Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 44172 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to connect with Sophos VPN SSL client

Fred atallas

Fellas, VPN client stays stuck on the yellow light indicator but shows on the XG that user is connected but in reality he is not.

PC is Win10 it worked before but accessing with VPN overseas failed,testing from another station works with the same certificate. 

 

Mon Mar 06 10:41:27 2017 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Dec  9 2016

Mon Mar 06 10:41:27 2017 library versions: OpenSSL 1.0.1u  22 Sep 2016, LZO 2.09

Enter Management Password:

Mon Mar 06 10:41:27 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341

Mon Mar 06 10:41:27 2017 Need hold release from management interface, waiting...

Mon Mar 06 10:41:28 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341

Mon Mar 06 10:41:28 2017 MANAGEMENT: CMD 'state on'

Mon Mar 06 10:41:28 2017 MANAGEMENT: CMD 'log all on'

Mon Mar 06 10:41:28 2017 MANAGEMENT: CMD 'hold off'

Mon Mar 06 10:41:28 2017 MANAGEMENT: CMD 'hold release'

Mon Mar 06 10:41:41 2017 MANAGEMENT: CMD 'username "Auth" "Pittb"'

Mon Mar 06 10:41:41 2017 MANAGEMENT: CMD 'password [...]'

Mon Mar 06 10:41:41 2017 MANAGEMENT: CMD 'proxy NONE  '

Mon Mar 06 10:41:42 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]

Mon Mar 06 10:41:42 2017 MANAGEMENT: >STATE:1488814902,RESOLVE,,,,,,

Mon Mar 06 10:41:42 2017 Attempting to establish TCP connection with [AF_INET]196.204.50.196:8443 [nonblock]

Mon Mar 06 10:41:42 2017 MANAGEMENT: >STATE:1488814902,TCP_CONNECT,,,,,,

Mon Mar 06 10:41:43 2017 TCP connection established with [AF_INET]196.204.50.196:8443

Mon Mar 06 10:41:43 2017 TCPv4_CLIENT link local: [undef]

Mon Mar 06 10:41:43 2017 TCPv4_CLIENT link remote: [AF_INET]196.204.50.196:8443

Mon Mar 06 10:41:43 2017 MANAGEMENT: >STATE:1488814903,WAIT,,,,,,

Mon Mar 06 10:41:43 2017 Connection reset, restarting [-1]

Mon Mar 06 10:41:43 2017 SIGUSR1[soft,connection-reset] received, process restarting

Mon Mar 06 10:41:43 2017 MANAGEMENT: >STATE:1488814903,RECONNECTING,connection-reset,,,,,

Mon Mar 06 10:41:43 2017 Restart pause, 5 second(s)

Mon Mar 06 10:41:48 2017 MANAGEMENT: CMD 'proxy NONE  '

Mon Mar 06 10:41:49 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]

Mon Mar 06 10:41:49 2017 MANAGEMENT: >STATE:1488814909,RESOLVE,,,,,,

Mon Mar 06 10:41:49 2017 Attempting to establish TCP connection with [AF_INET]196.204.50.196:8443 [nonblock]

Mon Mar 06 10:41:49 2017 MANAGEMENT: >STATE:1488814909,TCP_CONNECT,,,,,,

Mon Mar 06 10:41:50 2017 TCP connection established with [AF_INET]196.204.50.196:8443

Mon Mar 06 10:41:50 2017 TCPv4_CLIENT link local: [undef]

Mon Mar 06 10:41:50 2017 TCPv4_CLIENT link remote: [AF_INET]196.204.50.196:8443

Mon Mar 06 10:41:50 2017 MANAGEMENT: >STATE:1488814910,WAIT,,,,,,

Mon Mar 06 10:41:50 2017 Connection reset, restarting [-1]

Mon Mar 06 10:41:50 2017 SIGUSR1[soft,connection-reset] received, process restarting

Mon Mar 06 10:41:50 2017 MANAGEMENT: >STATE:1488814910,RECONNECTING,connection-reset,,,,,

