This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Authenticate/Decrypt packet error: packet HMAC authentication failed

Dear Sophos Team,

We are using Sophos UTM vpn to connect our users to the office. I'm experiencing some connection error quite often per day. The log shows the following lines several times:

======================================================

Authenticate/Decrypt packet error: packet HMAC authentication failed
Fatal decryption error (process_incoming_link), restarting

======================================================

Wed Sep 08 10:26:39 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Oct 30 2018
Wed Sep 08 10:26:39 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Wed Sep 08 10:26:39 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Sep 08 10:26:39 2021 Need hold release from management interface, waiting...
Wed Sep 08 10:26:40 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'state on'
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'log all on'
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'hold off'
Wed Sep 08 10:26:40 2021 MANAGEMENT: CMD 'hold release'
Wed Sep 08 10:26:53 2021 MANAGEMENT: CMD 'username "Auth" "c.modrok"'
Wed Sep 08 10:26:53 2021 MANAGEMENT: CMD 'password [...]'
Wed Sep 08 10:26:53 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Sep 08 10:26:53 2021 MANAGEMENT: >STATE:1631089613,RESOLVE,,,,,,
Wed Sep 08 10:26:53 2021 Attempting to establish TCP connection with [AF_INET]62.72.104.227:443 [nonblock]
Wed Sep 08 10:26:53 2021 MANAGEMENT: >STATE:1631089613,TCP_CONNECT,,,,,,
Wed Sep 08 10:26:54 2021 TCP connection established with [AF_INET]62.72.104.227:443
Wed Sep 08 10:26:54 2021 TCPv4_CLIENT link local: [undef]
Wed Sep 08 10:26:54 2021 TCPv4_CLIENT link remote: [AF_INET]62.72.104.227:443
Wed Sep 08 10:26:54 2021 MANAGEMENT: >STATE:1631089614,WAIT,,,,,,
Wed Sep 08 10:26:54 2021 MANAGEMENT: >STATE:1631089614,AUTH,,,,,,
Wed Sep 08 10:26:54 2021 TLS: Initial packet from [AF_INET]62.72.104.227:443, sid=9447a531 ae851eac
Wed Sep 08 10:26:54 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Sep 08 10:26:54 2021 VERIFY OK: depth=1, C=lu, L=Munsbach, O=Ethenea, CN=Ethenea VPN CA, emailAddress=licadmin@ethenea.com
Wed Sep 08 10:26:54 2021 VERIFY X509NAME OK: C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
Wed Sep 08 10:26:54 2021 VERIFY OK: depth=0, C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
Wed Sep 08 10:26:55 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 08 10:26:55 2021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 08 10:26:55 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 08 10:26:55 2021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 08 10:26:55 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Sep 08 10:26:55 2021 [FW-LU-01] Peer Connection Initiated with [AF_INET]62.72.104.227:443
Wed Sep 08 10:26:57 2021 MANAGEMENT: >STATE:1631089617,GET_CONFIG,,,,,,
Wed Sep 08 10:26:58 2021 SENT CONTROL [FW-LU-01]: 'PUSH_REQUEST' (status=1)
Wed Sep 08 10:26:58 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.102.0 255.255.255.0,route 192.168.12.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.103.0 255.255.255.0,route 192.168.104.0 255.255.255.0,route 192.168.105.0 255.255.255.0,route 192.168.10.0 255.255.255.0,route 192.168.11.0 255.255.255.0,route 172.16.80.0 255.255.255.0,route 192.168.70.0 255.255.255.0,route 192.168.71.0 255.255.255.0,route 192.168.72.0 255.255.255.0,route 192.168.13.0 255.255.255.0,dhcp-option DNS 192.168.12.34,dhcp-option DNS 192.168.12.32,dhcp-option DOMAIN ethna-capital.local,ifconfig 10.242.2.54 255.255.255.0'
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: timers and/or timeouts modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: --ifconfig/up options modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: route options modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: route-related options modified
Wed Sep 08 10:26:58 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Sep 08 10:26:58 2021 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 I=5 HWADDR=70:5a:0f:46:7b:f6
Wed Sep 08 10:26:58 2021 open_tun, tt->ipv6=0
Wed Sep 08 10:26:58 2021 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{D2F18D38-D917-4E49-A9FB-27B6015721FA}.tap
Wed Sep 08 10:26:58 2021 TAP-Windows Driver Version 9.21
Wed Sep 08 10:26:58 2021 Set TAP-Windows TUN subnet mode network/local/netmask = 10.242.2.0/10.242.2.54/255.255.255.0 [SUCCEEDED]
Wed Sep 08 10:26:58 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.242.2.54/255.255.255.0 on interface {D2F18D38-D917-4E49-A9FB-27B6015721FA} [DHCP-serv: 10.242.2.254, lease-time: 31536000]
Wed Sep 08 10:26:58 2021 Successful ARP Flush on interface [11] {D2F18D38-D917-4E49-A9FB-27B6015721FA}
Wed Sep 08 10:26:58 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Sep 08 10:26:58 2021 MANAGEMENT: >STATE:1631089618,ASSIGN_IP,,10.242.2.54,,,,
Wed Sep 08 10:27:02 2021 TEST ROUTES: 14/14 succeeded len=14 ret=1 a=0 u/d=up
Wed Sep 08 10:27:02 2021 MANAGEMENT: >STATE:1631089622,ADD_ROUTES,,,,,,
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 62.72.104.227 MASK 255.255.255.255 192.168.178.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.102.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.12.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.101.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.103.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.104.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.105.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.11.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 172.16.80.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.70.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.71.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.72.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 C:\WINDOWS\system32\route.exe ADD 192.168.13.0 MASK 255.255.255.0 10.242.2.1
Wed Sep 08 10:27:02 2021 Route addition via service succeeded
Wed Sep 08 10:27:02 2021 Initialization Sequence Completed
Wed Sep 08 10:27:02 2021 MANAGEMENT: >STATE:1631089622,CONNECTED,SUCCESS,10.242.2.54,62.72.104.227,443,192.168.178.40,65174

