Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 31 replies
  • Subscribers 46 subscribers
  • Views 7513 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After Upgrade from 17.5 MR13 to MR14 Sophos VPN CLient fails to connect (urgent)

juergenb52

Hello,

i upgrade my MR13 o MR14 and now the Sophos VPN Client fails to connect.

This worked from MR12 to MR13 and after MR14 it fails.
No login possible.

i download the new Client from userportal after MR14 upgrade, but still no connection available.

Log Viewer is no option, this Log Viewer is only spinning a wheel forever..

Thu Aug 13 20:36:22 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Thu Aug 13 20:36:22 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Thu Aug 13 20:36:22 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Aug 13 20:36:22 2020 Need hold release from management interface, waiting...
Thu Aug 13 20:36:22 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'state on'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'log all on'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'hold off'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'hold release'
Thu Aug 13 20:36:28 2020 MANAGEMENT: CMD 'username "Auth" "juergen"'
Thu Aug 13 20:36:28 2020 MANAGEMENT: CMD 'password [...]'
Thu Aug 13 20:36:28 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 13 20:36:28 2020 MANAGEMENT: >STATE:1597343788,RESOLVE,,,,,,
Thu Aug 13 20:36:28 2020 Attempting to establish TCP connection with [AF_INET]93.241.42.218:8443 [nonblock]
Thu Aug 13 20:36:28 2020 MANAGEMENT: >STATE:1597343788,TCP_CONNECT,,,,,,
Thu Aug 13 20:36:38 2020 TCP: connect to [AF_INET]a.b.c.d:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.
Thu Aug 13 20:36:43 2020 MANAGEMENT: >STATE:1597343803,RESOLVE,,,,,,
Thu Aug 13 20:36:43 2020 MANAGEMENT: >STATE:1597343803,TCP_CONNECT,,,,,,
Thu Aug 13 20:36:53 2020 TCP: connect to [AF_INET]a.b.c.d:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Thanks Patel,

    i had my Home Office VPN Client connected to the XG 17.5 MR12 and was connected to my office desktop.
    From Office Desktop i upgraded to MR13, it took some time until the upgrade was done and the VPN Client connected againg to MR13.

    Next Step was to upgrade to MR14, after 20minutes still no VPN.

    MR14 is up and running for most of the rules (i hope).

     

    I did a capture today and Diagnostics with BPF 'dst port 8443' gives two captured packets.

    First packet says ... Source IP, Dest IP, Packet, Ports, and ... 

    Status: Violation
    Reason: Local_ACL

    I use VPN on external E1 (WAN).
    And i had disabled (Apply) enable (Apply) Local Service ACL in Admin/Device Access -> WAN / SSl VPN

    Its not confidence inspiring that a simple Update from Release 1 to Release 2 works for the simplest things in a firewall.

    What else can be wrong in a upgrade ...

    Thanks

    Jürgen

      

  • 0 in reply to juergenb52

    Hi,

    I think from a post I saw in a similar thread there is or will be an mr-14-1 issued to fix this.

    You might like to check mysophos to see if it has been released?

     

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Are they nuts?

    I will check, but what form of product management is this.

  • 0 in reply to juergenb52

    Hello Juergenb52,

    Thank you for the follow-up.

    Would it be possible for you to send me the Access ID of your XG via PM (Monitor & Analize >> Diagnostics >> Support Access >> ON >> Access Status >> And copy & paste the Access ID and send it to me.), so I can check your ACL rules and the pertinent logs.

    Sounds like an ACL might be causing this, this way I can also bring to the attention of Development.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmanuel,

    i have a open critical ticket for 12 hours now.

    Guess what, no one has been reviewing this ticket with the given urgency.
    Only one guy asked if the Problem is still alive today.

    He even did NOT ask for an Access ID at all [:@]

    this is frustrating, no one in Germany is answering the phone.

    No Sophos member in Germany is answering mails, some i had spoken for the past few month are no longer employed.
    Even Sales members have left Sophos Germany this year...

    There is a ticket open  [#10052047] , Maybe you can take ownership.

    As i said, all was fine with MR12 and MR13.

    regards

    Jürgen

  • 0 in reply to juergenb52

    Hello Jurgen,

    Thank you for the follow-up.

    I have reached out to a Manager and he will be arranging a callback today to work on this case. 

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Thanks,

    i send you a PM.

    If it´s possible they can request an Access ID and token.
    Or i can update the Case through sophserv and provide A-ID ...

    They can work on this Problem without me.
    I think they Need to make some test and should verify the MR14 release.

    regards

    Jürgen

  • 0 in reply to juergenb52

    Hello Jürgen,

    Thank you for the PM. I have replied.

    I will update the ticket with this info.

    Thank you!

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi!

    I have exact the same problem, and the offical support doesn't help me further.

    So what's the resolution to get SSL VPN back running with MR14-1?

    Thx,

    Christian

  • 0 in reply to Christian Cigler

    Hi Christian,

    Support just restarted the VPN Service from CLI.
    But i think a reboot would have done the same.

    But you are on 14-1, i tried to upgrade yesterday from MR14 - MR14-1.

    This was a desaster, the firewall rebooted and wasn´t seen anymore.
    The Firmware upgrade didn´t upgrade the network settings, all NIC settings where at factory defaults.

    Please verifiy you NIC settings first, maybe you don´t reach VPN because all is at factory settings.

    I reverted to MR14

    regards

    Jürgen

Unfiltered HTML