Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 5978 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN disconnects user while working.

Derek Lechner

So I have one user that seems to have an issue where they are working, then they are disconnected from the SSL VPN.  They still have internet access, as they are accessing a website that would likely alert them if they go offline.

We have split-tunnel setup.  The user is usually using applications/resources over the VPN, so they aren't being disconnected due to inactivity.  I pulled the XG logs when the user was disconnected this morning.  Usually the user is disconnected in the afternoon, and if it happens once it likely happens a couple times within the hour.

There are other users on the SSL VPN that don't appear to be affected.  We also have 2 remote locations connected VIA RED devices.  Out VOIP is in-house, and goes over the RED tunnel, so if our Internet circuit was suspect, we have have major complaints (which we don't currently have).  There are other people connected via SSLVPN when this user got disconnected.

The user's machine is a Surface Pro 4, running Windows 10 Pro.

I upgraded to 17.1.1 MR-1 this past weekend, which has seemed to help, but this is a VP experiencing this issue.

I'm looking at the log file, but not sure if/what is an error.

Connection reset, restarting [-1]
SIGUSR1 [soft,connection-reset] received, client-instance restarting.
Garner: log disconnect event: 
...
ipset v6.14: Element cannot be deleted from the set: it's not added
...
WARNING: Failed running command (--client-disconnect): external program exited with error status: 1)
TCP/UDP: Closing socket
...

Fullscreen 1680.sslvpn.txt Download 
Thu Aug 16 07:10:42 2018 us=644023 JoeMamma@domain.local/::ffff:147.120.235.0 TUN WRITE [173]
Thu Aug 16 07:10:42 2018 us=644891 JoeMamma@domain.local/::ffff:147.120.235.0 TUN READ [173]
Thu Aug 16 07:10:42 2018 us=644942 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [241] to [AF_INET6]::ffff:147.120.235.0:50396: P_DATA_V1 kid=1 DATA len=240
Thu Aug 16 07:10:42 2018 us=666025 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER READ [241] from [AF_INET6]::ffff:147.120.235.0:50396: P_DATA_V1 kid=1 DATA len=240
Thu Aug 16 07:10:42 2018 us=666051 JoeMamma@domain.local/::ffff:147.120.235.0 TUN WRITE [173]
Thu Aug 16 07:10:42 2018 us=666925 JoeMamma@domain.local/::ffff:147.120.235.0 TUN READ [189]
Thu Aug 16 07:10:42 2018 us=666977 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [257] to [AF_INET6]::ffff:147.120.235.0:50396: P_DATA_V1 kid=1 DATA len=256
Thu Aug 16 07:10:42 2018 us=687426 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER READ [257] from [AF_INET6]::ffff:147.120.235.0:50396: P_DATA_V1 kid=1 DATA len=256
Thu Aug 16 07:10:42 2018 us=687448 JoeMamma@domain.local/::ffff:147.120.235.0 TUN WRITE [189]
Thu Aug 16 07:10:42 2018 us=792989 JoeMamma@domain.local/::ffff:147.120.235.0 Connection reset, restarting [-1]
Thu Aug 16 07:10:42 2018 us=793027 JoeMamma@domain.local/::ffff:147.120.235.0 SIGUSR1[soft,connection-reset] received, client-instance restarting
Authentication server 127.0.0.1 gave login response
GARNER: log disconnect event: username=JoeMamma@domain.local
Thu Aug 16 07:10:42 2018 us=793129 PLUGIN_CALL: POST /lib/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0
DELETE 1
COMMIT
ipset v6.14: Element cannot be deleted from the set: it's not added
ipset v6.14: Element cannot be deleted from the set: it's not added
ipset v6.14: Element cannot be deleted from the set: it's not added
Thu Aug 16 07:10:43 2018 us=68143 WARNING: Failed running command (--client-disconnect): external program exited with error status: 1
Thu Aug 16 07:10:43 2018 us=68326 TCP/UDP: Closing socket
Thu Aug 16 07:10:43 2018 us=68393 CID is :18

