This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

repeating short time 'disconnecting'

I'm using Sophos vpn to connect to the office. I'm experiencing some connection error quite often. The log shows the following lines several times:

 

Fri May 22 13:34:53 2020 Authenticate/Decrypt packet error: packet HMAC authentication failed
Fri May 22 13:34:53 2020 Fatal decryption error (process_incoming_link), restarting
Fri May 22 13:34:53 2020 SIGUSR1[soft,decryption-error] received, process restarting
Fri May 22 13:34:53 2020 MANAGEMENT: >STATE:1590147293,RECONNECTING,decryption-error,,,,,
Fri May 22 13:34:53 2020 Restart pause, 5 second(s)

 

What i have tested so far:

- re-install spohos client software

- use VPN with ANTIvirus disabled / removed (G-data)

- use VPN, logged in as a different user 

 

I would really like to resolve this issue, any sugestions?



This thread was automatically locked due to age.
Parents
  • Hoi and welcome to the UTM Community!

    Show us a picture of the left side of the 'Advanced' tab in 'SSL VPN'.  Also, copy here about 30 lines from the SSL VPN log file and 30 lines after including 13:34:53.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, 

    Thanks for the warm welcome and helping out! I'm not sure where i can find the advanced tab... I have uploaded a screenshot what i do have (in dutch). (RMB sophos SSL client icon / settings / ... ) Is this what you were looking for or should i look somewehere else?

     

    Here's a part of the log from just now... (changed the original names for now to 'COMPANY')

    EDITED for safety (log is available)

    Hope there something in the Log that could help :)

     

    Kind regards, Homer

Reply
  • Hi Bob, 

    Thanks for the warm welcome and helping out! I'm not sure where i can find the advanced tab... I have uploaded a screenshot what i do have (in dutch). (RMB sophos SSL client icon / settings / ... ) Is this what you were looking for or should i look somewehere else?

     

    Here's a part of the log from just now... (changed the original names for now to 'COMPANY')

    EDITED for safety (log is available)

    Hope there something in the Log that could help :)

     

    Kind regards, Homer

Children
  • Please show the corresponding information from the UTM's log and configuration.  If you're not the admin of the UTM, you might request that information from the admin.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello any updates here? We have the same problem:

     

     

    openvpn.log on client states:
    Tue May 26 11:08:23 2020 Authenticate/Decrypt packet error: packet HMAC authentication failed
    Tue May 26 11:08:23 2020 Fatal decryption error (process_incoming_link), restarting
    Tue May 26 11:08:23 2020 SIGUSR1[soft,decryption-error] received, process restarting
    Tue May 26 11:08:23 2020 MANAGEMENT: >STATE:1590484103,RECONNECTING,decryption-error,,,,,

    openvpn.log on firewall states:
    2020:05:26-11:08:23 fw01 openvpn[11043]: vpnuser/1.2.3.4:52932 Connection reset, restarting [-1]
    2020:05:26-11:08:23 fw01 openvpn[11043]: vpnuser/1.2.3.4:52932 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2020:05:26-11:08:23 fw01 openvpn[11043]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="vpnuser" variant="ssl" srcip="1.2.3.4" virtual_ip="10.242.2.56" rx="8919552" tx="48489720"
    2020:05:26-11:08:41 fw01 openvpn[11043]: 1.2.3.4:63914 TLS: Username/Password authentication deferred for username 'vpnuser' [CN SET]
    2020:05:26-11:08:41 fw01 openvpn[11043]: 1.2.3.4:63914 [vpnuser] Peer Connection Initiated with [AF_INET]1.2.3.4:63914 (via [AF_INET]4.3.2.1:443)
    2020:05:26-11:08:44 fw01 openvpn[11043]: 1.2.3.4:63914 SENT CONTROL [vpnuser]: 'AUTH_FAILED' (status=1)
    2020:05:26-11:09:35 fw01 openvpn[11043]: 1.2.3.4:63995 TLS: Username/Password authentication deferred for username 'vpnuser' [CN SET]

     aua.log on firewall:

    2020:05:26-11:08:41 fw01 aua[4018]: id="3006" severity="info" sys="System" sub="auth" name="Running _cleanup_up_children with max_run_time: 20"
    2020:05:26-11:08:41 fw01 aua[11591]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.10.10.1 (adirectory)"
    2020:05:26-11:08:41 fw01 aua[11591]: id="3006" severity="info" sys="System" sub="auth" name="OTP verification did not succeed, failing authentication."

     

    Current software version...: 9.703003
    Hardware type..............: 330r2

     

    Thank you very much in advance!

  • Hallo Mitsch and welcome to the UTM Community!

    Please include the logs from 11:08:22 to 11:08:42.  Also, obfuscate IPs like 93.XX.YY.98, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical or just in the same subnet.

    Show us a picture of the left side of the 'Advanced' tab in 'SSL VPN' in WebAdmin.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA