Hallo,
plötzlich funktioniert mein SSL VPN Zugriff per iPhone nicht mehr .
* iPhone (OPenVPN Connect App) kann sich verbinden (siehe Log-File)
* In Sophos XG kann ich unter "Aktuelle Aktivitäten" die Verbindung sehen.
* Von der Sophos kann ich auf das eigene VPN-Device (192.168.10.20) und auch auf die VPN-IP des iphones (192.168.10.21) pingen.
* Vom iPhone kann ich weder auf die eigene VPN-IP (192.168.10.21) noch auf die VPN-IP der Sophos pingen.
Mein Verdacht: Irgendetwas stimmt mit dem Routing nicht. Ich habe aber keine Idee.
Wie oder wo suche ich denn am Besten weiter?
Vielen Dank!
Tony
Hier das Log vom iPhone:
021-09-08 22:02:54 1 2021-09-08 22:02:54 ----- OpenVPN Start ----- OpenVPN core 3.git::58b92569 ios arm64 64-bit 2021-09-08 22:02:54 OpenVPN core 3.git::58b92569 ios arm64 64-bit 2021-09-08 22:02:54 Frame=512/2048/512 mssfix-ctrl=1250 2021-09-08 22:02:54 UNUSED OPTIONS 3 [explicit-exit-notify] 4 [resolv-retry] [infinite] 5 [nobind] 6 [persist-key] 7 [persist-tun] 15 [route-delay] [4] 16 [verb] [3] 2021-09-08 22:02:54 EVENT: RESOLVE 2021-09-08 22:02:54 Contacting [181.192.130.13]:8443/UDP via UDP 2021-09-08 22:02:54 EVENT: WAIT 2021-09-08 22:02:54 Connecting to [meine-externe-IP]:8443 (181.192.130.13) via UDPv4 2021-09-08 22:02:54 EVENT: CONNECTING 2021-09-08 22:02:54 Tunnel Options:V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client 2021-09-08 22:02:54 Creds: Username/Password 2021-09-08 22:02:54 Peer Info: IV_VER=3.git::58b92569 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO_STUB=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760 IV_SSO=openurl 2021-09-08 22:02:55 VERIFY OK: depth=1, /C=DE/ST=NA/L=NA/O=privat/OU=OU/CN=Sophos_CA_C01001X2WHJP2D1/emailAddress=meine.email@adresse.de 2021-09-08 22:02:55 VERIFY OK: depth=0, /C=DE/ST=NA/L=NA/O=privat/OU=OU/CN=SophosApplianceCertificate_C01001X2WHJP2D1/emailAddress=meine.email@adresse.de 2021-09-08 22:02:55 SSL Handshake: CN=SophosApplianceCertificate_C01001X2WHJP2D1, TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2021-09-08 22:02:55 Session is ACTIVE 2021-09-08 22:02:55 EVENT: GET_CONFIG 2021-09-08 22:02:55 Sending PUSH_REQUEST to server... 2021-09-08 22:02:56 Sending PUSH_REQUEST to server... 2021-09-08 22:02:57 OPTIONS: 0 [route-gateway] [192.168.10.20] 1 [sndbuf] [0] 2 [rcvbuf] [0] 3 [sndbuf] [0] 4 [rcvbuf] [0] 5 [ping] [45] 6 [ping-restart] [180] 7 [redirect-gateway] [def1] 8 [topology] [subnet] 9 [route] [remote_host] [255.255.255.255] [net_gateway] 10 [inactive] [900] [7680] 11 [ifconfig] [192.168.10.21] [255.255.255.0] 2021-09-08 22:02:57 PROTOCOL OPTIONS: cipher: AES-128-CBC digest: SHA256 compress: LZO_STUB peer ID: -1 2021-09-08 22:02:57 EVENT: ASSIGN_IP 2021-09-08 22:02:57 NIP: preparing TUN network settings 2021-09-08 22:02:57 NIP: init TUN network settings with endpoint: 181.192.130.13 2021-09-08 22:02:57 NIP: adding IPv4 address to network settings 192.168.10.21/255.255.255.0 2021-09-08 22:02:57 NIP: adding (included) IPv4 route 192.168.10.0/24 2021-09-08 22:02:57 NIP: redirecting all IPv4 traffic to TUN interface 2021-09-08 22:02:57 Connected via NetworkExtensionTUN 2021-09-08 22:02:57 LZO-ASYM init swap=0 asym=1 2021-09-08 22:02:57 Comp-stub init swap=0 2021-09-08 22:02:57 EVENT: CONNECTED mein_iphoneneu@meine-externe-IP:8443 (181.192.130.13) via /UDPv4 on NetworkExtensionTUN/192.168.10.21/ gw=[/]
iphone__ssl_vpn_config.ovpn
client dev tun proto udp explicit-exit-notify ;verify-x509-name "C=DE, ST=NA, L=NA, O=privat, OU=OU, CN=SophosApplianceCertificate_C01001X2WHJP2D1, emailAddress=meine.email@adresse.de" ;route remote_host 255.255.255.255 net_gateway resolv-retry infinite nobind persist-key persist-tun <ca> -----BEGIN CERTIFICATE----- snip -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- snip -----END CERTIFICATE----- </cert> <key> -----BEGIN RSA PRIVATE KEY----- snip -----END RSA PRIVATE KEY----- </key> auth-user-pass cipher AES-128-CBC auth SHA256 comp-lzo no ;can_save no ;otp no ;run_logon_script no ;auto_connect route-delay 4 verb 3 reneg-sec 86400 remote meine-externe-IP 8443
Added TAGs
[edited by: Erick Jan at 7:54 AM (GMT -7) on 29 May 2023]