This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What triggers a 'MANAGEMENT: Client connected from /var/run/openvpn_mgmt' and initiates a 'CMD kill <user>'?

We recently introduced a Multi-Factor Authentication solution for our VPN users and this introduced an annoying 'feature', as we call it in the trade, when using the Sophos VPN client.

Apparently randomly, users are disconnected from VPN by the Sophos UTM 9, requiring the users to log back in.

So far I noticed that when that happens, the openvpn log shows that a:

  1. MANAGEMENT: Client connected from /var/run/openvpn_mgmt was issued.
  2. Followed by a single or, worse, a buch of CMD 'kill <username>'.

Those connected to the VPN are kicked off with a 'SIGTERM[soft,] received, client-instance exiting'

I have the impression it does a kill of all users that already have used the MFA solution, every time a new user connects using MFA.

What triggers these kill commands?



This thread was automatically locked due to age.
Parents
  • Hi,

     

    don't know if the issue persists. 

     

    We're running into this issue also and the solution was easy here at the end..

     

    We've added some DNS-Hosts to one profile. One of them was a cloudfront endpoint with more than on ip address. What happened? Every time when the UTM resolves a different IP for the specific DNS Host like before, all users related to that profile were "killed" (with the same Log entries like you) to get pushed the new routes. 

    Be sure that wasn't find easy,  I've needed almost 2 days to find at...

    Long story short: be sure that you have static Network entries only in the VPN profiles! Check if your used DNS-hosts have more than one possible IP (f.eg. by using the command host example.com on a linux box)! That could save lots of time! :)

     

    Best,

    Markus

  • Hallo Markus,

    Interesting.  I don't see any way to address the situation where there are changing IPs for a DNS Host used in an SSL VPN Profile except including all of the possible IPs with a Network or a Group object.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    It was simply a mistake to add one dns-host which is pointing to multiple IPs (RoundRobin). Typical use cases are f.eg.  load balancer DNS entries

    I only want to share that because other people should run into that mistake too.

    It's important to use static entries in VPN profiles  only. In my case I had to add all IPs (in whatever flavor) recurring this dns entry.

    Cheers,

Reply
  • Hi Bob,

    It was simply a mistake to add one dns-host which is pointing to multiple IPs (RoundRobin). Typical use cases are f.eg.  load balancer DNS entries

    I only want to share that because other people should run into that mistake too.

    It's important to use static entries in VPN profiles  only. In my case I had to add all IPs (in whatever flavor) recurring this dns entry.

    Cheers,

Children
No Data