Beste Regards,

Christian



This thread was automatically locked due to age.
Parents
  • Hallo Christian and welcome to the UTM Community!

    Please show us the lines from the UTM's SSL VPN log for the time when the authentication failure occurred.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    sorry the wrong log file now the right log file. You'll find the Authenticate/Decrypt packet error in bold characters below.

    Best Regards,

    Christian 

    Mon Sep 13 07:59:40 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Oct 30 2018
    Mon Sep 13 07:59:40 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Mon Sep 13 07:59:40 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Mon Sep 13 07:59:40 2021 Need hold release from management interface, waiting...
    Mon Sep 13 07:59:41 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Mon Sep 13 07:59:41 2021 MANAGEMENT: CMD 'state on'
    Mon Sep 13 07:59:41 2021 MANAGEMENT: CMD 'log all on'
    Mon Sep 13 07:59:41 2021 MANAGEMENT: CMD 'hold off'
    Mon Sep 13 07:59:41 2021 MANAGEMENT: CMD 'hold release'
    Mon Sep 13 08:00:12 2021 MANAGEMENT: CMD 'username "Auth" "c.modrok"'
    Mon Sep 13 08:00:12 2021 MANAGEMENT: CMD 'password [...]'
    Mon Sep 13 08:00:13 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Sep 13 08:00:13 2021 MANAGEMENT: >STATE:1631512813,RESOLVE,,,,,,
    Mon Sep 13 08:00:13 2021 Attempting to establish TCP connection with [AF_INET]62.72.104.227:443 [nonblock]
    Mon Sep 13 08:00:13 2021 MANAGEMENT: >STATE:1631512813,TCP_CONNECT,,,,,,
    Mon Sep 13 08:00:14 2021 TCP connection established with [AF_INET]62.72.104.227:443
    Mon Sep 13 08:00:14 2021 TCPv4_CLIENT link local: [undef]
    Mon Sep 13 08:00:14 2021 TCPv4_CLIENT link remote: [AF_INET]62.72.104.227:443
    Mon Sep 13 08:00:14 2021 MANAGEMENT: >STATE:1631512814,WAIT,,,,,,
    Mon Sep 13 08:00:14 2021 MANAGEMENT: >STATE:1631512814,AUTH,,,,,,
    Mon Sep 13 08:00:14 2021 TLS: Initial packet from [AF_INET]62.72.104.227:443, sid=93e813b4 38df2d27
    Mon Sep 13 08:00:14 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Sep 13 08:00:14 2021 VERIFY OK: depth=1, C=lu, L=Munsbach, O=Ethenea, CN=Ethenea VPN CA, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:00:14 2021 VERIFY X509NAME OK: C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:00:14 2021 VERIFY OK: depth=0, C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:00:15 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Sep 13 08:00:15 2021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Sep 13 08:00:15 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Sep 13 08:00:15 2021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Sep 13 08:00:15 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Mon Sep 13 08:00:15 2021 [FW-LU-01] Peer Connection Initiated with [AF_INET]62.72.104.227:443
    Mon Sep 13 08:00:16 2021 MANAGEMENT: >STATE:1631512816,GET_CONFIG,,,,,,
    Mon Sep 13 08:00:18 2021 SENT CONTROL [FW-LU-01]: 'PUSH_REQUEST' (status=1)
