Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XGS: random disconnects for SSL VPN clients

Hi,

for some reason every SSL VPN client is quite randomly disconnected from the SSL VPN server (Sophos XGS87w): sometimes after only a few minutes, mostly between 15 and 20 minutes. Running a ping from the client side to a machine in the server network does not help to keep the connection alive. The VPN connection works fine as long as it is connected, though. The client is assigned the correct static IP address.

Here are some additional details:

- firmware: SFOS 20.0.0 GA-Build222

- the Sophos XGS is located behind a DSL router, the interface port 1 (of the Sophos FW) is the LAN port, port 2 is connected to the DSL router. The DSL router is the gateway to the internet.

- SSL VPN global settings: protocol: TCP, override hostname is set to a domain name, Port: 8443, use static IP adresses is active, (every client has a correct "SSL VPN IP address" set), disconnect dead peer after 120 seconds, disconnect idle peer after 360 minutes, key lifetime: 36000 seconds, compress SSL VPN traffic is ON.

- SSL VPN settings: use as default gateway is OFF, permitted network resources is set to the internal LAN on the firewall side, disconnect idle clients is OFF.

This log shows the same user being disconnected quite often in a short time.

None of my time settings corresponds to the times when the client is disconnected. The client itself is not disconnecting manually, of course.

Any idea where this is coming from?



This thread was automatically locked due to age.
Parents
  • In your SFOS log (/log/sslvpn.log - access it via cli), if you see similar log as below, that will tell us if the client is disconnecting for some reason but not manually disconnected by the user; What type of sslvpn ra clients are these?

    2024-01-10 11:28:43Z [16043] user1/115.99.212.175:50833 Connection reset, restarting [0]
    2024-01-10 11:28:43Z [16043] user1/115.99.212.175:50833 SIGUSR1[soft,connection-reset] received, client-instance restarting

  • As client remote access programs we tried several: OpenVPN Community 2.6.8, OpenVPN Connect v3 and of course the Sophos client that can be downloaded when accessing the User Portal.

    I will check the logs for this. In the meantime I reverted to the last firmware.

Reply Children
No Data