Sophos XG 106, SSL VPN no Lan access

Hi Angelo Pauli 

Thank you for reaching out to the Community! 

Could you please check the Permitted Network Resources (IPv4) of the Tunnel Access section under VPN > SSL VPN (Remote Access)?

Please add the internal network that you would like to access via SSL Remote VPN and remove the ports.

Please check out the following KBA for more info: Sophos XG Firewall: How to troubleshoot SSL VPN remote access connectivity and data transfer issues.

Start packet capture on source IP address and provide the screenshot. 

Check out the following KBA for more info: Sophos XG Firewall: How to monitor traffic using packet capture utility in the GUI.

Thanks,

Hey H_Patel,

thank you for your answer. I have a Nat, Portredirection but in this im not sure wich I use as private port. 

For Public I have Port 8443. I spoke with sophos but I cant get it right.. 

tcpdump 'port 8443 doesnt show any traffic on the sophos firewall. 

My Router is a Draytek Vigor 2925. Selected the Private IP wich was given to the firewall. 

Still getting this LOG-Output from Sophos Client: 

Tue Jul 28 12:58:31 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Tue Jul 28 12:58:31 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Tue Jul 28 12:58:31 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jul 28 12:58:31 2020 Need hold release from management interface, waiting...
Tue Jul 28 12:58:31 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jul 28 12:58:31 2020 MANAGEMENT: CMD 'state on'
Tue Jul 28 12:58:31 2020 MANAGEMENT: CMD 'log all on'
Tue Jul 28 12:58:31 2020 MANAGEMENT: CMD 'hold off'
Tue Jul 28 12:58:31 2020 MANAGEMENT: CMD 'hold release'
Tue Jul 28 12:58:51 2020 MANAGEMENT: CMD 'username "Auth" "angelo.pauli"'
Tue Jul 28 12:58:51 2020 MANAGEMENT: CMD 'password [...]'
Tue Jul 28 12:58:51 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 28 12:58:51 2020 UDPv4 link local: [undef]
Tue Jul 28 12:58:51 2020 UDPv4 link remote: [AF_INET]xxxx:8443
Tue Jul 28 12:58:51 2020 MANAGEMENT: >STATE:1595933931,WAIT,,,,,,
Tue Jul 28 12:59:51 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jul 28 12:59:51 2020 TLS Error: TLS handshake failed
Tue Jul 28 12:59:51 2020 SIGUSR1[soft,tls-error] received, process restarting
Tue Jul 28 12:59:51 2020 MANAGEMENT: >STATE:1595933991,RECONNECTING,tls-error,,,,,
Tue Jul 28 12:59:51 2020 Restart pause, 2 second(s)
Tue Jul 28 12:59:53 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 28 12:59:53 2020 UDPv4 link local: [undef]
Tue Jul 28 12:59:53 2020 UDPv4 link remote: [AF_INET]xxxxxx:8443
Tue Jul 28 12:59:53 2020 MANAGEMENT: >STATE:1595933993,WAIT,,,,,,
Tue Jul 28 13:00:46 2020 MANAGEMENT: CMD 'signal SIGHUP'
Tue Jul 28 13:00:46 2020 SIGHUP[hard,] received, process restarting
Tue Jul 28 13:00:46 2020 MANAGEMENT: >STATE:1595934046,RECONNECTING,SIGHUP,,,,,
Tue Jul 28 13:00:46 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Tue Jul 28 13:00:46 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Tue Jul 28 13:00:46 2020 Restart pause, 2 second(s)
Tue Jul 28 13:00:48 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 28 13:00:48 2020 UDPv4 link local: [undef]

I dont now what to do. 

Angelo 

Hi Angelo Pauli 

Thank you for the update. 

If there is no traffic on the firewall on SSL VPN port, that means it is blocked before it gets to the XG firewall. 

Could you please provide a screenshot of the SSL VPN settings?

Thanks, 

Hi Angelo Pauli 

Thank you for the update. 

If there is no traffic on the firewall on SSL VPN port, that means it is blocked before it gets to the XG firewall. 

Could you please provide a screenshot of the SSL VPN settings?

Thanks,