This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVpn on Ubuntu and Sophos SSL VPN client restarting

I have an Ubuntu user who in the past hasn't had an issue using the code below to connect to our SSL VPN

openvpn3 --config Profile.ovpn

but for the past few days when he tries to connect the client just keeps restarting the connection. On the SSL VPN logs I see the following after he connects and the routes are set.

subnet,ping 10,ping-restart 120,route ### (status=1)
2022:01:06-11:49:17 firewall openvpn[3239]: user/###.###.224.27:53160 Connection reset, restarting [0]
2022:01:06-11:49:17 firewall openvpn[3239]: user/###.###.224.27:53160 SIGUSR1[soft,connection-reset] received, client-instance restarting
2022:01:06-11:49:17 firewall openvpn[3239]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="user" variant="ssl" srcip="###.###.224.27" virtual_ip="###.###.2.4" rx="4013" tx="4169"
2022:01:06-11:49:17 firewall openvpn[3239]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0

We were able to successfully connect using

openvpn --config Profile.ovpn

Is openvpn3 no longer supported on the UTM? Is there something that has to be changed in the config files or below? If I do change settings below will all VPN users have to re-download their profiles?

  ?



This thread was automatically locked due to age.
Parents
  • hi,

    sorry, no solution or hint regarding your problem.

    But i would try to change some settings.

    Authentication SHA1 is not current/secure.

    ... and i am not a friend of TCP/443 as nearly every Firewall/AV/Endpoint-protection try to decrypt this traffic.

    Most success/least problems with TCP 1194.

    ... any YES, if you change one of these settings (except key lifetime) all users has to redownload or change the config file.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • hi,

    sorry, no solution or hint regarding your problem.

    But i would try to change some settings.

    Authentication SHA1 is not current/secure.

    ... and i am not a friend of TCP/443 as nearly every Firewall/AV/Endpoint-protection try to decrypt this traffic.

    Most success/least problems with TCP 1194.

    ... any YES, if you change one of these settings (except key lifetime) all users has to redownload or change the config file.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children