After Upgrade from 17.5 MR13 to MR14 Sophos VPN CLient fails to connect (urgent)

Hello,

i upgrade my MR13 o MR14 and now the Sophos VPN Client fails to connect.

This worked from MR12 to MR13 and after MR14 it fails.
No login possible.

i download the new Client from userportal after MR14 upgrade, but still no connection available.

Log Viewer is no option, this Log Viewer is only spinning a wheel forever..

Thu Aug 13 20:36:22 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Thu Aug 13 20:36:22 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Thu Aug 13 20:36:22 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Aug 13 20:36:22 2020 Need hold release from management interface, waiting...
Thu Aug 13 20:36:22 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'state on'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'log all on'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'hold off'
Thu Aug 13 20:36:22 2020 MANAGEMENT: CMD 'hold release'
Thu Aug 13 20:36:28 2020 MANAGEMENT: CMD 'username "Auth" "juergen"'
Thu Aug 13 20:36:28 2020 MANAGEMENT: CMD 'password [...]'
Thu Aug 13 20:36:28 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 13 20:36:28 2020 MANAGEMENT: >STATE:1597343788,RESOLVE,,,,,,
Thu Aug 13 20:36:28 2020 Attempting to establish TCP connection with [AF_INET]93.241.42.218:8443 [nonblock]
Thu Aug 13 20:36:28 2020 MANAGEMENT: >STATE:1597343788,TCP_CONNECT,,,,,,
Thu Aug 13 20:36:38 2020 TCP: connect to [AF_INET]a.b.c.d:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.
Thu Aug 13 20:36:43 2020 MANAGEMENT: >STATE:1597343803,RESOLVE,,,,,,
Thu Aug 13 20:36:43 2020 MANAGEMENT: >STATE:1597343803,TCP_CONNECT,,,,,,
Thu Aug 13 20:36:53 2020 TCP: connect to [AF_INET]a.b.c.d:8443 failed, will try again in 5 seconds: Das System hat versucht, einem Verzeichnis, das sich auf einem mit JOIN zugeordneten Laufwerk befindet, ein Laufwerk mit SUBST zuzuordnen.

Parents Reply Children
  • Thanks Patel,

    i had my Home Office VPN Client connected to the XG 17.5 MR12 and was connected to my office desktop.
    From Office Desktop i upgraded to MR13, it took some time until the upgrade was done and the VPN Client connected againg to MR13.

    Next Step was to upgrade to MR14, after 20minutes still no VPN.

    MR14 is up and running for most of the rules (i hope).

     

    I did a capture today and Diagnostics with BPF 'dst port 8443' gives two captured packets.

    First packet says ... Source IP, Dest IP, Packet, Ports, and ... 

    Status: Violation
    Reason: Local_ACL

    I use VPN on external E1 (WAN).
    And i had disabled (Apply) enable (Apply) Local Service ACL in Admin/Device Access -> WAN / SSl VPN

    Its not confidence inspiring that a simple Update from Release 1 to Release 2 works for the simplest things in a firewall.

    What else can be wrong in a upgrade ...

    Thanks

    Jürgen

      

  • Hi,

    I think from a post I saw in a similar thread there is or will be an mr-14-1 issued to fix this.

    You might like to check mysophos to see if it has been released?

     

    ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with 2 x APX120 - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Are they nuts?

    I will check, but what form of product management is this.

  • Hello Juergenb52,

    Thank you for the follow-up.

    Would it be possible for you to send me the Access ID of your XG via PM (Monitor & Analize >> Diagnostics >> Support Access >> ON >> Access Status >> And copy & paste the Access ID and send it to me.), so I can check your ACL rules and the pertinent logs.

    Sounds like an ACL might be causing this, this way I can also bring to the attention of Development.

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi Emmanuel,

    i have a open critical ticket for 12 hours now.

    Guess what, no one has been reviewing this ticket with the given urgency.
    Only one guy asked if the Problem is still alive today.

    He even did NOT ask for an Access ID at all [:@]

    this is frustrating, no one in Germany is answering the phone.

    No Sophos member in Germany is answering mails, some i had spoken for the past few month are no longer employed.
    Even Sales members have left Sophos Germany this year...

    There is a ticket open  [#10052047] , Maybe you can take ownership.

    As i said, all was fine with MR12 and MR13.

    regards

    Jürgen

  • Hello Jurgen,

    Thank you for the follow-up.

    I have reached out to a Manager and he will be arranging a callback today to work on this case. 

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Thanks,

    i send you a PM.

    If it´s possible they can request an Access ID and token.
    Or i can update the Case through sophserv and provide A-ID ...

    They can work on this Problem without me.
    I think they Need to make some test and should verify the MR14 release.

    regards

    Jürgen

  • Hello Jürgen,

    Thank you for the PM. I have replied.

    I will update the ticket with this info.

    Thank you!

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi!

    I have exact the same problem, and the offical support doesn't help me further.

    So what's the resolution to get SSL VPN back running with MR14-1?

    Thx,

    Christian

  • Hi Christian,

    Support just restarted the VPN Service from CLI.
    But i think a reboot would have done the same.

    But you are on 14-1, i tried to upgrade yesterday from MR14 - MR14-1.

    This was a desaster, the firewall rebooted and wasn´t seen anymore.
    The Firmware upgrade didn´t upgrade the network settings, all NIC settings where at factory defaults.

    Please verifiy you NIC settings first, maybe you don´t reach VPN because all is at factory settings.

    I reverted to MR14

    regards

    Jürgen