Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 27 subscribers
  • Views 2179 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Users to Access External VPN

Christopher Paulin

All,

 

I'm using a SOPHOS XG as my firewall and I have a few users who are working as contractor to one of our customer.

As part of the requirement, the users need to connect to the customer's VPN to update their system.

Initially I created a group for the users and allow them to connect to the customer's VPN server (public IP) using the user/network rule.

They were able to connect but experiencing disconnection from time to time which is annoying them.

I set intrusion prevention, shaping and web policy to none; and appplication control to Allow All. I also made an Exception entry but they are still experiencing disconnection.

Any suggestion.

Thanks

 



This thread was automatically locked due to age.
Parents
  • 0

    Check the vpn-logging at client-side and server side.

    If using SSL-VPN the Client-logging is very detailed.

  • 0 in reply to dirkkotte

    Hi Dirk,

     

    Thanks for the suggestion. This is the part of the client's log where they get disconnected.

    Mon Oct 28 08:59:27 2019 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Oct 28 08:59:27 2019 MANAGEMENT: >STATE:1572224367,ASSIGN_IP,,10.242.8.5,,,,
    Mon Oct 28 08:59:31 2019 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
    Mon Oct 28 08:59:31 2019 MANAGEMENT: >STATE:1572224371,ADD_ROUTES,,,,,,
    Mon Oct 28 08:59:31 2019 C:\WINDOWS\system32\route.exe ADD 173.225.52.226 MASK 255.255.255.255 192.168.16.17
    Mon Oct 28 08:59:31 2019 Route addition via service succeeded
    Mon Oct 28 08:59:31 2019 C:\WINDOWS\system32\route.exe ADD 192.168.8.0 MASK 255.255.255.0 10.242.8.1
    Mon Oct 28 08:59:31 2019 Route addition via service succeeded
    Mon Oct 28 08:59:31 2019 C:\WINDOWS\system32\route.exe ADD 192.168.9.0 MASK 255.255.255.0 10.242.8.1
    Mon Oct 28 08:59:31 2019 Route addition via service succeeded
    Mon Oct 28 08:59:31 2019 Initialization Sequence Completed
    Mon Oct 28 08:59:31 2019 MANAGEMENT: >STATE:1572224371,CONNECTED,SUCCESS,10.242.8.5,173.225.52.226,443,192.168.16.173,50039
    Mon Oct 28 10:06:01 2019 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
    Mon Oct 28 10:06:01 2019 Connection reset, restarting [-1]
    Mon Oct 28 10:06:01 2019 SIGUSR1[soft,connection-reset] received, process restarting
    Mon Oct 28 10:06:01 2019 MANAGEMENT: >STATE:1572228361,RECONNECTING,connection-reset,,,,,
    Mon Oct 28 10:06:01 2019 Restart pause, 5 second(s)
    Mon Oct 28 10:06:06 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Oct 28 10:06:06 2019 MANAGEMENT: >STATE:1572228366,RESOLVE,,,,,,

    I checked my monitoring going to the customer's VPN server and there are no timeouts on that date/time.

    Any suggestion?

    Thanks

Reply
  • 0 in reply to dirkkotte

    Hi Dirk,

     

    Thanks for the suggestion. This is the part of the client's log where they get disconnected.

    Mon Oct 28 08:59:27 2019 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Oct 28 08:59:27 2019 MANAGEMENT: >STATE:1572224367,ASSIGN_IP,,10.242.8.5,,,,
    Mon Oct 28 08:59:31 2019 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
    Mon Oct 28 08:59:31 2019 MANAGEMENT: >STATE:1572224371,ADD_ROUTES,,,,,,
    Mon Oct 28 08:59:31 2019 C:\WINDOWS\system32\route.exe ADD 173.225.52.226 MASK 255.255.255.255 192.168.16.17
    Mon Oct 28 08:59:31 2019 Route addition via service succeeded
    Mon Oct 28 08:59:31 2019 C:\WINDOWS\system32\route.exe ADD 192.168.8.0 MASK 255.255.255.0 10.242.8.1
    Mon Oct 28 08:59:31 2019 Route addition via service succeeded
    Mon Oct 28 08:59:31 2019 C:\WINDOWS\system32\route.exe ADD 192.168.9.0 MASK 255.255.255.0 10.242.8.1
    Mon Oct 28 08:59:31 2019 Route addition via service succeeded
    Mon Oct 28 08:59:31 2019 Initialization Sequence Completed
    Mon Oct 28 08:59:31 2019 MANAGEMENT: >STATE:1572224371,CONNECTED,SUCCESS,10.242.8.5,173.225.52.226,443,192.168.16.173,50039
    Mon Oct 28 10:06:01 2019 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
    Mon Oct 28 10:06:01 2019 Connection reset, restarting [-1]
    Mon Oct 28 10:06:01 2019 SIGUSR1[soft,connection-reset] received, process restarting
    Mon Oct 28 10:06:01 2019 MANAGEMENT: >STATE:1572228361,RECONNECTING,connection-reset,,,,,
    Mon Oct 28 10:06:01 2019 Restart pause, 5 second(s)
    Mon Oct 28 10:06:06 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Oct 28 10:06:06 2019 MANAGEMENT: >STATE:1572228366,RESOLVE,,,,,,

    I checked my monitoring going to the customer's VPN server and there are no timeouts on that date/time.

    Any suggestion?

    Thanks

Children