Hi,
I have installed SSL VPN profile and found issue with installting SSL VPN Adpater which I have overcome by using TAP adapter v9 suggested in other Sophos community blogs. Now I am able to connect to VPN tunnel, however, the VPN adapter won't get IP leased from Sophos device and that still shows 169.xx.xx.xx IP even though after establishing connection.
I am attaching herewith logs I extracted after connecting to VPN.
Wed Jun 19 17:58:40 2019 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Wed Jun 19 17:58:40 2019 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Wed Jun 19 17:58:40 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jun 19 17:58:40 2019 Need hold release from management interface, waiting...
Wed Jun 19 17:58:40 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jun 19 17:58:40 2019 MANAGEMENT: CMD 'state on'
Wed Jun 19 17:58:40 2019 MANAGEMENT: CMD 'log all on'
Wed Jun 19 17:58:40 2019 MANAGEMENT: CMD 'hold off'
Wed Jun 19 17:58:40 2019 MANAGEMENT: CMD 'hold release'
Wed Jun 19 17:59:41 2019 MANAGEMENT: CMD 'username "Auth" "nchilkuri"'
Wed Jun 19 17:59:41 2019 MANAGEMENT: CMD 'password [...]'
Wed Jun 19 17:59:41 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jun 19 17:59:41 2019 Attempting to establish TCP connection with [AF_INET]103.24.6.8:443 [nonblock]
Wed Jun 19 17:59:41 2019 MANAGEMENT: >STATE:1560938381,TCP_CONNECT,,,,,,
Wed Jun 19 17:59:42 2019 TCP connection established with [AF_INET]103.24.6.8:443
Wed Jun 19 17:59:42 2019 TCPv4_CLIENT link local: [undef]
Wed Jun 19 17:59:42 2019 TCPv4_CLIENT link remote: [AF_INET]103.24.6.8:443
Wed Jun 19 17:59:42 2019 MANAGEMENT: >STATE:1560938382,WAIT,,,,,,
Wed Jun 19 17:59:42 2019 MANAGEMENT: >STATE:1560938382,AUTH,,,,,,
Wed Jun 19 17:59:42 2019 TLS: Initial packet from [AF_INET]103.24.6.8:443, sid=27732979 8d63aa37
Wed Jun 19 17:59:42 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jun 19 17:59:43 2019 VERIFY OK: depth=1, C=SG, ST=Singapore, L=Singapore, O=Lantone Systems, OU=OU, CN=Sophos_CA_C1B0A6CFJPHDT4D, emailAddress=support@lantone.com.sg
Wed Jun 19 17:59:43 2019 VERIFY X509NAME OK: C=SG, ST=Singapore, L=Singapore, O=Lantone Systems, OU=OU, CN=SophosApplianceCertificate_C1B0A6CFJPHDT4D, emailAddress=support@lantone.com.sg
Wed Jun 19 17:59:43 2019 VERIFY OK: depth=0, C=SG, ST=Singapore, L=Singapore, O=Lantone Systems, OU=OU, CN=SophosApplianceCertificate_C1B0A6CFJPHDT4D, emailAddress=support@lantone.com.sg
Wed Jun 19 17:59:45 2019 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jun 19 17:59:45 2019 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jun 19 17:59:45 2019 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Jun 19 17:59:45 2019 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jun 19 17:59:45 2019 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Jun 19 17:59:45 2019 [SophosApplianceCertificate_C1B0A6CFJPHDT4D] Peer Connection Initiated with [AF_INET]103.24.6.8:443
Wed Jun 19 17:59:46 2019 MANAGEMENT: >STATE:1560938386,GET_CONFIG,,,,,,
Wed Jun 19 17:59:47 2019 SENT CONTROL [SophosApplianceCertificate_C1B0A6CFJPHDT4D]: 'PUSH_REQUEST' (status=1)
Wed Jun 19 17:59:48 2019 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.10.188.8,ping 45,ping-restart 180,route 192.168.188.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,dhcp-option DNS 192.168.188.99,dhcp-option DNS 192.168.188.100,ifconfig 10.10.188.11 255.255.255.0'
Wed Jun 19 17:59:48 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jun 19 17:59:48 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jun 19 17:59:48 2019 OPTIONS IMPORT: route options modified
Wed Jun 19 17:59:48 2019 OPTIONS IMPORT: route-related options modified
Wed Jun 19 17:59:48 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jun 19 17:59:48 2019 ROUTE_GATEWAY 192.168.43.179/255.255.255.0 I=22 HWADDR=f8:63:3f:2c:3f:49
