Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No SSL S2S Tunnel after SSD Upgrade

Hello Folks, 

a customer installed the ssd upgrade and after the reboot all ssl site-2-site tunnels don't work. ssl remote access works, ipsec tunnels are working. 

here are some lines from the sslvpn.log: 

we created a new connection, same issue. it always ends with this line: 

2024-01-26 10:13:20Z [1453] 116.202.161.231:52284 SENT CONTROL [SRV_E69A005F8BEC5B460E6D23C73D688FFFDE183C35]: 'AUTH_FAILED' (status=1)

 


2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_VER=2.4.7
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_PLAT=linux
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_PROTO=2
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_NCP=2
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_LZ4=1
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_LZ4v2=1
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_LZO=1
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_COMP_STUB=1
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_COMP_STUBv2=1
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 peer info: IV_TCPNL=1
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 PLUGIN_CALL: POST /lib/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 TLS: Username/Password authentication deferred for username 'SRV_E69A005F8BEC5B460E6D23C73D688FFFDE183C35' [CN SET]
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2024-01-26 10:13:19Z [1453] 116.202.161.231:52284 [SRV_E69A005F8BEC5B460E6D23C73D688FFFDE183C35] Peer Connection Initiated with [AF_INET6]::ffff:116.202.161.231:52284 (via ::ffff:81.14.171.26%Port2.21)
2024-01-26 10:13:20Z [1453] 116.202.161.231:52284 PUSH: Received control message: 'PUSH_REQUEST'
2024-01-26 10:13:20Z [1453] 116.202.161.231:52284 Delayed exit in 5 seconds
2024-01-26 10:13:20Z [1453] 116.202.161.231:52284 SENT CONTROL [SRV_E69A005F8BEC5B460E6D23C73D688FFFDE183C35]: 'AUTH_FAILED' (status=1)
2024-01-26 10:13:22Z [1453] 136.243.174.155:42700 SIGTERM[soft,delayed-exit] received, client-instance exiting
2024-01-26 10:13:25Z [1453] 116.202.161.231:52284 SIGTERM[soft,delayed-exit] received, client-instance exiting
2024-01-26 10:14:07Z [1456] 49.12.3.41:52075 TLS: Initial packet from [AF_INET6]::ffff:49.12.3.41:52075 (via ::ffff:192.168.130.250%Port2.24), sid=6da40037 bbed8bc0



This thread was automatically locked due to age.
Parents
  • Just wondering, why do you use SSLVPN S2S in times of RED and Ipsec S2S? 
    Any reason you opt-in for SSL in this ? 

    __________________________________________________________________________________________________________________

Reply
  • Just wondering, why do you use SSLVPN S2S in times of RED and Ipsec S2S? 
    Any reason you opt-in for SSL in this ? 

    __________________________________________________________________________________________________________________

Children
No Data