Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 1041 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSLVPN not able to connect from ADSL but can connect via Mobile OpenVPN

Yuss Ruo

Hi All,

Details as per below.

Model:XG86

Firmware Verison: SFOS 18.0.1 MR-1-Build396

Symptoms: We are not able to establish any SSLVPN connections from ADSL but can connect via Mobile OpenVPN

I believe it is not the first time Sophos having this issue. Please refer to below for log

Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 Connection reset, restarting [0]
Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sat Jun 20 12:16:41 2020 [12616] TCP connection established with [AF_INET6]::ffff:106.75.168.234:39488
Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 Connection reset, restarting [0]
Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sat Jun 20 12:16:41 2020 [12616] TCP connection established with [AF_INET6]::ffff:106.75.168.234:39502
Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 Connection reset, restarting [0]
Sat Jun 20 12:16:41 2020 [12616] ::ffff:106.75.168.234 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sat Jun 20 12:16:42 2020 [12616] TCP connection established with [AF_INET6]::ffff:106.75.168.234:39508
Sat Jun 20 12:16:47 2020 [12616] TCP connection established with [AF_INET6]::ffff:196.52.43.86:53799
Sat Jun 20 12:16:49 2020 [12616] ::ffff:196.52.43.86 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Sat Jun 20 12:16:49 2020 [12616] ::ffff:196.52.43.86 Connection reset, restarting [0]
Sat Jun 20 12:16:49 2020 [12616] ::ffff:196.52.43.86 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sat Jun 20 12:16:49 2020 [12616] ::ffff:106.75.168.234 Connection reset, restarting [0]
Sat Jun 20 12:16:49 2020 [12616] ::ffff:106.75.168.234 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sat Jun 20 12:16:50 2020 [12616] TCP connection established with [AF_INET6]::ffff:106.75.168.234:41826
Sat Jun 20 12:16:50 2020 [12616] ::ffff:106.75.168.234 WARNING: Bad encapsulated packet length from peer (21843), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]



This thread was automatically locked due to age.
  • FormerMember
    +1 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    The logs indicate this issue is related to the MTU/MSS on the WAN interface. 

    I would advise you to change the MSS size on the WAN interface and try to connect to the SSL VPN. 

    Thanks,