This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED 60 Cannot do SSL handshake on socket accept

Hi.

This is the next device with this problem. When did you mean, you have time to fix this error?

Do you have a "working" workaround?

2021:07:15-12:25:03 utm01 red_server[4561]: SELF: (Re-)loading device configurations
2021:07:15-12:25:06 utm01 red_server[11148]: SELF: Cannot do SSL handshake on socket accept from '62.54.178.180': SSL connect accept failed because of handshake problems
2021:07:15-12:25:07 utm01 red_server[11199]: SELF: New connection from 62.54.178.180 with ID R6000169JH77D0B (cipher AES256-GCM-SHA384), rev1<30>Jul 15 12:25:08 red_server[11199]: R6000169JH77D0B: connected OK, pushing config
2021:07:15-12:25:09 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"version":"0"},"type":"INIT_CONNECTION"}'
2021:07:15-12:25:09 utm01 red_server[11199]: R6000169JH77D0B: Initializing connection running protocol version 0
2021:07:15-12:25:09 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{},"type":"WELCOME"}
2021:07:15-12:25:10 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{},"type":"CONFIG_REQ"}'
2021:07:15-12:25:10 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{"pin":"","fullbr_dns":"","split_networks":"1.2.3.4","lan2_vids":"","lan4_vids":"","local_networks":"","tunnel_id":3,"manual2_netmask":24,"asg_cert":"[removed]","manual_address":"0.0.0.0","bridge_proto":"none","unlock_code":"ffxcqsuu","password":"","manual2_defgw":"0.0.0.0","prev_unlock_code":"ffxcqsuu","manual_netmask":24,"lan3_vids":"","mac_filter_type":"none","mac":"00:0a:4d:2b:dc:ff","dial_string":"*99#","manual2_address":"0.0.0.0","manual_dns":"0.0.0.0","poe_port1":0,"poe_port2":0,"lan1_mode":"unused","username":"","activate_modem":0,"tunnel_compression_algorithm":"lzo","fullbr_domains":"","htp_server":"utm01.camping-spot.de","uplink_balancing":"failover","asg_key":"[removed]","version_red60":"1-1125-15fdee6b8-fda4803","type":"red60","deployment_mode":"online","uplink2_mode":"dhcp","manual2_dns":"0.0.0.0","lan2_mode":"unused","debug_level":0,"local_networks_tar...L1394
2021:07:15-12:25:14 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"key1":"G5AK4hWausF6gf6uMsykPA7QfAcc69fXM4USAy5DNC4=","key0":"8hWwv7ifQnYIK0vdMh6HqyBXrcqB2dt9da3AFgwe1IE=","key_active":0},"type":"SET_KEY_REQ"}'
2021:07:15-12:25:14 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{},"type":"SET_KEY_REP"}
2021:07:15-12:25:15 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"seq":0},"type":"PING"}'
2021:07:15-12:25:15 utm01 red_server[11199]: id="4201" severity="info" sys="System" sub="RED" name="RED Tunnel Up" red_id="R6000169JH77D0B" forced="0"
2021:07:15-12:25:15 utm01 red_server[11199]: R6000169JH77D0B: Sending json message {"data":{"seq":0},"type":"PONG"}
2021:07:15-12:25:16 utm01 red_server[11199]: R6000169JH77D0B: command '{"data":{"wan1_ip":"192.168.1.74","uplink":"WAN1","uplink_state":"0"},"type":"STATUS"}'
2021:07:15-12:25:16 utm01 red2ctl[4572]: Overflow happened on reds3:0
2021:07:15-12:25:16 utm01 red2ctl[4572]: Missing keepalive from reds3:0, disabling peer 62.54.178.180

Regards

Dirk



This thread was automatically locked due to age.
  • Hallo Dirk and welcome to the UTM Community!

    What solution did Sophos Support have for you - an RMA?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob.

    Vielen Dank :-)

    After the Sophos employee from the support team added and deleted network interfaces and DHCP servers on my SG in a remote session, he came to the conclusion that the RED is probably defective.
    He did not know the workaround that was supposed to load the old firmware. Now the RED 60 is exchanged. I only got an RMA under protest. I've been in IT for 20 years, but the support from Sophos
    is arguably the worst I've ever seen! Either you don't understand people because you speak Indian more than English, or the
    phone line is so bad that you can't understand anything at all. And all after 4 hours in the queue. And what annoys me the most is that Sophos knowingly sell devices that are defective or have a problem!

  • I've never had good luck with calling Support, Dirk.  I've always used the web interface to start a case and have escalated the case if in a hurry.  Sorry to hear that you had such a frustrating introduction to Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA