Sophos Remote Access SSL VPN received reset connection from server

Hello everyone,

I have XG2300 SFOS 19.5.2 MR-2-Build624 and I have an issue with the Remote access SSL VPN connection.

The issue is that a user connected via Remote SSL VPN receives a reset connection from server at random. I have tried to resolve this issue myself but no luck.

These are the Remote Access SSL VPN settings:

SSL server certificate: ApplianceCertificate

override hostname which resolves on the devices public IP address

Port: 443

These are the logs which I collected from the users (The log shows a push request with the certificate which I didn't have imported at that time so the log isn't the newest. The connection gets reset anyways with the same logs even if the certificate is imported). You can notice it says exiting due to fatal error in the log

2023-07-12 08:56:42 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-07-12 08:56:42 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 22 2022
2023-07-12 08:56:42 Windows version 10.0 (Windows 10 or greater) 64bit
2023-07-12 08:56:42 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2023-07-12 08:56:42 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-07-12 08:56:42 Need hold release from management interface, waiting...
2023-07-12 08:56:42 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2023-07-12 08:56:42 MANAGEMENT: CMD 'state on'
2023-07-12 08:56:42 MANAGEMENT: CMD 'log all on'
2023-07-12 08:56:42 MANAGEMENT: CMD 'echo all on'
2023-07-12 08:56:42 MANAGEMENT: CMD 'bytecount 5'
2023-07-12 08:56:42 MANAGEMENT: CMD 'hold off'
2023-07-12 08:56:42 MANAGEMENT: CMD 'hold release'
2023-07-12 08:56:42 MANAGEMENT: CMD 'username "Auth" MY_USERNAME'
2023-07-12 08:56:42 MANAGEMENT: CMD 'password [...]'
2023-07-12 08:56:42 MANAGEMENT: >STATE:1689145002,RESOLVE,,,,,,
2023-07-12 08:56:42 TCP/UDP: Preserving recently used remote address: [AF_INET]MY_PUBLIC_IP:443
2023-07-12 08:56:42 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-07-12 08:56:42 Attempting to establish TCP connection with [AF_INET]MY_PUBLIC_IP:443 [nonblock]
2023-07-12 08:56:42 MANAGEMENT: >STATE:1689145002,TCP_CONNECT,,,,,,
2023-07-12 08:56:42 TCP connection established with [AF_INET]MY_PUBLIC_IP8:443
2023-07-12 08:56:42 TCP_CLIENT link local: (not bound)
2023-07-12 08:56:42 TCP_CLIENT link remote: [AF_INET]MY_PUBLIC_IP:443
2023-07-12 08:56:42 MANAGEMENT: >STATE:1689145002,WAIT,,,,,,
2023-07-12 08:56:42 MANAGEMENT: >STATE:1689145002,AUTH,,,,,,
2023-07-12 08:56:42 TLS: Initial packet from [AF_INET]MY_PUBLIC_IP:443, sid=ebeca510 ce4b9b76
2023-07-12 08:56:42 VERIFY OK: depth=1, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA, emailAddress=na@example.com
2023-07-12 08:56:42 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate, emailAddress=na@example.com
2023-07-12 08:56:42 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate, emailAddress=na@example.com
2023-07-12 08:56:43 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-07-12 08:56:43 [Appliance_Certificate] Peer Connection Initiated with [AF_INET]MY_PUBLIC_IP:443
2023-07-12 08:56:44 MANAGEMENT: >STATE:1689145004,GET_CONFIG,,,,,,
2023-07-12 08:56:44 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:56:49 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:56:54 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:56:59 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:04 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:09 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:14 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:20 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:25 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:30 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:35 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:40 SENT CONTROL [Appliance_Certificate]: 'PUSH_REQUEST' (status=1)
2023-07-12 08:57:46 No reply from server after sending 12 push requests
2023-07-12 08:57:46 SIGUSR1[soft,no-push-reply] received, process restarting
2023-07-12 08:57:46 MANAGEMENT: >STATE:1689145066,RECONNECTING,no-push-reply,,,,,
2023-07-12 08:57:46 Restart pause, 5 second(s)
2023-07-12 08:57:51 MANAGEMENT: Client disconnected
2023-07-12 08:57:51 All connections have been connect-retry-max (1) times unsuccessful, exiting
2023-07-12 08:57:51 Exiting due to fatal error

2023-06-13 08:47:11AM [8916] dbg Sending telemetry data to sftelemetry.sophos.com:443
2023-06-13 10:22:25AM [9708] dbg Connection reset, restarting [0]
2023-06-13 10:22:25AM [9708] dbg Received connection reset
2023-06-13 10:22:25AM [9708] dbg MY_OVERRIDE_HOSTNAME VPN state changed to disconnecting
2023-06-13 10:22:25AM [9572] dbg Tunnel is stopped
2023-06-13 10:22:26AM [9708] dbg received exiting event
2023-06-13 10:22:26AM [16152] dbg MY_OVERRIDE_HOSTNAME VPN state changed to disconnected
2023-06-13 10:22:26AM [16152] dbg Sending notification: Received connection reset from gateway: MY_OVERRIDE_HOSTNAME 443

Thank you for your help

Regards

VGDtech