Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to connect a OpenVPN Connection to third party server

Hi Guys, 

we have a network running with multiple sites. All the Sites are connected via IKEv2 Tunnel to our Sophos XG330 (via Lancom Routers).

In each site we have a device running which is trying to connect (via OpenVPN Tunnel) (UPD Port 1194)  to a third party server (external IP Adress).

But for some reason the connection wont work. If only one device is connected, tunnel is running fine. As soon as i am connecting a second device, traffic is not working. It seems to be connected for a few minutes sometimes, but then its gone again.

I have checked all my rules on XG. If I'm running the policy tester, everything is fine.

I already checked with Sophos Support, but that did not help a lot. 

Their conclusion from logs was: 

Our XG is recieving Answer Packages from the Third Party Server, our XG never sent out (Packets with unknown ports) -> so the packets get dropped.



This thread was automatically locked due to age.
Parents
  • Example: 

    WAN IP XG: 22.33.44.55

    Third party Server IP: 199.199.199.199

    Internal Network Device: 10.5.5.100



    15:15:44.149254 xfrm88, IN: In ethertype IPv4 (0x0800), length 186: 10.5.5.100.1194 > 199.199.199.199.1194: UDP, length 142

    15:15:44.149256 Port2, OUT: Out c8:4f:86:fc:00:05 ethertype IPv4 (0x0800), length 186: 22.33.44.55.22010 > 199.199.199.199 1194: UDP, length 142

    15:15:44.153991 Port2, IN: In 2c:23:3a:8a:c2:20 ethertype IPv4 (0x0800), length 94: 199.199.199.199.1194 > 22.33.44.55.22010: UDP, length 50

    15:15:44.154005 xfrm88, OUT: Out ethertype IPv4 (0x0800), length 94: 199.199.199.199.1194 > 10.5.5.100.1194: UDP, length 50

    Port2, IN: In 2c:2xxxxxx:20 ethertype IPv4 (0x0800), length 97: 199.199.199.199.1194 >  22.33.44.55 . 24834: UDP, length 53

    Port2, IN: In 2c:xxxxxxx:20 ethertype IPv4 (0x0800), length 97: 199.199.199.199.1194 >  22.33.44.55 .24834: UDP, length 53

    So that means: XG recieves answers with random ports ans drops them 

Reply
  • Example: 

    WAN IP XG: 22.33.44.55

    Third party Server IP: 199.199.199.199

    Internal Network Device: 10.5.5.100



    15:15:44.149254 xfrm88, IN: In ethertype IPv4 (0x0800), length 186: 10.5.5.100.1194 > 199.199.199.199.1194: UDP, length 142

    15:15:44.149256 Port2, OUT: Out c8:4f:86:fc:00:05 ethertype IPv4 (0x0800), length 186: 22.33.44.55.22010 > 199.199.199.199 1194: UDP, length 142

    15:15:44.153991 Port2, IN: In 2c:23:3a:8a:c2:20 ethertype IPv4 (0x0800), length 94: 199.199.199.199.1194 > 22.33.44.55.22010: UDP, length 50

    15:15:44.154005 xfrm88, OUT: Out ethertype IPv4 (0x0800), length 94: 199.199.199.199.1194 > 10.5.5.100.1194: UDP, length 50

    Port2, IN: In 2c:2xxxxxx:20 ethertype IPv4 (0x0800), length 97: 199.199.199.199.1194 >  22.33.44.55 . 24834: UDP, length 53

    Port2, IN: In 2c:xxxxxxx:20 ethertype IPv4 (0x0800), length 97: 199.199.199.199.1194 >  22.33.44.55 .24834: UDP, length 53

    So that means: XG recieves answers with random ports ans drops them 

Children
No Data