connecting to XG210_WP03_SFOS 17.1.3 MR-3 or 17.1.2 SSL VPN from Debian 10 Testing (Buster) openvpn client has worked until sometime over the past week when it would no longer connect. The result is the same with TCP or UDP set on the XG + client or after redownloading the ovpn configuration file from the XG. The Sophos branded SSL VPN client on Windows continues to work fine. The Debian system is fully updated regularly so I'm assuming recent updates introduced a compatibility issue. Anyone else ran into this or have suggestions?
uname -a
Linux v 4.18.0-2-amd64 #1 SMP Debian 4.18.10-2 (2018-10-07) x86_64 GNU/Linux
from client connection:
Wed Oct 31 08:15:15 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 30 2018
Wed Oct 31 08:15:15 2018 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.10
Wed Oct 31 08:15:15 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]****:**
Wed Oct 31 08:15:15 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Oct 31 08:15:15 2018 UDP link local: (not bound)
Wed Oct 31 08:15:15 2018 UDP link remote: [AF_INET]****:**
Wed Oct 31 08:15:15 2018 TLS: Initial packet from [AF_INET]****:**, sid=60138319 342c4a2d
Wed Oct 31 08:15:15 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 31 08:15:15 2018 OpenSSL: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Wed Oct 31 08:15:15 2018 TLS_ERROR: BIO read tls_read_plaintext error
Wed Oct 31 08:15:15 2018 TLS Error: TLS object -> incoming plaintext read error
Wed Oct 31 08:15:15 2018 TLS Error: TLS handshake failed
Wed Oct 31 08:15:15 2018 SIGUSR1[soft,tls-error] received, process restarting
Wed Oct 31 08:15:15 2018 Restart pause, 5 second(s)
from /log/sslvpn.log on the xg:
Wed Oct 31 08:15:15 2018 [11069] ::ffff:**** TLS: Initial packet from [AF_INET6]::ffff:****:47076 (via ::ffff:****%Port8), sid=a92bca7e 2115a8a1
Wed Oct 31 08:15:18 2018 [11069] CID is :3
Wed Oct 31 08:15:18 2018 [11069] CID is :2
Wed Oct 31 08:15:20 2018 [11069] ::ffff:**** TLS: Initial packet from [AF_INET6]::ffff:****:49939 (via ::ffff:****%Port2), sid=18628165 cbc0f5bb
Wed Oct 31 08:15:33 2018 [11069] CID is :3
Wed Oct 31 08:15:33 2018 [11069] CID is :2
Wed Oct 31 08:15:33 2018 [11069] CID is :4
Wed Oct 31 08:15:49 2018 [11069] CID is :3
Wed Oct 31 08:15:49 2018 [11069] CID is :2
Wed Oct 31 08:15:49 2018 [11069] CID is :4
Wed Oct 31 08:16:04 2018 [11069] CID is :3
Wed Oct 31 08:16:04 2018 [11069] CID is :2
Wed Oct 31 08:16:04 2018 [11069] CID is :4
Wed Oct 31 08:16:15 2018 [11069] ::ffff:**** TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Oct 31 08:16:15 2018 [11069] ::ffff:**** TLS Error: TLS handshake failed
Wed Oct 31 08:16:15 2018 [11069] ::ffff:**** SIGUSR1[soft,tls-error] received, client-instance restarting
This thread was automatically locked due to age.
