Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG 115 mit Sophos Connect: Fehler wg. Richtlinienabweichung :::

Der Sophos VPN Client wird auf der Downloadseite von der SG Firewall nicht mehr angeboten.

Beim Verbindungsversuch (SSL VPN) mit Sophos Client, mit importierter Config-Datei erscheint beim Verbindungsversuch diese Meldung:

"Fehler wegen Richtlinienabweichung. Importieren Sie eine neue Richtlinie für diese Verbindung."

Die Firewallregeln stehen auf automatisch, wie in der Anleitung beschrieben. KA was hier falsch läuft.

This thread was automatically locked due to age.
Parents Reply Children
  • Logfile from Sophos Connect (xxxxx entry = I deleted them):

    2022-08-06 14:45:50 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
    2022-08-06 14:45:50 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
    2022-08-06 14:45:50 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 22 2022
    2022-08-06 14:45:50 Windows version 10.0 (Windows 10 or greater) 64bit
    2022-08-06 14:45:50 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
    2022-08-06 14:45:50 MANAGEMENT: TCP Socket listening on [AF_INET]
    2022-08-06 14:45:50 Need hold release from management interface, waiting...
    2022-08-06 14:45:50 MANAGEMENT: Client connected from [AF_INET]
    2022-08-06 14:45:51 MANAGEMENT: CMD 'state on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'log all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'echo all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'bytecount 5'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold off'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold release'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'username "Auth" bhierl'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'password [...]'
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RESOLVE,,,,,,
    2022-08-06 14:45:51 TCP/UDP: Preserving recently used remote address: [AF_INET] // xxxxx deleted from me
    2022-08-06 14:45:51 Socket Buffers: R=[65536->65536] S=[65536->65536]

    2022-08-06 14:45:51 Attempting to establish TCP connection with [AF_INET] [nonblock]
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,TCP_CONNECT,,,,,,
    2022-08-06 14:45:51 TCP connection established with [AF_INET]
    2022-08-06 14:45:51 TCP_CLIENT link local: (not bound)
    2022-08-06 14:45:51 TCP_CLIENT link remote: [AF_INET]
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,WAIT,,,,,,
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,AUTH,,,,,,
    2022-08-06 14:45:51 TLS: Initial packet from [AF_INET], sid= xxxxx xxxxx
    2022-08-06 14:45:51 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=de, L=xxxxx, O= xxxxx,
    CN= xxxxx, emailAddress= xxxxx, serial= xxxxx
    2022-08-06 14:45:51 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
    2022-08-06 14:45:51 TLS_ERROR: BIO read tls_read_plaintext error
    2022-08-06 14:45:51 TLS Error: TLS object -> incoming plaintext read error
    2022-08-06 14:45:51 TLS Error: TLS handshake failed
    2022-08-06 14:45:51 Fatal TLS error (check_tls_errors_co), restarting
    2022-08-06 14:45:51 SIGUSR1[soft,tls-error] received, process restarting
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RECONNECTING,tls-error,,,,,
    2022-08-06 14:45:51 Restart pause, 5 second(s)
    2022-08-06 14:45:52 SIGTERM[hard,init_instance] received, process exiting
    2022-08-06 14:45:52 MANAGEMENT: >STATE:1659789952,EXITING,init_instance,,,,,