    Mon Sep 13 08:00:18 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.102.0 255.255.255.0,route 192.168.12.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.103.0 255.255.255.0,route 192.168.104.0 255.255.255.0,route 192.168.105.0 255.255.255.0,route 192.168.10.0 255.255.255.0,route 192.168.11.0 255.255.255.0,route 172.16.80.0 255.255.255.0,route 192.168.70.0 255.255.255.0,route 192.168.71.0 255.255.255.0,route 192.168.72.0 255.255.255.0,route 192.168.13.0 255.255.255.0,dhcp-option DNS 192.168.12.34,dhcp-option DNS 192.168.12.32,dhcp-option DOMAIN ethna-capital.local,ifconfig 10.242.2.22 255.255.255.0'
    Mon Sep 13 08:00:18 2021 OPTIONS IMPORT: timers and/or timeouts modified
    Mon Sep 13 08:00:18 2021 OPTIONS IMPORT: --ifconfig/up options modified
    Mon Sep 13 08:00:18 2021 OPTIONS IMPORT: route options modified
    Mon Sep 13 08:00:18 2021 OPTIONS IMPORT: route-related options modified
    Mon Sep 13 08:00:18 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Mon Sep 13 08:00:18 2021 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 I=5 HWADDR=70:5a:0f:46:7b:f6
    Mon Sep 13 08:00:18 2021 open_tun, tt->ipv6=0
    Mon Sep 13 08:00:18 2021 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{D2F18D38-D917-4E49-A9FB-27B6015721FA}.tap
    Mon Sep 13 08:00:18 2021 TAP-Windows Driver Version 9.21
    Mon Sep 13 08:00:18 2021 Set TAP-Windows TUN subnet mode network/local/netmask = 10.242.2.0/10.242.2.22/255.255.255.0 [SUCCEEDED]
    Mon Sep 13 08:00:18 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.242.2.22/255.255.255.0 on interface {D2F18D38-D917-4E49-A9FB-27B6015721FA} [DHCP-serv: 10.242.2.254, lease-time: 31536000]
    Mon Sep 13 08:00:18 2021 Successful ARP Flush on interface [11] {D2F18D38-D917-4E49-A9FB-27B6015721FA}
    Mon Sep 13 08:00:18 2021 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Sep 13 08:00:18 2021 MANAGEMENT: >STATE:1631512818,ASSIGN_IP,,10.242.2.22,,,,
    Mon Sep 13 08:00:22 2021 TEST ROUTES: 14/14 succeeded len=14 ret=1 a=0 u/d=up
    Mon Sep 13 08:00:22 2021 MANAGEMENT: >STATE:1631512822,ADD_ROUTES,,,,,,
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 62.72.104.227 MASK 255.255.255.255 192.168.178.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.102.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.12.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.101.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.103.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.104.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.105.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.11.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 172.16.80.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.70.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.71.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.72.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 C:\WINDOWS\system32\route.exe ADD 192.168.13.0 MASK 255.255.255.0 10.242.2.1
    Mon Sep 13 08:00:22 2021 Route addition via service succeeded
    Mon Sep 13 08:00:22 2021 Initialization Sequence Completed
    Mon Sep 13 08:00:22 2021 MANAGEMENT: >STATE:1631512822,CONNECTED,SUCCESS,10.242.2.22,62.72.104.227,443,192.168.178.40,50406


