Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 5469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG135 SSL VPN client behaviour

Terry Bennett

I am having issues with the Sophos client that I have not experienced before.  This is not affecting all vpn users, just some : 

Wed Jun 27 11:11:55 2018 TLS: Initial packet from [AF_INET]10.3.0.1:8443, sid=79e52eb9 010b15c6
Wed Jun 27 11:11:55 2018 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=CA, ST=ON, L=xxxxxxx, O=xxxxxxxxx, OU=OU, CN=Sophos_CA_C1701BJYYRCJCAD, emailAddress=xxx@xxx.com
Wed Jun 27 11:11:55 2018 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Wed Jun 27 11:11:55 2018 TLS Error: TLS object -> incoming plaintext read error
Wed Jun 27 11:11:55 2018 TLS Error: TLS handshake failed

Thanks in advance

Terry



This thread was automatically locked due to age.
  • 0

    Hey  

    It appears that the certificates that these users are trying to connect with, no longer matches the certificate on the XG. This could be due to a number of changes performed on the SSL VPN config.

    Have you tried to ask the users to re-download their SSL VPN configuration from the user portal (with the updated certificates) and re-attempt connecting?

    Regards,

  • 0 in reply to FloSupport

    I have uninstalled the client from the pcs, deleted previous configurations from the config folder, gone to the user portal and re-downloaded the software and configuration.  After re-installation and attempting to connect again, I receive the same result and errors.

     

    Thanks,

     

    T

  • 0 in reply to Terry Bennett

    Hi Terry ,

    It appears we have a Bug with 17.1 on SSL VPN, could you downgrade to 17.0 MR 8 and check that should resolve the issue.

  • 0 in reply to Aditya Patel

    Aditya,

     

    Thank you for the response.  My Xg 135 is on the XG135 (SFOS 16.05.8 MR-8) Firmware.  I can not go to the 17 series firmware until the IPSEC VPN issues are sorted out. Thank you for telling me about the SSL VPN issues though. That is one more reason not to go to the 17 Firmware. 

     

    I believe I have found a solution to my issue though.  I have deleted all user certificates for my SSL VPN users that were affected by this issue.  I have them re-download the config file, and that appears to be solving the issue.  I have a bigger concern as to what caused this issue in the first place.  But, What I described above is what has fixed the issue for me.  

     

    What appears to be a corruption of the user level certificates is a very big concern.

     

    Thanks,

    T