Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 45 subscribers
  • Views 21686 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android + OpenVPN 3.4.0 + SSL VPN = No Traffic

The G-Man

Hello,

Began experiencing an issue with our SSL VPN connections when some Android tablets updated OpenVPN Connect app from 3.3.4 to 3.4.0.

Symptom:
SSL VPN connections are made successfully in 3.4.0 but no traffic flows. OpenVPN 3.4.0 is configured to use the 'Legacy' setting. I tried the others to no avail. OpenVPN log will show this error repeating every minute or so:

"TUN write exception: write_some: Invalid argument"

Workaround:
After removing various deprecated options (according to OpenVPN log) and lots of trial and error with no success I eventually stumbled on a workaround. Despite "Compress SSL VPN traffic" being disabled in SSL VPN global settings the Sophos Firewall still seems to be doing something regarding compression. Only when I manually change the 'comp-lzo' parameter to 'yes' in the ovpn file does the connection start passing traffic again. This message is then displayed in the OpenVPN log:

"EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue.' trans=TO_DISCONNECTED

Clearly this is not a good workaround with lots of devices/users. Is Sophos aware of this issue and will it be fixed?

Working OpenVPN 3.4.0 Config:

client
dev tun
proto udp
nobind
(keys removed)
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo yes
verb 3
reneg-sec 86400
remote x.x.x.x 8443 udp




This thread was automatically locked due to age.
Parents
  • 0

    Hello Greg Lowe, I'm having the exact same issue.

    The OpenVPN Connect 3.4.0 on mobile devices have this issue, my workaround, for now (since i dont have much android clients connecting to the VPN), was to downgrade the version of OpenVPN on the clients via APK and turn off the app auto update in the app store.

    Compression is clearly disabled in the profile "comp-lzo no".

    Lets hope OpenVPN can fix this since its their issue. Make sure you open a ticket with them.

  • 0 in reply to António Carvalho

    Hi António,

    I have also disabled app auto updates for now. I'm not convinced this is solely an OpenVPN issue, they have deprecated compression features with a view to removing them at some point. It appears that Sophos Firewall is still pushing some compression features despite both firewall and client options being disabled. This is causing the connection to not work properly with 3.4.0, presumably due to the deprecation.

  • 0 in reply to The G-Man

    That can also be the case. Let's hope this can be fixed quick by either side without much trouble at our end.

    Another alternative is to use the OpenVPN for Android by Arne Schwabe, it also uses the Android VPN API and it's a safe app.

Reply Children
No Data
Unfiltered HTML