Dear Sophos Team,
We are using Sophos UTM vpn to connect our users to the office. I'm experiencing some connection error quite often per day. The log shows the following lines several times:
======================================================
Authenticate/Decrypt packet error: packet HMAC authentication failed
Fatal decryption error (process_incoming_link), restarting
======================================================
Wed Sep 08 10:26:39 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Oct 30 2018
Wed Sep 08 10:26:39 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Wed Sep 08 10:26:39 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Sep 08 10:26:39 2021 Need hold release from management interface, waiting...
Wed Sep 08 10:26:40 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'state on'
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'log all on'
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'hold off'
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'hold release'
Wed Sep 08 10:26:53 2021 MANAGEMENT: CMD 'username "Auth" "c.modrok"'
Wed Sep 08 10:26:53 2021 MANAGEMENT: CMD 'password [...]'
Wed Sep 08 10:26:53 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Sep 08 10:26:53 2021 MANAGEMENT: >STATE:1631089613,RESOLVE,,,,,,
Wed Sep 08 10:26:53 2021 Attempting to establish TCP connection with [AF_INET]62.72.104.227:443 [nonblock]
Wed Sep 08 10:26:53 2021 MANAGEMENT: >STATE:1631089613,TCP_CONNECT,,,,,,
Wed Sep 08 10:26:54 2021 TCP connection established with [AF_INET]62.72.104.227:443
Wed Sep 08 10:26:54 2021 TCPv4_CLIENT link local: [undef]
Wed Sep 08 10:26:54 2021 TCPv4_CLIENT link remote: [AF_INET]62.72.104.227:443
Wed Sep 08 10:26:54 2021 MANAGEMENT: >STATE:1631089614,WAIT,,,,,,
Wed Sep 08 10:26:54 2021 MANAGEMENT: >STATE:1631089614,AUTH,,,,,,
Wed Sep 08 10:26:54 2021 TLS: Initial packet from [AF_INET]62.72.104.227:443, sid=9447a531 ae851eac
Wed Sep 08 10:26:54 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Sep 08 10:26:54 2021 VERIFY OK: depth=1, C=lu, L=Munsbach, O=Ethenea, CN=Ethenea VPN CA, emailAddress=licadmin@ethenea.com
Wed Sep 08 10:26:54 2021 VERIFY X509NAME OK: C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
Wed Sep 08 10:26:54 2021 VERIFY OK: depth=0, C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
Wed Sep 08 10:26:55 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 08 10:26:55 2021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 08 10:26:55 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 08 10:26:55 2021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 08 10:26:55 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Sep 08 10:26:55 2021 [FW-LU-01] Peer Connection Initiated with [AF_INET]62.72.104.227:443
Wed Sep 08 10:26:57 2021 MANAGEMENT: >STATE:1631089617,GET_CONFIG,,,,,,
Wed Sep 08 10:26:58 2021 SENT CONTROL [FW-LU-01]: 'PUSH_REQUEST' (status=1)
Wed Sep 08 10:26:58 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.102.0 255.255.255.0,route 192.168.12.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.103.0 255.255.255.0,route 192.168.104.0 255.255.255.0,route 192.168.105.0 255.255.255.0,route 192.168.10.0 255.255.255.0,route 192.168.11.0 255.255.255.0,route 172.16.80.0 255.255.255.0,route 192.168.70.0 255.255.255.0,route 192.168.71.0 255.255.255.0,route 192.168.72.0 255.255.255.0,route 192.168.13.0 255.255.255.0,dhcp-option DNS 192.168.12.34,dhcp-option DNS 192.168.12.32,dhcp-option DOMAIN ethna-capital.local,ifconfig 10.242.2.54 255.255.255.0'
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: timers and/or timeouts modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: --ifconfig/up options modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: route options modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: route-related options modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Sep 08 10:26:58 2021 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 I=5 HWADDR=70:5a:0f:46:7b:f6
Wed Sep 08 10:26:58 2021 open_tun, tt->ipv6=0
Wed Sep 08 10:26:58 2021 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{D2F18D38-D917-4E49-A9FB-27B6015721FA}.tap
Wed Sep 08 10:26:58 2021 TAP-Windows Driver Version 9.21
Wed Sep 08 10:26:58 2021 Set TAP-Windows TUN subnet mode network/local/netmask = 10.242.2.0/10.242.2.54/255.255.255.0 [SUCCEEDED]
Wed Sep 08 10:26:58 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.242.2.54/255.255.255.0 on interface {D2F18D38-D917-4E49-A9FB-27B6015721FA} [DHCP-serv: 10.242.2.254, lease-time: 31536000]
Wed Sep 08 10:26:58 2021 Successful ARP Flush on interface [11] {D2F18D38-D917-4E49-A9FB-27B6015721FA}
Wed Sep 08 10:26:58 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Sep 08 10:26:58 2021 MANAGEMENT: >STATE:1631089618,ASSIGN_IP,,10.242.2.54,,,,
Wed Sep 08 10:27:02 2021 TEST ROUTES: 14/14 succeeded len=14 ret=1 a=0 u/d=up
Wed Sep 08 10:27:02 2021 MANAGEMENT: >STATE:1631089622,ADD_ROUTES,,,,,,
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 62.72.104.227 MASK 255.255.255.255 192.168.178.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.102.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.12.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.101.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.103.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.104.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.105.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.11.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 172.16.80.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.70.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.71.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.72.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.13.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 Initialization Sequence Completed
Wed Sep 08 10:27:02 2021 MANAGEMENT: >STATE:1631089622,CONNECTED,SUCCESS,10.242.2.54,62.72.104.227,443,192.168.178.40,65174
Beste Regards,
Christian
This thread was automatically locked due to age.