This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What triggers a 'MANAGEMENT: Client connected from /var/run/openvpn_mgmt' and initiates a 'CMD kill <user>'?

We recently introduced a Multi-Factor Authentication solution for our VPN users and this introduced an annoying 'feature', as we call it in the trade, when using the Sophos VPN client.

Apparently randomly, users are disconnected from VPN by the Sophos UTM 9, requiring the users to log back in.

So far I noticed that when that happens, the openvpn log shows that a:

  1. MANAGEMENT: Client connected from /var/run/openvpn_mgmt was issued.
  2. Followed by a single or, worse, a buch of CMD 'kill <username>'.

Those connected to the VPN are kicked off with a 'SIGTERM[soft,] received, client-instance exiting'

I have the impression it does a kill of all users that already have used the MFA solution, every time a new user connects using MFA.

What triggers these kill commands?



This thread was automatically locked due to age.
Parents
  • Hey all,

    The same issue occurred for us shortly after adding DNS hosts into the allowed networks section.  I noticed that the resolution for certain domains would update at random intervals which kicked off all clients to download the new routing information.  It's a simple fix, just remove the DNS host entries and replace will all IP based network objects as you all stated above. 

    Is there any way stop all clients from getting booted other than just adding IPs and not using DNS host entries?

     

    Thanks for your help!

  • Hi and welcome to the UTM Community!

    In situations where an FQDN has multiple A-records that don't change (typical in a "load balancing" scenario), one should use a DNS Group definition since a DNS Host definition only resolves to the first A-record found.

    Cheers  Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi and welcome to the UTM Community!

    In situations where an FQDN has multiple A-records that don't change (typical in a "load balancing" scenario), one should use a DNS Group definition since a DNS Host definition only resolves to the first A-record found.

    Cheers  Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi Bob,

    Thank you for taking the time to answer!  I apologize as I should have been more clear in my question as I used the wrong term.  I actually did use the DNS group definition and not the DNS host definition.  We saw issues when the DNS group definition would update the number IPs it would resolve as this would cause all clients to get booted from the VPN.  I wasn't sure if there was a way to prevent users from being kicked off of the VPN when the DNS group is dynamically updated.

  • Ahhh - I see now.  You're right, if an IP changes and the DNS Group object is used in a VPN definition, the connection will be reset for the reason you mentioned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA