OpenVPN process not running on UTM 9

Hello,

I just deployed a new UTM 9 firewall from AWS version (9.705-3, i know this is an old release, i tried to newest version and it was the same result so i tried to downgrade to see if it helps).

I created my Remote Access VPN profiles and when i tried to log in i get "connection timed out".
I connected to my UTM via SSH and to my surprise there was no openvpn procces running (`ps aux | grep -i open`).
Also when i cd to `/var/sec/chroot-openvpn/etc/openvpn` I dont see any openvpn.conf file or certificates or conf.d/ files at all.

I looked at confd log and I dont see anything related to openvpn. 

One thing I do see is that my firewall block the 443 TCP connections from my openvpn client, even when i try to allow Any - Any - Any.

I used my own signing CA which I use for all the rest of my UTMs and works perfectly.

 

Please help!

  • Shalom Omri and welcome to the UTM Community!

    As you've probably seen, this isn't an issue that's been addressed here before.  You obviously have solid experience, so I'm mystified and don't really know where to start.

    Is this an AWS pay-as-you-go instance or are you applying a license purchased from a Sophos partner?  If it's a purchased license, how many users on the license?

    If it's a purchased license, have you tried installing the same ISO on a local PC or VM?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hey Bob!

    Yes, I am using AWS Pay As you Go AMI. 
    I have set up the exact same setup a few months ago and it worked perfectly. Was there any change to the AMIs recently? 

    Do you have any idea which proccess is the one that is supposed to run the openvpn process and deal with all of its certificates and config files creation?
    I'm trying to think of ways to debug this..

    Thanks,
    Omri

  • I have no suggestions, Omri - just that it looks like an issue one of the developers is needed to resolve.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hey Bob,

    How do I get in touch with one of the developers? this is an urgent matter for my company..

  • Sorry, Omri, but sometimes life and work get in the way!

    You need to open a Support case and insist that it be escalated immediately.  I don't have any experience with PAYG, so there may be an additional charge for a Support contract - I dunno!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA