This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Single user getting regularly kicked from the SSL Remote Access VPN

Hi all,

I have a problem in UTM9 where one user keeps getting kicked off the VPN frequently.  This seems to be isolated to this user.  We use AD authentication and I have deleted and re-added the user in authentication services.  I've also re-downloaded the users configuration and reinstalled the OpenVPN software and config.

I've noticed two things that look irregular -  TLS keys are out of sync & Inactivity timeout (--ping-restart)

Below is the openvpn log from the UTM:

2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 TLS: Username/Password authentication deferred for username 'John.Smith' [CN SET]
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 [John.Smith] Peer Connection Initiated with [AF_INET]88.888.888.888:50126 (via [AF_INET]154.43.193.253%eth1)
2018:04:05-10:59:04 vp-1 openvpn[10347]: 88.888.888.888:50126 TLS Error: local/remote TLS keys are out of sync: [AF_INET]88.888.888.888:50126 (via [AF_INET]154.43.193.253%eth1) [0]
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/John.Smith
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 MULTI_sva: pool returned IPv4=10.242.2.13, IPv6=(Not enabled)
2018:04:05-10:59:06 vp-1 openvpn[10347]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="John.Smith" variant="ssl" srcip="88.888.888.888" virtual_ip="10.242.2.13"
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_ba4a1c48d23338f2ab44eb895be1df2e.tmp
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 MULTI: Learn: 10.242.2.13 -> John.Smith/88.888.888.888:50126
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 MULTI: primary virtual IP for John.Smith/88.888.888.888:50126: 10.242.2.13
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 PUSH: Received control message: 'PUSH_REQUEST'
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 send_push_reply(): safe_cap=940
2018:04:05-10:59:06 vp-1 openvpn[10347]: John.Smith/88.888.888.888:50126 SENT CONTROL [John.Smith]: 'PUSH_REPLY,route-gateway 10.242.2.1,route-gateway 10.242.2.1,topology subnet,ping 10,ping-restart 120,route 10.10.0.0 255.255.0.0,route 10.13.12.0 255.255.255.0,route 10.14.1.0 255.255.255.0,dhcp-option DNS 10.14.1.12,dhcp-option DNS 8.8.8.8,dhcp-option DOMAIN domain.local,ifconfig 10.242.2.13 255.255.255.0' (status=1)
2018:04:05-10:59:59 vp-1 openvpn[10347]: John.Smith/88.888.888.888:58297 [John.Smith] Inactivity timeout (--ping-restart), restarting
2018:04:05-10:59:59 vp-1 openvpn[10347]: John.Smith/88.888.888.888:58297 SIGUSR1[soft,ping-restart] received, client-instance restarting
2018:04:05-10:59:59 vp-1 openvpn[10347]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="John.Smith" variant="ssl" srcip="88.888.888.888" virtual_ip="10.242.2.12" rx="1104295" tx="9508668"
2018:04:05-10:59:59 vp-1 openvpn[10347]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0
2018:04:05-11:02:29 vp-1 openvpn[10347]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
2018:04:05-11:02:29 vp-1 openvpn[10347]: MANAGEMENT: CMD 'status -1'
2018:04:05-11:02:39 vp-1 openvpn[10347]: MANAGEMENT: Client disconnected

 

Any help is much appreciated.

Thanks.



This thread was automatically locked due to age.
Parents
  • Hi Mark and welcome to the UTM Community!

    This is an unusual problem.  Does the user's PC block pings?  If that's not it, I would delete the client from the device, download a new install package and try again.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Mark and welcome to the UTM Community!

    This is an unusual problem.  Does the user's PC block pings?  If that's not it, I would delete the client from the device, download a new install package and try again.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data