    Mon Sep 13 08:33:02 2021 Authenticate/Decrypt packet error: packet HMAC authentication failed
    Mon Sep 13 08:33:02 2021 Fatal decryption error (process_incoming_link), restarting


    Mon Sep 13 08:33:02 2021 SIGUSR1[soft,decryption-error] received, process restarting
    Mon Sep 13 08:33:02 2021 MANAGEMENT: >STATE:1631514782,RECONNECTING,decryption-error,,,,,
    Mon Sep 13 08:33:02 2021 Restart pause, 5 second(s)
    Mon Sep 13 08:33:07 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Sep 13 08:33:07 2021 MANAGEMENT: >STATE:1631514787,RESOLVE,,,,,,
    Mon Sep 13 08:33:07 2021 Attempting to establish TCP connection with [AF_INET]62.72.104.227:443 [nonblock]
    Mon Sep 13 08:33:07 2021 MANAGEMENT: >STATE:1631514787,TCP_CONNECT,,,,,,
    Mon Sep 13 08:33:11 2021 TCP connection established with [AF_INET]62.72.104.227:443
    Mon Sep 13 08:33:11 2021 TCPv4_CLIENT link local: [undef]
    Mon Sep 13 08:33:11 2021 TCPv4_CLIENT link remote: [AF_INET]62.72.104.227:443
    Mon Sep 13 08:33:11 2021 MANAGEMENT: >STATE:1631514791,WAIT,,,,,,
    Mon Sep 13 08:33:11 2021 MANAGEMENT: >STATE:1631514791,AUTH,,,,,,
    Mon Sep 13 08:33:11 2021 TLS: Initial packet from [AF_INET]62.72.104.227:443, sid=07ddf319 08cfbc0e
    Mon Sep 13 08:33:11 2021 VERIFY OK: depth=1, C=lu, L=Munsbach, O=Ethenea, CN=Ethenea VPN CA, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:33:11 2021 VERIFY X509NAME OK: C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:33:11 2021 VERIFY OK: depth=0, C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:33:13 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Sep 13 08:33:13 2021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Sep 13 08:33:13 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Sep 13 08:33:13 2021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Sep 13 08:33:13 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Mon Sep 13 08:33:13 2021 [FW-LU-01] Peer Connection Initiated with [AF_INET]62.72.104.227:443
    Mon Sep 13 08:33:14 2021 MANAGEMENT: >STATE:1631514794,GET_CONFIG,,,,,,
    Mon Sep 13 08:33:15 2021 SENT CONTROL [FW-LU-01]: 'PUSH_REQUEST' (status=1)
    Mon Sep 13 08:33:15 2021 AUTH: Received control message: AUTH_FAILED
    Mon Sep 13 08:33:15 2021 SIGUSR1[soft,auth-failure] received, process restarting
    Mon Sep 13 08:33:15 2021 MANAGEMENT: >STATE:1631514795,RECONNECTING,auth-failure,,,,,
    Mon Sep 13 08:33:15 2021 Restart pause, 5 second(s)
    Mon Sep 13 08:34:10 2021 MANAGEMENT: CMD 'username "Auth" "c.modrok"'
    Mon Sep 13 08:34:10 2021 MANAGEMENT: CMD 'password [...]'
    Mon Sep 13 08:34:10 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Sep 13 08:34:10 2021 MANAGEMENT: >STATE:1631514850,RESOLVE,,,,,,Mon Sep 13 08:34:10 2021 Attempting to establish TCP connection with [AF_INET]62.72.104.227:443 [nonblock]
    Mon Sep 13 08:34:10 2021 MANAGEMENT: >STATE:1631514850,TCP_CONNECT,,,,,,Mon Sep 13 08:34:11 2021 TCP connection established with [AF_INET]62.72.104.227:443
    Mon Sep 13 08:34:11 2021 TCPv4_CLIENT link local: [undef]
    Mon Sep 13 08:34:11 2021 TCPv4_CLIENT link remote: [AF_INET]62.72.104.227:443
    Mon Sep 13 08:34:11 2021 MANAGEMENT: >STATE:1631514851,WAIT,,,,,,
    Mon Sep 13 08:34:11 2021 MANAGEMENT: >STATE:1631514851,AUTH,,,,,,
