Hello,
Began experiencing an issue with our SSL VPN connections when some Android tablets updated OpenVPN Connect app from 3.3.4 to 3.4.0.
Symptom:
SSL VPN connections are made successfully in 3.4.0 but no traffic flows. OpenVPN 3.4.0 is configured to use the 'Legacy' setting. I tried the others to no avail. OpenVPN log will show this error repeating every minute or so:
"TUN write exception: write_some: Invalid argument"
Workaround:
After removing various deprecated options (according to OpenVPN log) and lots of trial and error with no success I eventually stumbled on a workaround. Despite "Compress SSL VPN traffic" being disabled in SSL VPN global settings the Sophos Firewall still seems to be doing something regarding compression. Only when I manually change the 'comp-lzo' parameter to 'yes' in the ovpn file does the connection start passing traffic again. This message is then displayed in the OpenVPN log:
"EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue.' trans=TO_DISCONNECTED
Clearly this is not a good workaround with lots of devices/users. Is Sophos aware of this issue and will it be fixed?
Working OpenVPN 3.4.0 Config:
client dev tun proto udp nobind (keys removed) auth-user-pass cipher AES-128-CBC auth SHA256 comp-lzo yes verb 3 reneg-sec 86400 remote x.x.x.x 8443 udp
This thread was automatically locked due to age.
