This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN connects for a second then disconnects.

So, I have an XG-135 v 17 and I'm a newbie working with a support engineer who isn't available all the time, so I could really use some help with this.

The SSL VPN is setup on a laptop we use as a remote branch of our business. It supposed to connect back to our XG from a local High School and from that point, the use RDP's to a desktop to run transactions. We tested the laptop by connecting it first to our spare internet connection, which is a separate network and IP address. It connected to the XG and allowed the RDP to desktop with no problem. The staff took the laptop to the HS and attempted to connect back to the XG and it failed with no error message. I was told it never flashed that it had connected and the traffic light icon only went to yellow. When an RDP session was attempted anyway, it also failed. I took the laptop home and tried to connect to the XG from my network at home. It worked fine and connected right away, the traffic light turned green, flashed connected on the screen and I could RDP into the desktop. I figured this could be user error or some issue with the HS network. I let the staff member attempt another connection and it failed the same way again. This time the school technicians verified that there was an Internet connection and that there was an exception in their firewall. The HS uses a SOPHOS UTM running v9. They save the log file on the desktop and it says it briefly connected, 1 sec, then something happened. That is what I'm trying to figure out. Do I need to put the HS public IP into my ssl vpn network policy? Just confused as to how it works in two other places and not at the High School location. I can post the log but I'd rather not if I don't have to.

Thanks,

Dave

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 7 years ago

You have a point in XG called "Overwrite hostname" in SSL VPN config.

This point is the connection IP for all clients. Do you use something there? DNS Record? Could this DNS record be not be able to resolve correctly to the XG?

Can you show us the log of SSL VPN?
Cancel
Vote Up 0 Vote Down

Cancel
0 David Clark over 7 years ago in reply to LuCar Toni

Hi,

Here is the SSL VPN log from the failed connection. I've removed any of my network specific information. I am also using static ip's in a workgroup at our XG location. The other location (where i can not connect from is using DCHP addresses to the laptop. I wonder if this is a routing issue?