Wed Jun 19 17:59:48 2019 open_tun, tt->ipv6=0
Wed Jun 19 17:59:48 2019 TAP-WIN32 device [Ethernet 14] opened: \\.\Global\{59D75C42-BA43-414D-B3D4-E5E47724F769}.tap
Wed Jun 19 17:59:48 2019 TAP-Windows Driver Version 9.21
Wed Jun 19 17:59:48 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.188.0/10.10.188.11/255.255.255.0 [SUCCEEDED]
Wed Jun 19 17:59:48 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.188.11/255.255.255.0 on interface {59D75C42-BA43-414D-B3D4-E5E47724F769} [DHCP-serv: 10.10.188.254, lease-time: 31536000]
Wed Jun 19 17:59:48 2019 Successful ARP Flush on interface [13] {59D75C42-BA43-414D-B3D4-E5E47724F769}
Wed Jun 19 17:59:48 2019 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jun 19 17:59:48 2019 MANAGEMENT: >STATE:1560938388,ASSIGN_IP,,10.10.188.11,,,,
Wed Jun 19 17:59:52 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 17:59:52 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 17:59:56 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 17:59:56 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 17:59:58 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 17:59:58 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 17:59:59 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 17:59:59 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:00 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:00 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:01 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:01 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:03 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:03 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:04 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:04 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:05 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:05 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:06 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:06 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:07 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:07 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:08 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:08 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:09 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:09 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:10 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:10 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:11 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:11 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:12 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:12 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:13 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:13 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:14 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:14 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:16 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:16 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:17 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:17 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:18 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:18 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:19 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:19 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:21 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:21 2019 Route: Waiting for TUN/TAP interface to come up...
Wed Jun 19 18:00:22 2019 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Wed Jun 19 18:00:22 2019 MANAGEMENT: >STATE:1560938422,ADD_ROUTES,,,,,,
