Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android + OpenVPN 3.4.0 + SSL VPN = No Traffic

Hello,

Began experiencing an issue with our SSL VPN connections when some Android tablets updated OpenVPN Connect app from 3.3.4 to 3.4.0.

Symptom:
SSL VPN connections are made successfully in 3.4.0 but no traffic flows. OpenVPN 3.4.0 is configured to use the 'Legacy' setting. I tried the others to no avail. OpenVPN log will show this error repeating every minute or so:

"TUN write exception: write_some: Invalid argument"

Workaround:
After removing various deprecated options (according to OpenVPN log) and lots of trial and error with no success I eventually stumbled on a workaround. Despite "Compress SSL VPN traffic" being disabled in SSL VPN global settings the Sophos Firewall still seems to be doing something regarding compression. Only when I manually change the 'comp-lzo' parameter to 'yes' in the ovpn file does the connection start passing traffic again. This message is then displayed in the OpenVPN log:

"EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue.' trans=TO_DISCONNECTED

Clearly this is not a good workaround with lots of devices/users. Is Sophos aware of this issue and will it be fixed?

Working OpenVPN 3.4.0 Config:

client
dev tun
proto udp
nobind
(keys removed)
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo yes
verb 3
reneg-sec 86400
remote x.x.x.x 8443 udp




This thread was automatically locked due to age.
Parents Reply Children
No Data