Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 6 subscribers
  • Views 5756 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG 115 mit Sophos Connect: Fehler wg. Richtlinienabweichung :::

Sophos User6560

Der Sophos VPN Client wird auf der Downloadseite von der SG Firewall nicht mehr angeboten.

Beim Verbindungsversuch (SSL VPN) mit Sophos Client, mit importierter Config-Datei erscheint beim Verbindungsversuch diese Meldung:

"Fehler wegen Richtlinienabweichung. Importieren Sie eine neue Richtlinie für diese Verbindung."

Die Firewallregeln stehen auf automatisch, wie in der Anleitung beschrieben. KA was hier falsch läuft.



This thread was automatically locked due to age.
Parents
  • 0 in reply to prodottimigliori

    Logfile from Sophos Connect (xxxxx entry = I deleted them):

    2022-08-06 14:45:50 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
    2022-08-06 14:45:50 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
    2022-08-06 14:45:50 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 22 2022
    2022-08-06 14:45:50 Windows version 10.0 (Windows 10 or greater) 64bit
    2022-08-06 14:45:50 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
    2022-08-06 14:45:50 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    2022-08-06 14:45:50 Need hold release from management interface, waiting...
    2022-08-06 14:45:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    2022-08-06 14:45:51 MANAGEMENT: CMD 'state on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'log all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'echo all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'bytecount 5'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold off'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold release'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'username "Auth" bhierl'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'password [...]'
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RESOLVE,,,,,,
    2022-08-06 14:45:51 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 // xxxxx deleted from me
    2022-08-06 14:45:51 Socket Buffers: R=[65536->65536] S=[65536->65536]

    2022-08-06 14:45:51 Attempting to establish TCP connection with [AF_INET] xxx.xxx.xxx.xxx:1194 [nonblock]
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,TCP_CONNECT,,,,,,
    2022-08-06 14:45:51 TCP connection established with [AF_INET] xxx.xxx.xxx.xxx:1194
    2022-08-06 14:45:51 TCP_CLIENT link local: (not bound)
    2022-08-06 14:45:51 TCP_CLIENT link remote: [AF_INET] xxx.xxx.xxx.xxx:1194
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,WAIT,,,,,,
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,AUTH,,,,,,
    2022-08-06 14:45:51 TLS: Initial packet from [AF_INET] xxx.xxx.xxx.xxx:1194, sid= xxxxx xxxxx
    2022-08-06 14:45:51 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=de, L=xxxxx, O= xxxxx,
    CN= xxxxx, emailAddress= xxxxx, serial= xxxxx
    2022-08-06 14:45:51 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
    2022-08-06 14:45:51 TLS_ERROR: BIO read tls_read_plaintext error
    2022-08-06 14:45:51 TLS Error: TLS object -> incoming plaintext read error
    2022-08-06 14:45:51 TLS Error: TLS handshake failed
    2022-08-06 14:45:51 Fatal TLS error (check_tls_errors_co), restarting
    2022-08-06 14:45:51 SIGUSR1[soft,tls-error] received, process restarting
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RECONNECTING,tls-error,,,,,
    2022-08-06 14:45:51 Restart pause, 5 second(s)
    2022-08-06 14:45:52 SIGTERM[hard,init_instance] received, process exiting
    2022-08-06 14:45:52 MANAGEMENT: >STATE:1659789952,EXITING,init_instance,,,,,

Reply
  • 0 in reply to prodottimigliori

    Logfile from Sophos Connect (xxxxx entry = I deleted them):

    2022-08-06 14:45:50 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
    2022-08-06 14:45:50 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
    2022-08-06 14:45:50 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 22 2022
    2022-08-06 14:45:50 Windows version 10.0 (Windows 10 or greater) 64bit
    2022-08-06 14:45:50 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
    2022-08-06 14:45:50 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    2022-08-06 14:45:50 Need hold release from management interface, waiting...
    2022-08-06 14:45:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    2022-08-06 14:45:51 MANAGEMENT: CMD 'state on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'log all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'echo all on'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'bytecount 5'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold off'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'hold release'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'username "Auth" bhierl'
    2022-08-06 14:45:51 MANAGEMENT: CMD 'password [...]'
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RESOLVE,,,,,,
    2022-08-06 14:45:51 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 // xxxxx deleted from me
    2022-08-06 14:45:51 Socket Buffers: R=[65536->65536] S=[65536->65536]

    2022-08-06 14:45:51 Attempting to establish TCP connection with [AF_INET] xxx.xxx.xxx.xxx:1194 [nonblock]
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,TCP_CONNECT,,,,,,
    2022-08-06 14:45:51 TCP connection established with [AF_INET] xxx.xxx.xxx.xxx:1194
    2022-08-06 14:45:51 TCP_CLIENT link local: (not bound)
    2022-08-06 14:45:51 TCP_CLIENT link remote: [AF_INET] xxx.xxx.xxx.xxx:1194
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,WAIT,,,,,,
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,AUTH,,,,,,
    2022-08-06 14:45:51 TLS: Initial packet from [AF_INET] xxx.xxx.xxx.xxx:1194, sid= xxxxx xxxxx
    2022-08-06 14:45:51 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=de, L=xxxxx, O= xxxxx,
    CN= xxxxx, emailAddress= xxxxx, serial= xxxxx
    2022-08-06 14:45:51 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
    2022-08-06 14:45:51 TLS_ERROR: BIO read tls_read_plaintext error
    2022-08-06 14:45:51 TLS Error: TLS object -> incoming plaintext read error
    2022-08-06 14:45:51 TLS Error: TLS handshake failed
    2022-08-06 14:45:51 Fatal TLS error (check_tls_errors_co), restarting
    2022-08-06 14:45:51 SIGUSR1[soft,tls-error] received, process restarting
    2022-08-06 14:45:51 MANAGEMENT: >STATE:1659789951,RECONNECTING,tls-error,,,,,
    2022-08-06 14:45:51 Restart pause, 5 second(s)
    2022-08-06 14:45:52 SIGTERM[hard,init_instance] received, process exiting
    2022-08-06 14:45:52 MANAGEMENT: >STATE:1659789952,EXITING,init_instance,,,,,

Children
No Data
Unfiltered HTML