Hello all, this is my problem. I have SG230 with latest Firmware on in, all rules are fine and routing. I have about 100 clients connected to SG230 via SSL VPN our TPC 443. (vpn.xxxxx.xxxx.com) this is all fine connected and its working. The problem comes like this:
1.Client connects via Sophos App for Windows, to our system (latest App version including config from FW). That is OK. after about 2h, sometimes 1,5h his connection breaks for no reason at all.. he tries to connect, sometimes he can, and sometimes he can't, telling him Username/Password, but that is not true, as nothing is changed, or none has changed his config. After client restarts his PC, he is able to connect again with no problem.. This connection might last for the rest of the day, and could happen, that he connects for about 10 minutes, then gets kicked off. and again and again same thing. After let's say ok connection, he is not able to connect to his VM. but if he restarts his PC and flush his DNS, then he is able.
2. I have users, who never ever had any issues, and they use same config, same routing, under VPN members group.
3. I have tried, issuing new certificates, Doesn't work.
4. I have deleted user, created new one, after wile, same problem.
5. We tried changing our UTM 443 port to something else and even protocol, No help, same problem.
6. All users are locally created, and locally managed. (no prefetching is needed)
7. On users side, they are connected with LAN cable direct to ISP box speed 100/50 Mbps. That is not problem, as they are able to connect with no issues.
SOME LOG FORM CLIENT:
020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2 2020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 TLS: Username/Password authentication deferred for username '
USER
' [CN SET] 2020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication 2020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 2020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication 2020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2020:03:30-06:56:59 fw1-1 openvpn[11688]: 10.1.1.1:49966 [
USER
] Peer Connection Initiated with [AF_INET]10.1.1.1:49966 (via [AF_INET]10.20.10.246:443) 2020:03:30-06:57:00 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/
USER
2020:03:30-06:57:00 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 MULTI_sva: pool returned IPv4=10.14.0.3, IPv6=(Not enabled) 2020:03:30-06:57:00 fw1-1 openvpn[11688]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="USER" variant="ssl" srcip="10.1.1.1" virtual_ip="10.14.0.3" 2020:03:30-06:57:00 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0 2020:03:30-06:57:00 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_807c3af1047878bc62f8f631527843f1.tmp 2020:03:30-06:57:00 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 MULTI: Learn: 10.14.0.3 ->
USER
/10.1.1.1:49966 2020:03:30-06:57:00 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 MULTI: primary virtual IP for
USER
/10.1.1.1:49966: 10.14.0.3 2020:03:30-06:57:01 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 PUSH: Received control message: 'PUSH_REQUEST' 2020:03:30-06:57:01 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 send_push_reply(): safe_cap=940 2020:03:30-06:57:01 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 SENT CONTROL [
USER
]: 'PUSH_REPLY,route-gateway 10.14.0.1,route-gateway 10.14.0.1,topology subnet,ping 10,ping-restart 120,route 10.0.0.0 255.0.0.0,dhcp-option DNS 10.20.10.20,ifconfig 10.14.0.3 255.255.255.0' (status=1) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Connection reset by peer (code=104) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32) 2020:03:30-07:01:30 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49966 write TCPv4_SERVER: Broken pipe (code=32)
AFTER HE CONNECT WITH NO PROBLEM LOG Bellow:
2020:03:30-14:40:06 fw1-1 openvpn[11688]: 10.1.1.1:49853 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2020:03:30-14:40:06 fw1-1 openvpn[11688]: 10.1.1.1:49853 [
USER
] Peer Connection Initiated with [AF_INET]10.1.1.1:49853 (via [AF_INET]10.20.10.246:443) 2020:03:30-14:40:08 fw1-1 openvpn[11688]: USER/10.1.1.1:49853 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/
USER
2020:03:30-14:40:08 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49853 MULTI_sva: pool returned IPv4=10.14.0.3, IPv6=(Not enabled) 2020:03:30-14:40:08 fw1-1 openvpn[11688]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="
USER
" variant="ssl" srcip="10.1.1.1" virtual_ip="10.14.0.3" 2020:03:30-14:40:08 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49853 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0 2020:03:30-14:40:08 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49853 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_8ba633e6c2744af44c4139e4450bf9e1.tmp 2020:03:30-14:40:08 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49853 MULTI: Learn: 10.14.0.3 ->
USER
/10.1.1.1:49853 2020:03:30-14:40:08 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49853 MULTI: primary virtual IP for
USER
/10.1.1.1:49853: 10.14.0.3 2020:03:30-14:40:08 fw1-1 openvpn[11688]:
USER
/10.1.1.1:49853 PUSH: Received control message: 'PUSH_REQUEST'
This thread was automatically locked due to age.