    Mon Sep 13 08:34:11 2021 TLS: Initial packet from [AF_INET]62.72.104.227:443, sid=dd3862ba 15b0737e
    Mon Sep 13 08:34:11 2021 VERIFY OK: depth=1, C=lu, L=Munsbach, O=Ethenea, CN=Ethenea VPN CA, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:34:11 2021 VERIFY X509NAME OK: C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:34:11 2021 VERIFY OK: depth=0, C=lu, L=Munsbach, O=Ethenea, CN=FW-LU-01, emailAddress=licadmin@ethenea.com
    Mon Sep 13 08:34:13 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Sep 13 08:34:13 2021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Sep 13 08:34:13 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Mon Sep 13 08:34:13 2021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Sep 13 08:34:13 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Mon Sep 13 08:34:13 2021 [FW-LU-01] Peer Connection Initiated with [AF_INET]62.72.104.227:443
    Mon Sep 13 08:34:14 2021 MANAGEMENT: >STATE:1631514854,GET_CONFIG,,,,,,
    Mon Sep 13 08:34:15 2021 SENT CONTROL [FW-LU-01]: 'PUSH_REQUEST' (status=1)
    Mon Sep 13 08:34:15 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 192.168.102.0 255.255.255.0,route 192.168.12.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.103.0 255.255.255.0,route 192.168.104.0 255.255.255.0,route 192.168.105.0 255.255.255.0,route 192.168.10.0 255.255.255.0,route 192.168.11.0 255.255.255.0,route 172.16.80.0 255.255.255.0,route 192.168.70.0 255.255.255.0,route 192.168.71.0 255.255.255.0,route 192.168.72.0 255.255.255.0,route 192.168.13.0 255.255.255.0,dhcp-option DNS 192.168.12.34,dhcp-option DNS 192.168.12.32,dhcp-option DOMAIN ethna-capital.local,ifconfig 10.242.2.22 255.255.255.0'
    Mon Sep 13 08:34:15 2021 OPTIONS IMPORT: timers and/or timeouts modified
    Mon Sep 13 08:34:15 2021 OPTIONS IMPORT: --ifconfig/up options modified
    Mon Sep 13 08:34:15 2021 OPTIONS IMPORT: route options modified
    Mon Sep 13 08:34:15 2021 OPTIONS IMPORT: route-related options modified
    Mon Sep 13 08:34:15 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Mon Sep 13 08:34:15 2021 Preserving previous TUN/TAP instance: Ethernet 3
    Mon Sep 13 08:34:15 2021 Initialization Sequence Completed
    Mon Sep 13 08:34:15 2021 MANAGEMENT: >STATE:1631514855,CONNECTED,SUCCESS,10.242.2.22,62.72.104.227,443,192.168.178.40,60029

  • Those are logs from the client, Christian.  Please show the log from the UTM for the corresponding time frame.  Also, a picture of the 'Advanced' tab in 'SSL VPN'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Mon Sep 13 08:33:02 2021 Authenticate/Decrypt packet error: packet HMAC authentication failed

    This is usually when the client and server aren't sharing the same cipher authentications.  They need to match, i.e. 

    cipher AES-256-CBC

    The ciphers have to match on both sides.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • Mon Sep 13 08:33:02 2021 Authenticate/Decrypt packet error: packet HMAC authentication failed

    This is usually when the client and server aren't sharing the same cipher authentications.  They need to match, i.e. 

    cipher AES-256-CBC

    The ciphers have to match on both sides.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data