This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Android with OpenVPN + UTM9 - No traffic passing

Hi,

I have been using UTM9 as a VPN appliance for years now with no issues until a few months ago when my Android devices can't access the network anymore. They can connect just fine, but traffic is not flowing trough the tunnel. I can't even ping the VPN gateway. On Windows devices everything is working just fine using the Sophos VPN client.

The UTM9 is behind a firewall and the proper ports are opened.

If someone has an idea, because I can't seem to figure it out. I will put the OpenVPN log here if it helps.

Jul 01, 2024, 21:23:50] Session is ACTIVE

[Jul 01, 2024, 21:23:50] Sending PUSH_REQUEST to server...

[Jul 01, 2024, 21:23:50] EVENT: GET_CONFIG

[Jul 01, 2024, 21:23:51] Sending PUSH_REQUEST to server...

[Jul 01, 2024, 21:23:51] OPTIONS:
0 [route] [remote_host] [255.255.255.255] [net_gateway]
1 [route-gateway] [10.10.10.1]
2 [route-gateway] [10.10.10.1]
3 [topology] [subnet]
4 [ping] [10]
5 [ping-restart] [120]
6 [route] [192.168.10.0] [255.255.255.0]
7 [dhcp-option] [DNS] [192.168.10.2]
8 [dhcp-option] [DOMAIN] [domain.home]
9 [ifconfig] [10.10.10.2] [255.255.255.0]
10 [block-ipv6]
11 [block-ipv4]


[Jul 01, 2024, 21:23:51] PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA256
key-derivation: OpenVPN PRF
compress: ANY
peer ID: -1

[Jul 01, 2024, 21:23:51] EVENT: ASSIGN_IP

[Jul 01, 2024, 21:23:51] exception parsing IPv4 route: [route] [remote_host] [255.255.255.255] [net_gateway] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': remote_host/255.255.255.255 : ip_exception: error parsing route IP address 'remote_host' : Invalid argument

[Jul 01, 2024, 21:23:51] Connected via tun

[Jul 01, 2024, 21:23:51] LZO-ASYM init swap=0 asym=1

[Jul 01, 2024, 21:23:51] Comp-stub init swap=1

[Jul 01, 2024, 21:23:51] EVENT: CONNECTED info='SOME EMAIL:8443 (PUBLIC IP) via /TCP on tun/10.10.10.2/ gw=[10.10.10.1/] mtu=(default)' trans=TO_CONNECTED

[Jul 01, 2024, 21:23:51] EVENT: COMPRESSION_ENABLED info='Asymmetric compression enabled. Server may send compressed data. This may be a potential security issue.' trans=TO_DISCONNECTED

Thanks,



This thread was automatically locked due to age.
  • Hi  ,

    Thank you for reaching out to the community, exclude the 'compress' option and re-deploy the config. 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    Thanks for getting back.

    I have searched the forum before posting and saw that by disabling compression solved the issue to some of the users. Unfortunately the problem still persists on my end, even with compression disabled. To be honest, I just enabled it for testing and got the logs.

    I have attached the logs from the UTM appliance just in case you can see something that I don't.

    Live Log: SSL VPN
    Filter:
    Autoscroll
    Reload
    2024:07:02-10:29:02 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 Bad LZO decompression header byte: 251
    2024:07:02-10:29:02 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 Bad LZO decompression header byte: 251
    2024:07:02-10:29:02 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 Bad LZO decompression header byte: 251
    2024:07:02-10:29:02 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 Bad LZO decompression header byte: 251
    2024:07:02-10:29:05 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 Bad LZO decompression header byte: 251
    2024:07:02-10:29:05 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 Bad LZO decompression header byte: 251
    2024:07:02-10:29:06 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 Connection reset, restarting [0]
    2024:07:02-10:29:06 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:54834 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2024:07:02-10:29:06 rocljvkrutm openvpn[11962]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="USERNAME" variant="ssl" srcip="109.166.138.134" virtual_ip="10.10.10.2" rx="6194" tx="4105"
    2024:07:02-10:29:06 rocljvkrutm openvpn[11962]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: TCP connection established with [AF_INET]109.166.138.134:52024 (via [AF_INET]192.168.10.10:8443)
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 TLS: Initial packet from [AF_INET]109.166.138.134:52024 (via [AF_INET]192.168.10.10:8443), sid=d486cb72 6f50a386
    CERTIFICATE DETAILS REMOVED FOR PRIVACY
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 TLS: Username/Password authentication deferred for username 'USERNAME' [CN SET]
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 [USERNAME] Peer Connection Initiated with [AF_INET]109.166.138.134:52024 (via [AF_INET]192.168.10.10:8443)
    2024:07:02-10:29:28 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 PUSH: Received control message: 'PUSH_REQUEST'
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: 109.166.138.134:52024 PUSH: Received control message: 'PUSH_REQUEST'
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/USERNAME
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 MULTI_sva: pool returned IPv4=10.10.10.2, IPv6=(Not enabled)
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="USERNAME" variant="ssl" srcip="109.166.138.134" virtual_ip="10.10.10.2"
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_89ee33fbdc069fbb4c353b7a97171abb.tmp
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 MULTI: Learn: 10.10.10.2 -> USERNAME/109.166.138.134:52024
    2024:07:02-10:29:29 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 MULTI: primary virtual IP for USERNAME/109.166.138.134:52024: 10.10.10.2
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 PUSH: Received control message: 'PUSH_REQUEST'
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 send_push_reply(): safe_cap=940
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 SENT CONTROL [USERNAME]: 'PUSH_REPLY,route-gateway 10.10.10.1,route-gateway 10.10.10.1,topology subnet,ping 10,ping-restart 120,route 192.168.10.0 255.255.255.0,dhcp-option DNS 192.168.10.2,dhcp-option DOMAIN vkernel.home,ifconfig 10.10.10.2 255.255.255.0' (status=1)
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:33 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:34 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:34 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:34 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:36 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:37 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:38 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:38 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:38 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Bad LZO decompression header byte: 251
    2024:07:02-10:29:39 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 Connection reset, restarting [0]
    2024:07:02-10:29:39 rocljvkrutm openvpn[11962]: USERNAME/109.166.138.134:52024 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2024:07:02-10:29:39 rocljvkrutm openvpn[11962]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="USERNAME" variant="ssl" srcip="109.166.138.134" virtual_ip="10.10.10.2" rx="6080" tx="4070"
    2024:07:02-10:29:39 rocljvkrutm openvpn[11962]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0

  • Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Thank you,

    It is working now, even tough last week I have tested it with compression enabled and didn't work. Nothing changed, so I have no idea why it's working now.

    Much appreciate your help.