Thu Aug 16 07:12:10 2018 us=593039 MULTI: multi_create_instance called
Thu Aug 16 07:12:10 2018 us=593083 Re-using SSL/TLS context
Thu Aug 16 07:12:10 2018 us=593095 LZO compression initialized
Thu Aug 16 07:12:10 2018 us=593141 Control Channel MTU parms [ L:1572 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Aug 16 07:12:10 2018 us=593154 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Aug 16 07:12:10 2018 us=593188 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-server'
Thu Aug 16 07:12:10 2018 us=593196 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client'
Thu Aug 16 07:12:10 2018 us=593210 Local Options hash (VER=V4): 'b6eac465'
Thu Aug 16 07:12:10 2018 us=593235 Expected Remote Options hash (VER=V4): 'b67e7382'
Thu Aug 16 07:12:10 2018 us=593255 TCP connection established with [AF_INET6]::ffff:147.120.235.0:57090
Thu Aug 16 07:12:10 2018 us=593264 TCPv6_SERVER link local (bound): [undef]
Thu Aug 16 07:12:10 2018 us=593272 TCPv6_SERVER link remote: [AF_INET6]::ffff:147.120.235.0:57090
Thu Aug 16 07:12:11 2018 us=572528 ::ffff:147.120.235.0 TCPv6_SERVER READ [14] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Aug 16 07:12:11 2018 us=572558 ::ffff:147.120.235.0 TLS: Initial packet from [AF_INET6]::ffff:147.120.235.0:57090, sid=453a9106 74d48426
Thu Aug 16 07:12:11 2018 us=572585 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [26] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu Aug 16 07:12:11 2018 us=586562 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 0 ]
Thu Aug 16 07:12:11 2018 us=638905 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Aug 16 07:12:11 2018 us=638937 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 1 ]
Thu Aug 16 07:12:11 2018 us=638961 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Aug 16 07:12:11 2018 us=638984 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 2 ]
Thu Aug 16 07:12:11 2018 us=639001 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Aug 16 07:12:11 2018 us=639022 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 3 ]
Thu Aug 16 07:12:11 2018 us=639049 ::ffff:147.120.235.0 TCPv6_SERVER READ [17] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Aug 16 07:12:11 2018 us=691100 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [126] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ 4 ] pid=1 DATA len=100
Thu Aug 16 07:12:11 2018 us=691132 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Aug 16 07:12:11 2018 us=691153 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Aug 16 07:12:11 2018 us=691171 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Thu Aug 16 07:12:11 2018 us=724416 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 1 ]
Thu Aug 16 07:12:11 2018 us=724443 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Thu Aug 16 07:12:11 2018 us=738448 ::ffff:147.120.235.0 TCPv6_SERVER READ [30] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 2 3 4 ]
Thu Aug 16 07:12:11 2018 us=738489 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu Aug 16 07:12:11 2018 us=738514 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Thu Aug 16 07:12:11 2018 us=738534 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Thu Aug 16 07:12:11 2018 us=752419 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 5 ]
Thu Aug 16 07:12:11 2018 us=752447 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu Aug 16 07:12:11 2018 us=766817 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 6 ]
Thu Aug 16 07:12:11 2018 us=766842 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu Aug 16 07:12:11 2018 us=782022 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 7 ]
Thu Aug 16 07:12:11 2018 us=782047 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Thu Aug 16 07:12:11 2018 us=782064 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 8 ]
Thu Aug 16 07:12:11 2018 us=782082 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Thu Aug 16 07:12:11 2018 us=796062 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 9 ]
Thu Aug 16 07:12:11 2018 us=796088 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Thu Aug 16 07:12:11 2018 us=809919 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 10 ]
Thu Aug 16 07:12:11 2018 us=809945 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Thu Aug 16 07:12:11 2018 us=824372 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 11 ]
Thu Aug 16 07:12:11 2018 us=824398 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Thu Aug 16 07:12:11 2018 us=824415 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 12 ]
Thu Aug 16 07:12:11 2018 us=824441 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Thu Aug 16 07:12:11 2018 us=840370 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 13 ]
