Sophos Connect 2.3 cannot connect to Sophos UTM

I upgraded my Sophos Connect client to the latest version 2.3 ( Sophos Connect 2.3 Update Released) and since then cannot connect via SSL VPN to my UTM / SG230 obviously because of a cipher incompatibility.

Client says Timeout

openvpn.log says:

OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

I even cannot fix this because the UTM doesn't provide any of the ciphers listed behind "currently" as a cipher setting. I tried AES-256-CBC but this didn't help and instead created issues with all other users not being able to reconnect suddenly.

Any ideas?

Best regards,

Oliver Regelmann

0 LuCar Toni 1 month ago

Wondering: Why did your openvpn config change?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Oliver Regelmann 1 month ago in reply to LuCar Toni

It didn't. I just updated the Connect client from 2.2.

Then I thought upgrading from AES-128 to AES-256 (on the UTM) would help but obviously it still doesn't like "CBC".

Seems to be a problem inherited from OpenVPN. Current releases of the Community client show the same behaviour. 2.5 seems to work, though.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel