This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Verbindung bricht immer wieder ab

Hallo,

folgende Problematik bei mir bricht seit ca. 2 Wochen immer wieder das SSL VPN  ab hier das Log:

Thu Jun 30 14:39:24 2022 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul  3 2017
Thu Jun 30 14:39:24 2022 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
Thu Jun 30 14:39:24 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jun 30 14:39:24 2022 Need hold release from management interface, waiting...
Thu Jun 30 14:39:24 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jun 30 14:39:24 2022 MANAGEMENT: CMD 'state on'
Thu Jun 30 14:39:24 2022 MANAGEMENT: CMD 'log all on'
Thu Jun 30 14:39:24 2022 MANAGEMENT: CMD 'hold off'
Thu Jun 30 14:39:24 2022 MANAGEMENT: CMD 'hold release'
Thu Jun 30 14:39:32 2022 MANAGEMENT: CMD 'username "Auth" "simon"'
Thu Jun 30 14:39:32 2022 MANAGEMENT: CMD 'password [...]'
Thu Jun 30 14:39:32 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 30 14:39:32 2022 MANAGEMENT: >STATE:1656592772,RESOLVE,,,,,,
Thu Jun 30 14:39:32 2022 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:8443 [nonblock]
Thu Jun 30 14:39:32 2022 MANAGEMENT: >STATE:1656592772,TCP_CONNECT,,,,,,
Thu Jun 30 14:39:33 2022 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:8443
Thu Jun 30 14:39:33 2022 TCPv4_CLIENT link local: [undef]
Thu Jun 30 14:39:33 2022 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:8443
Thu Jun 30 14:39:33 2022 MANAGEMENT: >STATE:1656592773,WAIT,,,,,,
Thu Jun 30 14:39:33 2022 MANAGEMENT: >STATE:1656592773,AUTH,,,,,,
Thu Jun 30 14:39:33 2022 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:8443, sid=661cb874 36b321df
Thu Jun 30 14:39:33 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jun 30 14:39:33 2022 VERIFY OK: depth=1, C=DE, ST=BY, L=Haiming, O=xxxxx, OU=OU, CN=Sophos_CA_C1A0A48J993G733, emailAddress=xxxxx
Thu Jun 30 14:39:33 2022 VERIFY X509NAME OK: C=DE, ST=BY, L=Haiming, O=Gemeinde Haiming, OU=OU, CN=SophosApplianceCertificate_C1A0A48J993G733, emailAddress=gl@haiming.de
Thu Jun 30 14:39:33 2022 VERIFY OK: depth=0, C=DE, ST=BY, L=Haiming, O=xxxxx, OU=OU, CN=SophosApplianceCertificate_C1A0A48J993G733, emailAddress=xxxxx
Thu Jun 30 14:39:34 2022 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 30 14:39:34 2022 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jun 30 14:39:34 2022 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 30 14:39:34 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jun 30 14:39:34 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jun 30 14:39:34 2022 [SophosApplianceCertificate_C1A0A48J993G733] Peer Connection Initiated with [AF_INET]24.134.67.117:8443
Thu Jun 30 14:39:35 2022 MANAGEMENT: >STATE:1656592775,GET_CONFIG,,,,,,
Thu Jun 30 14:39:36 2022 SENT CONTROL [SophosApplianceCertificate_C1A0A48J993G733]: 'PUSH_REQUEST' (status=1)
Thu Jun 30 14:39:36 2022 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.81.234.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,route 10.17.123.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,ifconfig 10.81.234.8 255.255.255.0'
Thu Jun 30 14:39:36 2022 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 30 14:39:36 2022 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Jun 30 14:39:36 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 30 14:39:36 2022 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 30 14:39:36 2022 OPTIONS IMPORT: route options modified
Thu Jun 30 14:39:36 2022 OPTIONS IMPORT: route-related options modified
Thu Jun 30 14:39:36 2022 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=14 HWADDR=96:33:34:cf:8c:84
Thu Jun 30 14:39:36 2022 open_tun, tt->ipv6=0
Thu Jun 30 14:39:36 2022 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{B8876532-3A18-4DBF-BAC9-9F15BEC2367E}.tap
Thu Jun 30 14:39:36 2022 TAP-Windows Driver Version 9.21
Thu Jun 30 14:39:36 2022 Set TAP-Windows TUN subnet mode network/local/netmask = 10.81.234.0/10.81.234.8/255.255.255.0 [SUCCEEDED]
Thu Jun 30 14:39:36 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.81.234.8/255.255.255.0 on interface {B8876532-3A18-4DBF-BAC9-9F15BEC2367E} [DHCP-serv: 10.81.234.254, lease-time: 31536000]
Thu Jun 30 14:39:36 2022 Successful ARP Flush on interface [13] {B8876532-3A18-4DBF-BAC9-9F15BEC2367E}
Thu Jun 30 14:39:36 2022 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jun 30 14:39:36 2022 MANAGEMENT: >STATE:1656592776,ASSIGN_IP,,10.81.234.8,,,,
Thu Jun 30 14:39:41 2022 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Thu Jun 30 14:39:41 2022 MANAGEMENT: >STATE:1656592781,ADD_ROUTES,,,,,,
Thu Jun 30 14:39:41 2022 C:\Windows\system32\route.exe ADD xxx.xxx.xxx.xxx MASK 255.255.255.255 192.168.0.1
Thu Jun 30 14:39:41 2022 Route addition via service succeeded
Thu Jun 30 14:39:41 2022 C:\Windows\system32\route.exe ADD 10.17.123.0 MASK 255.255.255.0 10.81.234.5
Thu Jun 30 14:39:41 2022 Route addition via service succeeded
Thu Jun 30 14:39:41 2022 C:\Windows\system32\route.exe ADD xxx.xxx.xxx.xxx MASK 255.255.255.255 192.168.0.1
Thu Jun 30 14:39:41 2022 ROUTE: route addition failed using service: Das Objekt ist bereits vorhanden.   [status=5010 if_index=14]
Thu Jun 30 14:39:41 2022 Route addition via service failed
Thu Jun 30 14:39:41 2022 Initialization Sequence Completed
Thu Jun 30 14:39:41 2022 MANAGEMENT: >STATE:1656592781,CONNECTED,SUCCESS,10.81.234.8,xxx.xxx.xxx.xxx,8443,192.168.0.251,49687
Thu Jun 30 14:54:53 2022 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Thu Jun 30 14:54:53 2022 Connection reset, restarting [-1]
Thu Jun 30 14:54:53 2022 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jun 30 14:54:53 2022 MANAGEMENT: >STATE:1656593693,RECONNECTING,connection-reset,,,,,
Thu Jun 30 14:54:53 2022 Restart pause, 5 second(s)
Thu Jun 30 14:54:58 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 30 14:54:58 2022 MANAGEMENT: >STATE:1656593698,RESOLVE,,,,,,
Thu Jun 30 14:54:58 2022 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:8443 [nonblock]
Thu Jun 30 14:54:58 2022 MANAGEMENT: >STATE:1656593698,TCP_CONNECT,,,,,,
Thu Jun 30 14:54:59 2022 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:8443
Thu Jun 30 14:54:59 2022 TCPv4_CLIENT link local: [undef]
Thu Jun 30 14:54:59 2022 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:8443
Thu Jun 30 14:54:59 2022 MANAGEMENT: >STATE:1656593699,WAIT,,,,,,
Thu Jun 30 14:54:59 2022 MANAGEMENT: >STATE:1656593699,AUTH,,,,,,
Thu Jun 30 14:54:59 2022 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:8443, sid=f181329a 415b9131
Thu Jun 30 14:54:59 2022 VERIFY OK: depth=1, C=DE, ST=BY, L=Haiming, O=xxxxx, OU=OU, CN=Sophos_CA_C1A0A48J993G733, emailAddress=xxxxx
Thu Jun 30 14:54:59 2022 VERIFY X509NAME OK: C=DE, ST=BY, L=Haiming, O=Gemeinde Haiming, OU=OU, CN=SophosApplianceCertificate_C1A0A48J993G733, emailAddress=gl@haiming.de
Thu Jun 30 14:54:59 2022 VERIFY OK: depth=0, C=DE, ST=BY, L=Haiming, O=xxxxx, OU=OU, CN=SophosApplianceCertificate_C1A0A48J993G733, emailAddress=xxxxx
Thu Jun 30 14:55:00 2022 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 30 14:55:00 2022 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jun 30 14:55:00 2022 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 30 14:55:00 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jun 30 14:55:00 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jun 30 14:55:00 2022 [SophosApplianceCertificate_C1A0A48J993G733] Peer Connection Initiated with [AF_INET]24.134.67.117:8443
Thu Jun 30 14:55:02 2022 MANAGEMENT: >STATE:1656593702,GET_CONFIG,,,,,,
Thu Jun 30 14:55:03 2022 SENT CONTROL [SophosApplianceCertificate_C1A0A48J993G733]: 'PUSH_REQUEST' (status=1)
Thu Jun 30 14:55:03 2022 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.81.234.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,route 10.17.123.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,ifconfig 10.81.234.9 255.255.255.0'
Thu Jun 30 14:55:03 2022 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 30 14:55:03 2022 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Jun 30 14:55:03 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 30 14:55:03 2022 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 30 14:55:03 2022 OPTIONS IMPORT: route options modified
Thu Jun 30 14:55:03 2022 OPTIONS IMPORT: route-related options modified
Thu Jun 30 14:55:03 2022 Preserving previous TUN/TAP instance: Ethernet 2
Thu Jun 30 14:55:03 2022 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Thu Jun 30 14:55:03 2022 C:\Windows\system32\route.exe DELETE 10.17.123.0 MASK 255.255.255.0 10.81.234.5
Thu Jun 30 14:55:03 2022 Route deletion via service succeeded
Thu Jun 30 14:55:03 2022 C:\Windows\system32\route.exe DELETE xxx.xxx.xxx.xxx MASK 255.255.255.255 192.168.0.1
Thu Jun 30 14:55:03 2022 Route deletion via service succeeded
Thu Jun 30 14:55:03 2022 Closing TUN/TAP interface
Thu Jun 30 14:55:04 2022 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=14 HWADDR=96:33:34:cf:8c:84
Thu Jun 30 14:55:04 2022 open_tun, tt->ipv6=0
Thu Jun 30 14:55:04 2022 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{B8876532-3A18-4DBF-BAC9-9F15BEC2367E}.tap
Thu Jun 30 14:55:04 2022 TAP-Windows Driver Version 9.21
Thu Jun 30 14:55:04 2022 Set TAP-Windows TUN subnet mode network/local/netmask = 10.81.234.0/10.81.234.9/255.255.255.0 [SUCCEEDED]
Thu Jun 30 14:55:04 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.81.234.9/255.255.255.0 on interface {B8876532-3A18-4DBF-BAC9-9F15BEC2367E} [DHCP-serv: 10.81.234.254, lease-time: 31536000]
Thu Jun 30 14:55:04 2022 Successful ARP Flush on interface [13] {B8876532-3A18-4DBF-BAC9-9F15BEC2367E}
Thu Jun 30 14:55:04 2022 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jun 30 14:55:04 2022 MANAGEMENT: >STATE:1656593704,ASSIGN_IP,,10.81.234.9,,,,
Thu Jun 30 14:55:08 2022 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Thu Jun 30 14:55:08 2022 MANAGEMENT: >STATE:1656593708,ADD_ROUTES,,,,,,
Thu Jun 30 14:55:08 2022 C:\Windows\system32\route.exe ADD xxx.xxx.xxx.xxx MASK 255.255.255.255 192.168.0.1
Thu Jun 30 14:55:08 2022 Route addition via service succeeded
Thu Jun 30 14:55:08 2022 C:\Windows\system32\route.exe ADD 10.17.123.0 MASK 255.255.255.0 10.81.234.5
Thu Jun 30 14:55:08 2022 Route addition via service succeeded
Thu Jun 30 14:55:08 2022 C:\Windows\system32\route.exe ADD xxx.xxx.xxx.xxx MASK 255.255.255.255 192.168.0.1
Thu Jun 30 14:55:08 2022 ROUTE: route addition failed using service: Das Objekt ist bereits vorhanden.   [status=5010 if_index=14]
Thu Jun 30 14:55:08 2022 Route addition via service failed
Thu Jun 30 14:55:08 2022 Initialization Sequence Completed
Thu Jun 30 14:55:08 2022 MANAGEMENT: >STATE:1656593708,CONNECTED,SUCCESS,10.81.234.9,xxx.xxx.xxx.xxx,8443,192.168.0.251,49698
 

folgendes habe ich bereits versucht:

https://ugetfix.com/ask/how-to-fix-socket-error-10060-on-windows/ = trifft alles nicht zu

SSL VPN Software mehrmals neu installiert =  selbes Ergebniss 

Neues Betriebsystem in einer  VM aufgesetzt  (jeweils Windows 10 Home & Enterprise LTSC mit aktuellen Patchstand) = selbes Ergebniss

Hat hier irgendwär Irgendwelche Ideen woran das liegen kann.

Gruß

Straubinger Simon



This thread was automatically locked due to age.
Parents
  • Hallo ,

    Vielen Dank, dass Sie sich an die Community gewandt haben. Bitte stellen Sie sicher, dass kein anderer ähnlicher SSL-VPN-Client oder Cisco Any Connect-Client vorhanden ist. oder eine doppelte tuntap-Schnittstelle ist nicht vorhanden und versuchen Sie es erneut.

    Oder versuchen Sie es auf einer Maschine, die keine virtuelle Schnittstelle hat, und installieren Sie einen neuen Client.

    Sobald die Verbindung hergestellt ist, stellen Sie sicher, dass eine LAN-zu-VPN- und eine VPN-zu-LAN-Regel mit aktiviertem NAT vorhanden ist.

    Thanks & Regards,

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hallo ,

    Vielen Dank, dass Sie sich an die Community gewandt haben. Bitte stellen Sie sicher, dass kein anderer ähnlicher SSL-VPN-Client oder Cisco Any Connect-Client vorhanden ist. oder eine doppelte tuntap-Schnittstelle ist nicht vorhanden und versuchen Sie es erneut.

    Oder versuchen Sie es auf einer Maschine, die keine virtuelle Schnittstelle hat, und installieren Sie einen neuen Client.

    Sobald die Verbindung hergestellt ist, stellen Sie sicher, dass eine LAN-zu-VPN- und eine VPN-zu-LAN-Regel mit aktiviertem NAT vorhanden ist.

    Thanks & Regards,

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children