Enter Management Password:
Thu Sep 13 12:45:33 2018 us=401615 MANAGEMENT: TCP Socket listening on [AF_INET]0.0.0.1:1234
Thu Sep 13 12:45:33 2018 us=401615 Need hold release from management interface, waiting...
Thu Sep 13 12:45:33 2018 us=588815 MANAGEMENT: Client connected from [AF_INET]0.0.0.1:1234
Thu Sep 13 12:45:33 2018 us=698016 MANAGEMENT: CMD 'state on'
Thu Sep 13 12:45:33 2018 us=698016 MANAGEMENT: CMD 'log all on'
Thu Sep 13 12:45:33 2018 us=713616 MANAGEMENT: CMD 'hold off'
Thu Sep 13 12:45:33 2018 us=713616 MANAGEMENT: CMD 'hold release'
Thu Sep 13 12:45:44 2018 us=883235 MANAGEMENT: CMD 'username "Auth" "xxxxx"'
Thu Sep 13 12:45:44 2018 us=898835 MANAGEMENT: CMD 'password [...]'
Thu Sep 13 12:45:45 2018 us=117236 PRNG init md=SHA1 size=36
Thu Sep 13 12:45:45 2018 us=117236 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by zu bytes
Thu Sep 13 12:45:45 2018 us=117236 LZO compression initialized
Thu Sep 13 12:45:45 2018 us=117236 MTU DYNAMIC mtu=0, flags=1, 0 -> 140
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 Control Channel MTU parms [ L:1572 D:140 EF:40 EB:0 ET:0 EL:3 ]
Thu Sep 13 12:45:45 2018 us=117236 MTU DYNAMIC mtu=1450, flags=2, 1572 -> 1450
Thu Sep 13 12:45:45 2018 us=117236 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Sep 13 12:45:45 2018 us=117236 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=0
Thu Sep 13 12:45:45 2018 us=117236 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Sep 13 12:45:45 2018 us=117236 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method
2,tls-client'
Thu Sep 13 12:45:45 2018 us=117236 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize
128,key-method 2,tls-server'
Thu Sep 13 12:45:45 2018 us=117236 Local Options hash (VER=V4): 'b67e7382'
Thu Sep 13 12:45:45 2018 us=117236 Expected Remote Options hash (VER=V4): 'b6eac465'
Thu Sep 13 12:45:45 2018 us=117236 Attempting to establish TCP connection with [AF_INET]000.000.00.000:8443 [nonblock]
Thu Sep 13 12:45:45 2018 us=117236 MANAGEMENT: >STATE:1536857145,TCP_CONNECT,,,,,,
Thu Sep 13 12:45:46 2018 us=131238 TCP connection established with [AF_INET]000.000.00.000:8443
Thu Sep 13 12:45:46 2018 us=131238 TCPv4_CLIENT link local: [undef]
Thu Sep 13 12:45:46 2018 us=131238 TCPv4_CLIENT link remote: [AF_INET]000.000.00.000:8443
Thu Sep 13 12:45:46 2018 us=131238 MANAGEMENT: >STATE:1536857146,WAIT,,,,,,
Thu Sep 13 12:45:46 2018 us=131238 TCPv4_CLIENT WRITE [14] to [AF_INET]000.000.00.000:8443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT READ [26] from [AF_INET]000.000.00.000:8443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu Sep 13 12:45:46 2018 us=162438 MANAGEMENT: >STATE:1536857146,AUTH,,,,,,
Thu Sep 13 12:45:46 2018 us=162438 TLS: Initial packet from [AF_INET]000.000.00.000:8443, sid=3ded0207 1669906e
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [22] to [AF_INET]000.000.00.000:8443: P_ACK_V1 kid=0 [ 0 ]
Thu Sep 13 12:45:46 2018 us=162438 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:45:46 2018 us=162438 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:47 2018 us=379240 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:48 2018 us=596042 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:45:48 2018 us=596042 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:49 2018 us=812844 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:45:49 2018 us=812844 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:51 2018 us=29646 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:45:51 2018 us=29646 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:45:51 2018 us=29646 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:52 2018 us=246448 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:45:52 2018 us=246448 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:53 2018 us=463250 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:45:53 2018 us=463250 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:54 2018 us=680053 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:55 2018 us=896855 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:45:55 2018 us=896855 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:57 2018 us=113657 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:45:57 2018 us=113657 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:58 2018 us=158859 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:00 2018 us=249262 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:46:00 2018 us=249262 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:01 2018 us=294464 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:46:01 2018 us=294464 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:02 2018 us=339666 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:03 2018 us=384868 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:46:03 2018 us=384868 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:04 2018 us=430070 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:05 2018 us=116471 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Thu Sep 13 12:46:05 2018 us=116471 TCPv4_CLIENT READ [0] from [AF_INET]000.000.00.000:8443: DATA UNDEF len=-1
Thu Sep 13 12:46:05 2018 us=116471 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:46:05 2018 us=116471 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:05 2018 us=116471 Connection reset, restarting [-1]
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 TCP/UDP: Closing socket
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 SIGUSR1[soft,connection-reset] received, process restarting
Thu Sep 13 12:46:05 2018 us=116471 MANAGEMENT: >STATE:1536857165,RECONNECTING,connection-reset,,,,,
Thu Sep 13 12:46:05 2018 us=116471 Restart pause, 5 second(s)
Thu Sep 13 12:46:07 2018 us=144474 PID packet_id_free
Thu Sep 13 12:46:07 2018 us=144474 SIGTERM[hard,init_instance] received, process exiting
Thu Sep 13 12:46:07 2018 us=144474 MANAGEMENT: >STATE:1536857167,EXITING,init_instance,,,,,
Thu Sep 13 12:46:07 2018 us=144474 Closing Win32 semaphore 'openvpn_netcmd'
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 David Clark over 7 years ago in reply to LuCar Toni

Hi,

Here is the SSL VPN log from the failed connection. I've removed any of my network specific information. I am also using static ip's in a workgroup at our XG location. The other location (where i can not connect from is using DCHP addresses to the laptop. I wonder if this is a routing issue?

