Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 9075 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN connecting to user@example.com_ssl_vpn_config has failed.

Hung Ho

Hi All,

My XG info:

XG310 re.2

SFOS 17.5.8 MR-8

 

My staff reports to me that while connecting to VPN on their laptop/PC. They are getting this error:

connecting to user@example.com_ssl_vpn_config has failed

It fails much time. I suggest they try to restart the service "OpenVPN Interactive Service" after restart then it works fine.

Actually, restart the above service is a temporary solution. I hope Sophos can help to thoroughly resolve this issue.

Thank you.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Can u please Provide us the connection log.

    And a picture of you're SSL VPN connection settings.

    Regards

  • 0 in reply to n33dfull

    Here the log:

    Mon Nov 11 10:08:30 2019 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
    Mon Nov 11 10:08:30 2019 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Mon Nov 11 10:08:30 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Mon Nov 11 10:08:30 2019 Need hold release from management interface, waiting...
    Mon Nov 11 10:08:30 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Mon Nov 11 10:08:30 2019 MANAGEMENT: CMD 'state on'
    Mon Nov 11 10:08:30 2019 MANAGEMENT: CMD 'log all on'
    Mon Nov 11 10:08:30 2019 MANAGEMENT: CMD 'hold off'
    Mon Nov 11 10:08:30 2019 MANAGEMENT: CMD 'hold release'
    Mon Nov 11 10:08:37 2019 MANAGEMENT: CMD 'username "Auth" "john.quy"'
    Mon Nov 11 10:08:37 2019 MANAGEMENT: CMD 'password [...]'
    Mon Nov 11 10:08:37 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Nov 11 10:08:37 2019 MANAGEMENT: >STATE:1573441717,RESOLVE,,,,,,
    Mon Nov 11 10:08:49 2019 Attempting to establish TCP connection with [AF_INET]187.85.128.xx:8443 [nonblock]
    Mon Nov 11 10:08:49 2019 MANAGEMENT: >STATE:1573441729,TCP_CONNECT,,,,,,
    Mon Nov 11 10:08:59 2019 TCP: connect to [AF_INET]187.85.128.xx:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Nov 11 10:09:04 2019 MANAGEMENT: >STATE:1573441744,RESOLVE,,,,,,
    Mon Nov 11 10:09:04 2019 MANAGEMENT: >STATE:1573441744,TCP_CONNECT,,,,,,
    Mon Nov 11 10:09:05 2019 TCP connection established with [AF_INET]187.85.128.xx:8443
    Mon Nov 11 10:09:05 2019 TCPv4_CLIENT link local: [undef]
    Mon Nov 11 10:09:05 2019 TCPv4_CLIENT link remote: [AF_INET]187.85.128.xx:8443
    Mon Nov 11 10:09:05 2019 MANAGEMENT: >STATE:1573441745,WAIT,,,,,,
    Mon Nov 11 10:09:05 2019 MANAGEMENT: >STATE:1573441745,AUTH,,,,,,
    Mon Nov 11 10:09:05 2019 TLS: Initial packet from [AF_INET]187.85.128.xx:8443, sid=7395480e 6f7a9eb1
    Mon Nov 11 10:09:05 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Nov 11 10:09:06 2019 VERIFY OK: depth=1, C=US, ST=NA, L=NA, O=ABC, OU=OU, CN=Sophos_CA_C320, emailaddress=admin@example
    Mon Nov 11 10:09:06 2019 VERIFY X509NAME OK: C=US, ST=NA, L=NA, O=ABC, OU=OU, CN=SophosApplianceCertificate_C320, emailaddress=admin@example
    Mon Nov 11 10:09:06 2019 VERIFY OK: depth=0, C=US, ST=NA, L=NA, O=ABC, OU=OU, CN=SophosApplianceCertificate_C320, emailaddress=admin@example
    Mon Nov 11 10:09:07 2019 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Mon Nov 11 10:09:07 2019 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Mon Nov 11 10:09:07 2019 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Mon Nov 11 10:09:07 2019 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Mon Nov 11 10:09:07 2019 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Mon Nov 11 10:09:07 2019 [SophosApplianceCertificate_C320] Peer Connection Initiated with [AF_INET]187.85.128.xx:8443
    Mon Nov 11 10:09:08 2019 MANAGEMENT: >STATE:1573441748,GET_CONFIG,,,,,,

     

    SSL VPN settings:

     

  • +1 in reply to Hung Ho

    Please change connection to UDP

    Sometimes there are errors with ipv6 remote devices.

    Later more information

  • 0 in reply to n33dfull

    Change the Protocol to UDP, mean client will download and re-install the VPN SSL configuration?

  • 0 in reply to Hung Ho

    Yes, each change in the Server config (on XG) lead to a re install. 

Reply Children
No Data