Sophos SG 115 mit Sophos Connect: Fehler wg. Richtlinienabweichung :::

Der Sophos VPN Client wird auf der Downloadseite von der SG Firewall nicht mehr angeboten.

Beim Verbindungsversuch (SSL VPN) mit Sophos Client, mit importierter Config-Datei erscheint beim Verbindungsversuch diese Meldung:

"Fehler wegen Richtlinienabweichung. Importieren Sie eine neue Richtlinie für diese Verbindung."

Die Firewallregeln stehen auf automatisch, wie in der Anleitung beschrieben. KA was hier falsch läuft.

Parents
No Data
Reply
  • Logfile from Sophos Connect (xxxxx entry = I deleted them):

    2022-08-06 14:45:50 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
    2022-08-06 14:45:50 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
    2022-08-06 14:45:50 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 22 2022
    2022-08-06 14:45:50 Windows version 10.0 (Windows 10 or greater) 64bit
    2022-08-06 14:45:50 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
    2022-08-06 14:45:50 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    2022-08-06 14:45:50 Need hold release from management interface, waiting...
    2022-08-06 14:45:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    2022-08-06 14:45:51 MANAGEMENT: CMD 'state on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'log all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'echo all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'bytecount 5'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold off'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold release'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'username "Auth" bhierl'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'password [...]'
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RESOLVE,,,,,,
    2022-08-06 14:45:51 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 // xxxxx deleted from me
    2022-08-06 14:45:51 Socket Buffers: R=[65536->65536] S=[65536->65536]

    2022-08-06 14:45:51 Attempting to establish TCP connection with [AF_INET] xxx.xxx.xxx.xxx:1194 [nonblock]
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,TCP_CONNECT,,,,,,
    2022-08-06 14:45:51 TCP connection established with [AF_INET] xxx.xxx.xxx.xxx:1194
    2022-08-06 14:45:51 TCP_CLIENT link local: (not bound)
    2022-08-06 14:45:51 TCP_CLIENT link remote: [AF_INET] xxx.xxx.xxx.xxx:1194
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,WAIT,,,,,,
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,AUTH,,,,,,
    2022-08-06 14:45:51 TLS: Initial packet from [AF_INET] xxx.xxx.xxx.xxx:1194, sid= xxxxx xxxxx
    2022-08-06 14:45:51 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=de, L=xxxxx, O= xxxxx,
    CN= xxxxx, emailAddress= xxxxx, serial= xxxxx
    2022-08-06 14:45:51 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
    2022-08-06 14:45:51 TLS_ERROR: BIO read tls_read_plaintext error
    2022-08-06 14:45:51 TLS Error: TLS object -> incoming plaintext read error
    2022-08-06 14:45:51 TLS Error: TLS handshake failed
    2022-08-06 14:45:51 Fatal TLS error (check_tls_errors_co), restarting
    2022-08-06 14:45:51 SIGUSR1[soft,tls-error] received, process restarting
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RECONNECTING,tls-error,,,,,
    2022-08-06 14:45:51 Restart pause, 5 second(s)
    2022-08-06 14:45:52 SIGTERM[hard,init_instance] received, process exiting
    2022-08-06 14:45:52 MANAGEMENT: >STATE:1659789952,EXITING,init_instance,,,,,

Children
No Data