Enter Management Password:
Thu Sep 13 12:45:33 2018 us=401615 MANAGEMENT: TCP Socket listening on [AF_INET]0.0.0.1:1234
Thu Sep 13 12:45:33 2018 us=401615 Need hold release from management interface, waiting...
Thu Sep 13 12:45:33 2018 us=588815 MANAGEMENT: Client connected from [AF_INET]0.0.0.1:1234
Thu Sep 13 12:45:33 2018 us=698016 MANAGEMENT: CMD 'state on'
Thu Sep 13 12:45:33 2018 us=698016 MANAGEMENT: CMD 'log all on'
Thu Sep 13 12:45:33 2018 us=713616 MANAGEMENT: CMD 'hold off'
Thu Sep 13 12:45:33 2018 us=713616 MANAGEMENT: CMD 'hold release'
Thu Sep 13 12:45:44 2018 us=883235 MANAGEMENT: CMD 'username "Auth" "xxxxx"'
Thu Sep 13 12:45:44 2018 us=898835 MANAGEMENT: CMD 'password [...]'
Thu Sep 13 12:45:45 2018 us=117236 PRNG init md=SHA1 size=36
Thu Sep 13 12:45:45 2018 us=117236 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by zu bytes
Thu Sep 13 12:45:45 2018 us=117236 LZO compression initialized
Thu Sep 13 12:45:45 2018 us=117236 MTU DYNAMIC mtu=0, flags=1, 0 -> 140
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 Control Channel MTU parms [ L:1572 D:140 EF:40 EB:0 ET:0 EL:3 ]
Thu Sep 13 12:45:45 2018 us=117236 MTU DYNAMIC mtu=1450, flags=2, 1572 -> 1450
Thu Sep 13 12:45:45 2018 us=117236 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Sep 13 12:45:45 2018 us=117236 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=0
Thu Sep 13 12:45:45 2018 us=117236 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Sep 13 12:45:45 2018 us=117236 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method
2,tls-client'
Thu Sep 13 12:45:45 2018 us=117236 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize
128,key-method 2,tls-server'
Thu Sep 13 12:45:45 2018 us=117236 Local Options hash (VER=V4): 'b67e7382'
Thu Sep 13 12:45:45 2018 us=117236 Expected Remote Options hash (VER=V4): 'b6eac465'
Thu Sep 13 12:45:45 2018 us=117236 Attempting to establish TCP connection with [AF_INET]000.000.00.000:8443 [nonblock]
Thu Sep 13 12:45:45 2018 us=117236 MANAGEMENT: >STATE:1536857145,TCP_CONNECT,,,,,,
Thu Sep 13 12:45:46 2018 us=131238 TCP connection established with [AF_INET]000.000.00.000:8443
Thu Sep 13 12:45:46 2018 us=131238 TCPv4_CLIENT link local: [undef]
Thu Sep 13 12:45:46 2018 us=131238 TCPv4_CLIENT link remote: [AF_INET]000.000.00.000:8443
Thu Sep 13 12:45:46 2018 us=131238 MANAGEMENT: >STATE:1536857146,WAIT,,,,,,
Thu Sep 13 12:45:46 2018 us=131238 TCPv4_CLIENT WRITE [14] to [AF_INET]000.000.00.000:8443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT READ [26] from [AF_INET]000.000.00.000:8443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu Sep 13 12:45:46 2018 us=162438 MANAGEMENT: >STATE:1536857146,AUTH,,,,,,
Thu Sep 13 12:45:46 2018 us=162438 TLS: Initial packet from [AF_INET]000.000.00.000:8443, sid=3ded0207 1669906e
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [22] to [AF_INET]000.000.00.000:8443: P_ACK_V1 kid=0 [ 0 ]
Thu Sep 13 12:45:46 2018 us=162438 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:45:46 2018 us=162438 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:45:46 2018 us=162438 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:47 2018 us=379240 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:48 2018 us=596042 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:45:48 2018 us=596042 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:49 2018 us=812844 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:45:49 2018 us=812844 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:51 2018 us=29646 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:45:51 2018 us=29646 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:45:51 2018 us=29646 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:52 2018 us=246448 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:45:52 2018 us=246448 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:53 2018 us=463250 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:45:53 2018 us=463250 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:54 2018 us=680053 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:55 2018 us=896855 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:45:55 2018 us=896855 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:57 2018 us=113657 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:45:57 2018 us=113657 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:45:58 2018 us=158859 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:00 2018 us=249262 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu Sep 13 12:46:00 2018 us=249262 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:01 2018 us=294464 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu Sep 13 12:46:01 2018 us=294464 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:02 2018 us=339666 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:03 2018 us=384868 TCPv4_CLIENT WRITE [114] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu Sep 13 12:46:03 2018 us=384868 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:04 2018 us=430070 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:05 2018 us=116471 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Thu Sep 13 12:46:05 2018 us=116471 TCPv4_CLIENT READ [0] from [AF_INET]000.000.00.000:8443: DATA UNDEF len=-1
Thu Sep 13 12:46:05 2018 us=116471 TCPv4_CLIENT WRITE [17] to [AF_INET]000.000.00.000:8443: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=3
Thu Sep 13 12:46:05 2018 us=116471 ACK output sequence broken: [5] 1 2 3 4
Thu Sep 13 12:46:05 2018 us=116471 Connection reset, restarting [-1]
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 TCP/UDP: Closing socket
Thu Sep 13 12:46:05 2018 us=116471 PID packet_id_free
Thu Sep 13 12:46:05 2018 us=116471 SIGUSR1[soft,connection-reset] received, process restarting
Thu Sep 13 12:46:05 2018 us=116471 MANAGEMENT: >STATE:1536857165,RECONNECTING,connection-reset,,,,,
Thu Sep 13 12:46:05 2018 us=116471 Restart pause, 5 second(s)
Thu Sep 13 12:46:07 2018 us=144474 PID packet_id_free
Thu Sep 13 12:46:07 2018 us=144474 SIGTERM[hard,init_instance] received, process exiting
Thu Sep 13 12:46:07 2018 us=144474 MANAGEMENT: >STATE:1536857167,EXITING,init_instance,,,,,
Thu Sep 13 12:46:07 2018 us=144474 Closing Win32 semaphore 'openvpn_netcmd'
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 LuCar Toni over 7 years ago in reply to David Clark