Mon Mar 06 10:41:50 2017 Restart pause, 5 second(s)

Mon Mar 06 10:41:55 2017 MANAGEMENT: CMD 'proxy NONE  '

Mon Mar 06 10:41:56 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]

Mon Mar 06 10:41:56 2017 MANAGEMENT: >STATE:1488814916,RESOLVE,,,,,,

Mon Mar 06 10:41:56 2017 Attempting to establish TCP connection with [AF_INET]196.204.50.196:8443 [nonblock]

Mon Mar 06 10:41:56 2017 MANAGEMENT: >STATE:1488814916,TCP_CONNECT,,,,,,

Mon Mar 06 10:41:57 2017 TCP connection established with [AF_INET]196.204.50.196:8443

Mon Mar 06 10:41:57 2017 TCPv4_CLIENT link local: [undef]

Mon Mar 06 10:41:57 2017 TCPv4_CLIENT link remote: [AF_INET]196.04.50.196:8443

Mon Mar 06 10:41:57 2017 MANAGEMENT: >STATE:1488814917,WAIT,,,,,,

Mon Mar 06 10:41:57 2017 Connection reset, restarting [-1]

Mon Mar 06 10:41:57 2017 SIGUSR1[soft,connection-reset] received, process restarting

Mon Mar 06 10:41:57 2017 MANAGEMENT: >STATE:1488814917,RECONNECTING,connection-reset,,,,,

Mon Mar 06 10:41:57 2017 Restart pause, 5 second(s)

Mon Mar 06 10:42:02 2017 MANAGEMENT: CMD 'proxy NONE  '

Mon Mar 06 10:42:03 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]

Mon Mar 06 10:42:03 2017 MANAGEMENT: >STATE:1488814923,RESOLVE,,,,,,

Mon Mar 06 10:42:03 2017 Attempting to establish TCP connection with [AF_INET]196.204.50.196:8443 [nonblock]

Mon Mar 06 10:42:03 2017 MANAGEMENT: >STATE:1488814923,TCP_CONNECT,,,,,,

Mon Mar 06 10:42:04 2017 TCP connection established with [AF_INET]196.204.50.196:8443

Mon Mar 06 10:42:04 2017 TCPv4_CLIENT link local: [undef]

Mon Mar 06 10:42:04 2017 TCPv4_CLIENT link remote: [AF_INET]196.204.50.196:8443

Mon Mar 06 10:42:04 2017 MANAGEMENT: >STATE:1488814924,WAIT,,,,,,

Mon Mar 06 10:42:04 2017 Connection reset, restarting [-1]

Mon Mar 06 10:42:04 2017 SIGUSR1[soft,connection-reset] received, process restarting

Mon Mar 06 10:42:04 2017 MANAGEMENT: >STATE:1488814924,RECONNECTING,connection-reset,,,,,

Mon Mar 06 10:42:04 2017 Restart pause, 5 second(s)

Mon Mar 06 10:42:09 2017 MANAGEMENT: CMD 'proxy NONE  '

Mon Mar 06 10:42:10 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]

Mon Mar 06 10:42:10 2017 MANAGEMENT: >STATE:1488814930,RESOLVE,,,,,,

Mon Mar 06 10:42:10 2017 Attempting to establish TCP connection with [AF_INET]196.204.50.196:8443 [nonblock]

Mon Mar 06 10:42:10 2017 MANAGEMENT: >STATE:1488814930,TCP_CONNECT,,,,,,

Mon Mar 06 10:42:11 2017 TCP connection established with [AF_INET]196.204.50.196:8443

Mon Mar 06 10:42:11 2017 TCPv4_CLIENT link local: [undef]

Mon Mar 06 10:42:11 2017 TCPv4_CLIENT link remote: [AF_INET]196.204.50.196:8443

Mon Mar 06 10:42:11 2017 MANAGEMENT: >STATE:1488814931,WAIT,,,,,,

Mon Mar 06 10:42:11 2017 Connection reset, restarting [-1]

Mon Mar 06 10:42:11 2017 SIGUSR1[soft,connection-reset] received, process restarting

Mon Mar 06 10:42:11 2017 MANAGEMENT: >STATE:1488814931,RECONNECTING,connection-reset,,,,,

Mon Mar 06 10:42:11 2017 Restart pause, 5 second(s)

Mon Mar 06 10:42:14 2017 SIGTERM[hard,init_instance] received, process exiting

Mon Mar 06 10:42:14 2017 MANAGEMENT: >STATE:1488814934,EXITING,init_instance,,,,,                 



This thread was automatically locked due to age.
  • 0

    Hi Fred

    Do you authenticate via AD or local account?

  • 0

    Fred,

    did you try to restart the VPN service from the console?

    Also can you share the VPN settings?

    Thanks

  • 0 in reply to Vadym Orlyak

    I use AD accounts and just to mention that am able to connect from a different station with the same user account but not him from China

  • 0 in reply to lferrara

    not sure I can do that from XG, only thing I could do is to delete the user profil and install back his certificate, the log shows he is connected but in reality he is not the light stays on yellow 

  • 0 in reply to Fred atallas

    Fred,

    Try with another account (maybe special characters inside the name/password). If it still dies not work, open a ticket with Support and let us know.

    Thanks

  • 0 in reply to lferrara

    Hi Fred, 

    Could you share configuration on your SSL VPN , which mode are you using TCP or UDP . 

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Fred atallas

    Fred,

    I had the same issue with SSL client when we replaced DC with GC, to solve the issue i had to re-import the AD group/s to firewall.

  • 0

    I had this same problem but an even stranger scenario -- it was literally for 1 single user. Deleted the user from Users container in the XG (we have back end AD sync via ldap) and redownloaded config from user portal and it worked.

    Odd issue, I nearly opened a ticket for this one.

  • 0 in reply to Aditya Patel

    Hi I equally have the same question see below my configs.

     

