:34 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-08-03 20:39:34 Need hold release from management interface, waiting...
2023-08-03 20:39:34 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2023-08-03 20:39:34 MANAGEMENT: CMD 'state on'
2023-08-03 20:39:34 MANAGEMENT: CMD 'log all on'
2023-08-03 20:39:34 MANAGEMENT: CMD 'echo all on'
2023-08-03 20:39:34 MANAGEMENT: CMD 'bytecount 5'
2023-08-03 20:39:34 MANAGEMENT: CMD 'hold off'
2023-08-03 20:39:34 MANAGEMENT: CMD 'hold release'
2023-08-03 20:39:34 MANAGEMENT: CMD 'username "Auth" gkyriako2'
2023-08-03 20:39:34 MANAGEMENT: CMD 'password [...]'
2023-08-03 20:39:34 TCP/UDP: Preserving recently used remote address: [AF_INET]<IP ADDRESS>:12443
2023-08-03 20:39:34 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-08-03 20:39:34 Attempting to establish TCP connection with [AF_INET]<IP ADDRESS>:12443 [nonblock]
2023-08-03 20:39:34 MANAGEMENT: >STATE:1691084374,TCP_CONNECT,,,,,,
2023-08-03 20:39:54 TCP: connect to [AF_INET]<IP ADDRESS>:12443 failed: Unknown error
2023-08-03 20:39:54 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2023-08-03 20:39:54 MANAGEMENT: >STATE:1691084394,RECONNECTING,init_instance,,,,,
2023-08-03 20:39:54 Restart pause, 5 second(s)
2023-08-03 20:39:59 TCP/UDP: Preserving recently used remote address: [AF_INET]10.69.5.1:12443
2023-08-03 20:39:59 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-08-03 20:39:59 Attempting to establish TCP connection with [AF_INET]10.69.5.1:12443 [nonblock]
2023-08-03 20:39:59 MANAGEMENT: >STATE:1691084399,TCP_CONNECT,,,,,,
2023-08-03 20:40:19 TCP: connect to [AF_INET]10.69.5.1:12443 failed: Unknown error
2023-08-03 20:40:19 SIGUSR1[connection failed(soft),init_instance] received, process restarting
2023-08-03 20:40:19 MANAGEMENT: >STATE:1691084419,RECONNECTING,init_instance,,,,,
2023-08-03 20:40:19 Restart pause, 5 second(s)



This thread was automatically locked due to age.
Parents Reply
  • +1 in reply to Bharat J

    Thank you Bharat J. With your help you fix the problem after you delete some NAT IDs due to the magic tool of packet capture. With the packet capture on on port 8443 we found out which NAT rules was causing the problem. Also we fill in the fields in certificate as it was empty.

    The NAT rules we disabled was 11 and 7 those rules was blocking access on 8443 port and 443. 

Children
No Data
Unfiltered HTML