Do you use HTTPs scanning or something like this on the UTM9 site?

The connection seems to be there, but the communication looks broken.

You could perform a wireshark dump of this and check, what is going on.
Cancel
Vote Up 0 Vote Down

Cancel
0 David Clark over 7 years ago in reply to LuCar Toni

Thats a good point. When I talked with the school technicians, I asked if they were doing any filtering of the Internet and they said that the connection should be passing through the exception that was made in the firewall. This exception, was made a couple years ago when we were using the Cisco ASA 5512x. I asked if it would need updated or checked and they said if I was using the same IP address then it should be fine. I am using the same IP address, we just swapped out the ASA for the Sophos. I will ask them tomorrow morning when school opens. I have a ssl vpn log from my test, when I connect back from our backup connection and I don't see any of this part in it:

PRNG init md=SHA1 size=36
Thu Sep 13 12:45:45 2018 us=117236 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by zu bytes
Thu Sep 13 12:45:45 2018 us=117236 LZO compression initialized
Thu Sep 13 12:45:45 2018 us=117236 MTU DYNAMIC mtu=0, flags=1, 0 -> 140
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 PID packet_id_init tcp_mode=1 seq_backtrack=64 time_backtrack=15
Thu Sep 13 12:45:45 2018 us=117236 Control Channel MTU parms [ L:1572 D:140 EF:40 EB:0 ET:0 EL:3 ]
Thu Sep 13 12:45:45 2018 us=117236 MTU DYNAMIC mtu=1450, flags=2, 1572 -> 1450

My good connection:

Enter Management Password:
Sat Sep 15 11:34:32 2018 MANAGEMENT: TCP Socket listening on [AF_INET]0.0.0.1:1234
Sat Sep 15 11:34:32 2018 Need hold release from management interface, waiting...
Sat Sep 15 11:34:35 2018 MANAGEMENT: Client connected from [AF_INET]0.0.0.1:1234
Sat Sep 15 11:34:35 2018 MANAGEMENT: CMD 'state on'
Sat Sep 15 11:34:35 2018 MANAGEMENT: CMD 'log all on'
Sat Sep 15 11:34:35 2018 MANAGEMENT: CMD 'hold off'
Sat Sep 15 11:34:35 2018 MANAGEMENT: CMD 'hold release'
Sat Sep 15 11:35:05 2018 MANAGEMENT: CMD 'username "Auth" "xxxxxxx"'
Sat Sep 15 11:35:05 2018 MANAGEMENT: CMD 'password [...]'
Sat Sep 15 11:35:05 2018 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Sep 15 11:35:05 2018 Attempting to establish TCP connection with [AF_INET]000.000.000.000:8443 [nonblock]
Sat Sep 15 11:35:05 2018 MANAGEMENT: >STATE:1537025705,TCP_CONNECT,,,,,,
Sat Sep 15 11:35:06 2018 TCP connection established with [AF_INET]000.000.000.000:8443
Cancel
Vote Up 0 Vote Down

Cancel
0 David Clark over 7 years ago in reply to David Clark

Just to be clear...the UTM 9 site is the school. I used to connect back to an ASA before we purchased the sofos xg-135 for our office. I don't have any access to the school network, all I can do is ask them questions and convey my concerns. Also, I will download a copy of wireshark on the laptop for our next scheduled visit the coming tuesday.
Cancel
Vote Up 0 Vote Down

Cancel
0 David Clark over 7 years ago in reply to David Clark

So, just sovled the issue today. The school was doing application filtering on their UTM. The old firewall rule from the cisco anywhere vpn needed changed. all good. thanks for the help.

Dave
Cancel
Vote Up 0 Vote Down

Cancel