    Tue Mar 24 00:00:25 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul  3 2017
    Tue Mar 24 00:00:25 2020 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
    Tue Mar 24 00:00:25 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Tue Mar 24 00:00:25 2020 Need hold release from management interface, waiting...
    Tue Mar 24 00:00:25 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Tue Mar 24 00:00:25 2020 MANAGEMENT: CMD 'state on'
    Tue Mar 24 00:00:25 2020 MANAGEMENT: CMD 'log all on'
    Tue Mar 24 00:00:25 2020 MANAGEMENT: CMD 'hold off'
    Tue Mar 24 00:00:25 2020 MANAGEMENT: CMD 'hold release'
    Tue Mar 24 00:00:44 2020 MANAGEMENT: CMD 'username "Auth" "kelvn.mwamba"'
    Tue Mar 24 00:00:44 2020 MANAGEMENT: CMD 'password [...]'
    Tue Mar 24 00:00:44 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Tue Mar 24 00:00:44 2020 Attempting to establish TCP connection with [AF_INET]10.0.0.x:8443 [nonblock]
    Tue Mar 24 00:00:44 2020 MANAGEMENT: >STATE:1585000844,TCP_CONNECT,,,,,,
    Tue Mar 24 00:00:54 2020 TCP: connect to [AF_INET]10.0.0.x:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  
    Tue Mar 24 00:00:54 2020 SIGUSR1[soft,init_instance] received, process restarting
    Tue Mar 24 00:00:54 2020 MANAGEMENT: >STATE:1585000854,RECONNECTING,init_instance,,,,,
    Tue Mar 24 00:00:54 2020 Restart pause, 5 second(s)
    Tue Mar 24 00:00:59 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Tue Mar 24 00:00:59 2020 Attempting to establish TCP connection with [AF_INET]192.168.50.xxx:8443 [nonblock]
    Tue Mar 24 00:00:59 2020 MANAGEMENT: >STATE:1585000859,TCP_CONNECT,,,,,,
    Tue Mar 24 00:01:10 2020 TCP: connect to [AF_INET]192.168.50.xxx:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  
    Tue Mar 24 00:01:10 2020 SIGUSR1[soft,init_instance] received, process restarting
    Tue Mar 24 00:01:10 2020 MANAGEMENT: >STATE:1585000870,RECONNECTING,init_instance,,,,,
    Tue Mar 24 00:01:10 2020 Restart pause, 5 second(s)
    Tue Mar 24 00:01:15 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Tue Mar 24 00:01:15 2020 Attempting to establish TCP connection with [AF_INET]192.168.50.xxx:8443 [nonblock]
    Tue Mar 24 00:01:15 2020 MANAGEMENT: >STATE:1585000875,TCP_CONNECT,,,,,,
    Tue Mar 24 00:01:25 2020 TCP: connect to [AF_INET]192.168.50.xxx:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  
    Tue Mar 24 00:01:25 2020 SIGUSR1[soft,init_instance] received, process restarting
    Tue Mar 24 00:01:25 2020 MANAGEMENT: >STATE:1585000885,RECONNECTING,init_instance,,,,,
    Tue Mar 24 00:01:25 2020 Restart pause, 5 second(s)
    Tue Mar 24 00:01:30 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Tue Mar 24 00:01:30 2020 Attempting to establish TCP connection with [AF_INET]10.255.0.x:8443 [nonblock]
    Tue Mar 24 00:01:30 2020 MANAGEMENT: >STATE:1585000890,TCP_CONNECT,,,,,,
    Tue Mar 24 00:01:40 2020 TCP: connect to [AF_INET]10.255.0.x:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  
    Tue Mar 24 00:01:40 2020 SIGUSR1[soft,init_instance] received, process restarting
    Tue Mar 24 00:01:40 2020 MANAGEMENT: >STATE:1585000900,RECONNECTING,init_instance,,,,,
    Tue Mar 24 00:01:40 2020 Restart pause, 5 second(s)
    Tue Mar 24 00:01:45 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Tue Mar 24 00:01:45 2020 Attempting to establish TCP connection with [AF_INET]10.10.10.x:8443 [nonblock]
    Tue Mar 24 00:01:45 2020 MANAGEMENT: >STATE:1585000905,TCP_CONNECT,,,,,,
    Tue Mar 24 00:01:55 2020 TCP: connect to [AF_INET]10.10.10.x.:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  
    Tue Mar 24 00:01:55 2020 SIGUSR1[soft,init_instance] received, process restarting
    Tue Mar 24 00:01:55 2020 MANAGEMENT: >STATE:1585000915,RECONNECTING,init_instance,,,,,
    Tue Mar 24 00:01:55 2020 Restart pause, 5 second(s)
    Tue Mar 24 00:02:00 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Tue Mar 24 00:02:00 2020 Attempting to establish TCP connection with [AF_INET]192.168.50.xxx:8443 [nonblock]
    Tue Mar 24 00:02:00 2020 MANAGEMENT: >STATE:1585000920,TCP_CONNECT,,,,,,
    Tue Mar 24 00:02:10 2020 TCP: connect to [AF_INET]192.168.50.xxx:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.  
    Tue Mar 24 00:02:10 2020 SIGUSR1[soft,init_instance] received, process restarting
    Tue Mar 24 00:02:10 2020 MANAGEMENT: >STATE:1585000930,RECONNECTING,init_instance,,,,,
    Tue Mar 24 00:02:10 2020 Restart pause, 5 second(s)
    Tue Mar 24 00:02:15 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Tue Mar 24 00:02:15 2020 Attempting to establish TCP connection with [AF_INET]10.0.0.x:8443 [nonblock]
    Tue Mar 24 00:02:15 2020 MANAGEMENT: >STATE:1585000935,TCP_CONNECT,,,,,,

     

Unfiltered HTML