Thu Aug 16 07:12:11 2018 us=840395 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Thu Aug 16 07:12:11 2018 us=854757 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 14 ]
Thu Aug 16 07:12:11 2018 us=854782 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Thu Aug 16 07:12:11 2018 us=868371 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 15 ]
Thu Aug 16 07:12:11 2018 us=868397 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Thu Aug 16 07:12:11 2018 us=868414 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 16 ]
Thu Aug 16 07:12:11 2018 us=868432 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Thu Aug 16 07:12:11 2018 us=882460 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 17 ]
Thu Aug 16 07:12:11 2018 us=882486 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Thu Aug 16 07:12:11 2018 us=897156 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 18 ]
Thu Aug 16 07:12:11 2018 us=897181 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Thu Aug 16 07:12:11 2018 us=911296 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 19 ]
Thu Aug 16 07:12:11 2018 us=911321 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [71] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=57
Thu Aug 16 07:12:11 2018 us=911339 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 20 ]
Thu Aug 16 07:12:11 2018 us=946463 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 21 ]
Thu Aug 16 07:12:11 2018 us=960348 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 22 ]
Thu Aug 16 07:12:12 2018 us=13780 ::ffff:147.120.235.0 TCPv6_SERVER READ [126] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ 23 ] pid=5 DATA len=100
Thu Aug 16 07:12:12 2018 us=13816 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 5 ]
Thu Aug 16 07:12:12 2018 us=29307 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu Aug 16 07:12:12 2018 us=29351 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 6 ]
Thu Aug 16 07:12:12 2018 us=29376 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Thu Aug 16 07:12:12 2018 us=29398 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 7 ]
Thu Aug 16 07:12:12 2018 us=29415 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Thu Aug 16 07:12:12 2018 us=29436 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 8 ]
Thu Aug 16 07:12:12 2018 us=45257 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu Aug 16 07:12:12 2018 us=45290 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 9 ]
Thu Aug 16 07:12:12 2018 us=59632 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu Aug 16 07:12:12 2018 us=59660 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 10 ]
Thu Aug 16 07:12:12 2018 us=74208 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Thu Aug 16 07:12:12 2018 us=74259 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 11 ]
Thu Aug 16 07:12:12 2018 us=74280 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Thu Aug 16 07:12:12 2018 us=74302 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 12 ]
Thu Aug 16 07:12:12 2018 us=89213 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Thu Aug 16 07:12:12 2018 us=89243 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 13 ]
Thu Aug 16 07:12:12 2018 us=103321 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Thu Aug 16 07:12:12 2018 us=103349 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 14 ]
Thu Aug 16 07:12:12 2018 us=117321 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Thu Aug 16 07:12:12 2018 us=117350 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 15 ]
Thu Aug 16 07:12:12 2018 us=117368 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Thu Aug 16 07:12:12 2018 us=117389 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 16 ]
Thu Aug 16 07:12:12 2018 us=133181 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Thu Aug 16 07:12:12 2018 us=133218 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 17 ]
Thu Aug 16 07:12:12 2018 us=153188 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Thu Aug 16 07:12:12 2018 us=154124 ::ffff:147.120.235.0 VERIFY OK: depth=1, C=US, ST=Wisconsin, L=nothingtoseehere, O=My Company Services, Inc., OU=OU, CN=Sophos_CA, emailAddress=it@mycompany.com
Thu Aug 16 07:12:12 2018 us=154535 ::ffff:147.120.235.0 VERIFY OK: depth=0, C=US, ST=Wisconsin, L=nothingtoseehere, O=My Company Services, Inc., OU=OU, CN=JoeMamma@domain.local_16431EFF1D2, emailAddress=it@mycompany.com
Thu Aug 16 07:12:12 2018 us=154564 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 18 ]
Thu Aug 16 07:12:12 2018 us=168467 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Thu Aug 16 07:12:12 2018 us=168496 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 19 ]
Thu Aug 16 07:12:12 2018 us=168514 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Thu Aug 16 07:12:12 2018 us=168535 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 20 ]
Thu Aug 16 07:12:12 2018 us=183425 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Thu Aug 16 07:12:12 2018 us=223022 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 21 ]
Thu Aug 16 07:12:12 2018 us=223057 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Thu Aug 16 07:12:12 2018 us=223081 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 22 ]
Thu Aug 16 07:12:12 2018 us=237249 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Thu Aug 16 07:12:12 2018 us=237277 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 23 ]
Thu Aug 16 07:12:12 2018 us=237294 ::ffff:147.120.235.0 TCPv6_SERVER READ [84] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=70
Thu Aug 16 07:12:12 2018 us=237969 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [85] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ 24 ] pid=24 DATA len=59
Thu Aug 16 07:12:12 2018 us=329216 ::ffff:147.120.235.0 TCPv6_SERVER READ [126] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ 24 ] pid=25 DATA len=100
Thu Aug 16 07:12:12 2018 us=329280 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 25 ]
Thu Aug 16 07:12:12 2018 us=345417 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=26 DATA len=100
Thu Aug 16 07:12:12 2018 us=345441 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 26 ]
Thu Aug 16 07:12:12 2018 us=345463 ::ffff:147.120.235.0 TCPv6_SERVER READ [114] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=27 DATA len=100
Thu Aug 16 07:12:12 2018 us=345481 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 27 ]
Thu Aug 16 07:12:12 2018 us=345495 ::ffff:147.120.235.0 TCPv6_SERVER READ [108] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=28 DATA len=94
Thu Aug 16 07:12:12 2018 us=584037 ::ffff:147.120.235.0 PLUGIN_CALL: POST /lib/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Thu Aug 16 07:12:12 2018 us=584067 ::ffff:147.120.235.0 TLS: Username/Password authentication deferred for username 'JoeMamma' [CN SET]
Thu Aug 16 07:12:12 2018 us=584225 ::ffff:147.120.235.0 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug 16 07:12:12 2018 us=584240 ::ffff:147.120.235.0 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 16 07:12:12 2018 us=584250 ::ffff:147.120.235.0 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug 16 07:12:12 2018 us=584260 ::ffff:147.120.235.0 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Aug 16 07:12:12 2018 us=584308 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [126] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ 28 ] pid=25 DATA len=100
Thu Aug 16 07:12:12 2018 us=584344 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=26 DATA len=100
Thu Aug 16 07:12:12 2018 us=584364 ::ffff:147.120.235.0 TCPv6_SERVER WRITE [96] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=27 DATA len=82
Thu Aug 16 07:12:12 2018 us=598762 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 25 ]
Thu Aug 16 07:12:12 2018 us=614938 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 26 ]
Thu Aug 16 07:12:12 2018 us=666105 ::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 27 ]
Thu Aug 16 07:12:12 2018 us=666141 ::ffff:147.120.235.0 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Aug 16 07:12:12 2018 us=666171 ::ffff:147.120.235.0 [JoeMamma] Peer Connection Initiated with [AF_INET6]::ffff:147.120.235.0:57090
Thu Aug 16 07:12:12 2018 us=867068 JoeMamma@domain.local/::ffff:147.120.235.0 OPTIONS IMPORT: reading client specific options from: /cfs/system/openvpn/conf.d/JoeMamma@domain.local
Thu Aug 16 07:12:12 2018 us=934447 JoeMamma@domain.local/::ffff:147.120.235.0 MULTI_sva: pool returned IPv4=10.10.200.2, IPv6=2001:db8::1:1
Thu Aug 16 07:12:12 2018 us=934494 JoeMamma@domain.local/::ffff:147.120.235.0 ifconfig_pool_remote_ipv6:2001:db8::1:1
Thu Aug 16 07:12:12 2018 us=934511 JoeMamma@domain.local/::ffff:147.120.235.0 ifconfig_remote_ip: 147.120.235.0, isipv4c: 1
Authentication server 127.0.0.1 gave login response
Thu Aug 16 07:12:12 2018 us=935088 JoeMamma@domain.local/::ffff:147.120.235.0 PLUGIN_CALL: POST /lib/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0
Thu Aug 16 07:12:12 2018 us=935112 JoeMamma@domain.local/::ffff:147.120.235.0 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_b42ee21b24c77e8fea227151ff66ae32.tmp
Thu Aug 16 07:12:12 2018 us=935145 JoeMamma@domain.local/::ffff:147.120.235.0 ifconfig_pool_remote_ipv6:2001:db8::1:1