Wed Jun 19 18:00:22 2019 C:\WINDOWS\system32\route.exe ADD 103.24.6.8 MASK 255.255.255.255 192.168.43.179
Wed Jun 19 18:00:22 2019 Route addition via service succeeded
Wed Jun 19 18:00:22 2019 C:\WINDOWS\system32\route.exe ADD 192.168.188.0 MASK 255.255.255.0 10.10.188.8
Wed Jun 19 18:00:22 2019 Warning: route gateway is not reachable on any active network adapters: 10.10.188.8
Wed Jun 19 18:00:22 2019 Route addition via service failed
Wed Jun 19 18:00:22 2019 C:\WINDOWS\system32\route.exe ADD 103.24.6.8 MASK 255.255.255.255 192.168.43.179
Wed Jun 19 18:00:22 2019 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=22]
Wed Jun 19 18:00:22 2019 Route addition via service failed
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.43.179 p=0 i=22 t=4 pr=3 a=149 h=0 m=55/0/0/0/0
103.24.6.8 255.255.255.255 192.168.43.179 p=0 i=22 t=4 pr=3 a=0 h=0 m=311/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=218 h=0 m=331/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=218 h=0 m=331/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=218 h=0 m=331/0/0/0/0
169.254.0.0 255.255.0.0 169.254.49.160 p=0 i=13 t=3 pr=2 a=207 h=0 m=291/0/0/0/0
169.254.49.160 255.255.255.255 169.254.49.160 p=0 i=13 t=3 pr=2 a=207 h=0 m=291/0/0/0/0
169.254.255.255 255.255.255.255 169.254.49.160 p=0 i=13 t=3 pr=2 a=207 h=0 m=291/0/0/0/0
192.168.43.0 255.255.255.0 192.168.43.82 p=0 i=22 t=3 pr=2 a=149 h=0 m=311/0/0/0/0
192.168.43.82 255.255.255.255 192.168.43.82 p=0 i=22 t=3 pr=2 a=149 h=0 m=311/0/0/0/0
192.168.43.255 255.255.255.255 192.168.43.82 p=0 i=22 t=3 pr=2 a=149 h=0 m=311/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=218 h=0 m=331/0/0/0/0
224.0.0.0 240.0.0.0 169.254.49.160 p=0 i=13 t=3 pr=2 a=217 h=0 m=291/0/0/0/0
224.0.0.0 240.0.0.0 192.168.43.82 p=0 i=22 t=3 pr=2 a=212 h=0 m=311/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=218 h=0 m=331/0/0/0/0
255.255.255.255 255.255.255.255 169.254.49.160 p=0 i=13 t=3 pr=2 a=217 h=0 m=291/0/0/0/0
255.255.255.255 255.255.255.255 192.168.43.82 p=0 i=22 t=3 pr=2 a=212 h=0 m=311/0/0/0/0
SYSTEM ADAPTER LIST
Bluetooth Device (Personal Area Network) #2
Index = 29
GUID = {D82D2862-2D1D-418B-8A88-02C3A9D09AE5}
IP = 0.0.0.0/0.0.0.0
MAC = f8:63:3f:2c:3f:4d
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Wed Jun 19 18:00:22 2019
DHCP LEASE EXPIRES = Wed Jun 19 18:00:22 2019
DNS SERV =
TAP-Windows Adapter V9
Index = 13
GUID = {59D75C42-BA43-414D-B3D4-E5E47724F769}
IP = 169.254.49.160/255.255.0.0
MAC = 00:ff:59:d7:5c:42
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Wed Jun 19 18:00:22 2019
DHCP LEASE EXPIRES = Wed Jun 19 18:00:22 2019
DNS SERV =
Intel(R) Dual Band Wireless-AC 8265
Index = 22
GUID = {ABB46B77-0DE4-41A6-8491-567A1D8B368F}
IP = 192.168.43.82/255.255.255.0
MAC = f8:63:3f:2c:3f:49
GATEWAY = 192.168.43.179/255.255.255.255
DHCP SERV = 192.168.43.179/255.255.255.255
DHCP LEASE OBTAINED = Wed Jun 19 17:57:53 2019
DHCP LEASE EXPIRES = Wed Jun 19 18:57:53 2019
DNS SERV = 192.168.43.179/255.255.255.255
Microsoft Wi-Fi Direct Virtual Adapter
Index = 31
GUID = {F1310AAF-ABEA-4CD3-B2F8-BE6BDFE7A465}
IP = 0.0.0.0/0.0.0.0
MAC = f8:63:3f:2c:3f:4a
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Wed Jun 19 18:00:22 2019
DHCP LEASE EXPIRES = Wed Jun 19 18:00:22 2019
DNS SERV =
Microsoft Wi-Fi Direct Virtual Adapter #2
Index = 24
GUID = {ADEB0E7F-DF51-41FC-84BA-B0C28BD6A451}
IP = 0.0.0.0/0.0.0.0
MAC = fa:63:3f:2c:3f:49
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Wed Jun 19 18:00:22 2019
DHCP LEASE EXPIRES = Wed Jun 19 18:00:22 2019
DNS SERV =
Wed Jun 19 18:00:22 2019 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Wed Jun 19 18:00:22 2019 MANAGEMENT: >STATE:1560938422,CONNECTED,ERROR,10.10.188.11,103.24.6.8,443,192.168.43.82,50548
Regards,
Khushnood
This thread was automatically locked due to age.