Thu Aug 16 07:12:12 2018 us=935162 JoeMamma@domain.local/::ffff:147.120.235.0 ifconfig_remote_ip: 147.120.235.0, isipv4c: 1
INSERT 0 1
COMMIT
script ipv4 -->
ipset v6.14: Element cannot be deleted from the set: it's not added
ipset v6.14: Element cannot be deleted from the set: it's not added
ipset v6.14: Element cannot be deleted from the set: it's not added
script ipv4 <--
Thu Aug 16 07:12:13 2018 us=225137 JoeMamma@domain.local/::ffff:147.120.235.0 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_645b4c35bd4879ed23d936d66bc09670.tmp
Thu Aug 16 07:12:13 2018 us=225190 JoeMamma@domain.local/::ffff:147.120.235.0 ifconfig_pool_remote_ipv6:2001:db8::1:1
Thu Aug 16 07:12:13 2018 us=225209 JoeMamma@domain.local/::ffff:147.120.235.0 ifconfig_remote_ip: 147.120.235.0, isipv4c: 1
Thu Aug 16 07:12:13 2018 us=225232 JoeMamma@domain.local/::ffff:147.120.235.0 MULTI: Learn: 10.10.200.2 -> JoeMamma@domain.local/::ffff:147.120.235.0
Thu Aug 16 07:12:13 2018 us=225243 JoeMamma@domain.local/::ffff:147.120.235.0 MULTI: primary virtual IP for JoeMamma@domain.local/::ffff:147.120.235.0: 10.10.200.2
Thu Aug 16 07:12:13 2018 us=225254 JoeMamma@domain.local/::ffff:147.120.235.0 MULTI: Learn: 2001:db8::1:1 -> JoeMamma@domain.local/::ffff:147.120.235.0
Thu Aug 16 07:12:13 2018 us=225265 JoeMamma@domain.local/::ffff:147.120.235.0 MULTI: primary virtual IPv6 for JoeMamma@domain.local/::ffff:147.120.235.0: 2001:db8::1:1
Thu Aug 16 07:12:13 2018 us=259339 CID is :18
Thu Aug 16 07:12:13 2018 us=259357 CID is :170
Thu Aug 16 07:12:14 2018 us=860481 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER READ [104] from [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=29 DATA len=90
Thu Aug 16 07:12:14 2018 us=860558 JoeMamma@domain.local/::ffff:147.120.235.0 PUSH: Received control message: 'PUSH_REQUEST'
Thu Aug 16 07:12:14 2018 us=860571 JoeMamma@domain.local/::ffff:147.120.235.0 send_push_reply(): safe_cap=940
Thu Aug 16 07:12:14 2018 us=860581 JoeMamma@domain.local/::ffff:147.120.235.0 Host:::ffff:147.120.235.0 Port:57090
Thu Aug 16 07:12:14 2018 us=860588 JoeMamma@domain.local/::ffff:147.120.235.0 Is IPv4 :1
Thu Aug 16 07:12:14 2018 us=860596 JoeMamma@domain.local/::ffff:147.120.235.0 send_push_reply(): suppress sending 'tun-ipv6'
Thu Aug 16 07:12:14 2018 us=860639 JoeMamma@domain.local/::ffff:147.120.235.0 SENT CONTROL [JoeMamma@domain.local]: 'PUSH_REPLY,route-gateway 10.10.200.1,ping 45,ping-restart 180,route 192.168.10.0 255.255.255.0,route 192.168.200.0 255.255.255.0,route 192.168.15.111 255.255.255.255,route 192.168.15.15 255.255.255.255,route 10.10.2.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,dhcp-option DNS 192.168.10.7,dhcp-option DNS 192.168.10.9,dhcp-option DOMAIN domain.local,ifconfig 10.10.200.2 255.255.255.0' (status=1)
Thu Aug 16 07:12:14 2018 us=860668 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [22] to [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 29 ]
Thu Aug 16 07:12:14 2018 us=860699 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=28 DATA len=100
Thu Aug 16 07:12:14 2018 us=860720 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=29 DATA len=100
Thu Aug 16 07:12:14 2018 us=860737 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=30 DATA len=100
Thu Aug 16 07:12:14 2018 us=860753 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [114] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=31 DATA len=100
Thu Aug 16 07:12:14 2018 us=954668 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER READ [22] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 28 ]
Thu Aug 16 07:12:14 2018 us=954699 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER WRITE [104] to [AF_INET6]::ffff:147.120.235.0:57090: P_CONTROL_V1 kid=0 [ ] pid=32 DATA len=90
Thu Aug 16 07:12:14 2018 us=969177 JoeMamma@domain.local/::ffff:147.120.235.0 TCPv6_SERVER READ [30] from [AF_INET6]::ffff:147.120.235.0:57090: P_ACK_V1 kid=0 [ 29 30 31 ]

 

Attaching log file from XG 210.  Username and IP's changed to protect the innocent.



This thread was automatically locked due to age.
Parents
  • 0

    Hey  

    For more information, are you able to gather the logs from the client's SSL VPN when this disconnection occurs?

    Does this user have anything specific about their network environment (firewall at home, etc.), compared to other SSL VPN users (who are experiencing no issues?).

    Thanks,

Reply
  • 0

    Hey  

    For more information, are you able to gather the logs from the client's SSL VPN when this disconnection occurs?

    Does this user have anything specific about their network environment (firewall at home, etc.), compared to other SSL VPN users (who are experiencing no issues?).

    Thanks,

Children
No Data