Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 1341 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Issue After Migration

Anthony Anderson

I recently backed up a configuration from an XG85 running 17.0 and uploaded it to an XG200 series hardware running 18.0.1, Now SSL VPN will not connect. 

Here are the logs:

Client side:

Tue Nov 17 20:17:56 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Tue Nov 17 20:17:56 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Tue Nov 17 20:17:56 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Nov 17 20:17:56 2020 Need hold release from management interface, waiting...
Tue Nov 17 20:17:56 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Nov 17 20:17:57 2020 MANAGEMENT: CMD 'state on'
Tue Nov 17 20:17:57 2020 MANAGEMENT: CMD 'log all on'
Tue Nov 17 20:17:57 2020 MANAGEMENT: CMD 'hold off'
Tue Nov 17 20:17:57 2020 MANAGEMENT: CMD 'hold release'
Tue Nov 17 20:18:17 2020 MANAGEMENT: CMD 'username "Auth" "aanderson"'
Tue Nov 17 20:18:17 2020 MANAGEMENT: CMD 'password [...]'
Tue Nov 17 20:18:17 2020 MANAGEMENT: CMD 'proxy HTTP x.x.x.x 8443'
Tue Nov 17 20:18:18 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Nov 17 20:18:18 2020 Attempting to establish TCP connection with [AF_INET]x.x.x.x:8443 [nonblock]
Tue Nov 17 20:18:18 2020 MANAGEMENT: >STATE:1605662298,TCP_CONNECT,,,,,,
Tue Nov 17 20:18:19 2020 TCP connection established with [AF_INET]x.x.x.x:8443
Tue Nov 17 20:18:19 2020 Send to HTTP proxy: 'CONNECT x.x.x.x:8443 HTTP/1.0'
Tue Nov 17 20:18:19 2020 recv_line: TCP port read failed on recv()
Tue Nov 17 20:18:19 2020 SIGUSR1[soft,init_instance] received, process restarting
Tue Nov 17 20:18:19 2020 MANAGEMENT: >STATE:1605662299,RECONNECTING,init_instance,,,,,
Tue Nov 17 20:18:19 2020 Restart pause, 5 second(s)
Tue Nov 17 20:18:24 2020 MANAGEMENT: CMD 'proxy HTTP x.x.x.x 8443'
Tue Nov 17 20:18:25 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Nov 17 20:18:25 2020 Attempting to establish TCP connection with [AF_INET]x.x.x.x:8443 [nonblock]
Tue Nov 17 20:18:25 2020 MANAGEMENT: >STATE:1605662305,TCP_CONNECT,,,,,,
Tue Nov 17 20:18:26 2020 TCP connection established with [AF_INET]x.x.x.x:8443
Tue Nov 17 20:18:26 2020 Send to HTTP proxy: 'CONNECT x.x.x.x:8443 HTTP/1.0'
Tue Nov 17 20:18:26 2020 recv_line: TCP port read failed on recv()
Tue Nov 17 20:18:26 2020 SIGUSR1[soft,init_instance] received, process restarting
Tue Nov 17 20:18:26 2020 MANAGEMENT: >STATE:1605662306,RECONNECTING,init_instance,,,,,
Tue Nov 17 20:18:26 2020 Restart pause, 5 second(s)
Tue Nov 17 20:18:30 2020 SIGTERM[hard,init_instance] received, process exiting
Tue Nov 17 20:18:30 2020 MANAGEMENT: >STATE:1605662310,EXITING,init_instance,,,,,

And it just repeats

XG Log:

SFV2C4MSP_SO01_SFOS 18.0.1 MR-1-Build396# tail -f /log/sslvpn.log

Tue Nov 17 15:34:17 2020 [6127] ::ffff: x.x.x.x Connection reset, restarting [0]

Tue Nov 17 15:34:17 2020 [6127] ::ffff: x.x.x.x SIGUSR1[soft,connection-reset] received, client-instance restarting

Tue Nov 17 15:34:23 2020 [6127] TCP connection established with [AF_INET6]::ffff:x.x.x.x:64744

Tue Nov 17 15:34:24 2020 [6127] ::ffff:x.x.x.x WARNING: Bad encapsulated packet length from peer (17231), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

Tue Nov 17 15:34:24 2020 [6127] ::ffff:x.x.x.x Connection reset, restarting [0]

Tue Nov 17 15:34:24 2020 [6127] ::ffff:x.x.x.x SIGUSR1[soft,connection-reset] received, client-instance restarting

Tue Nov 17 15:34:29 2020 [6127] TCP connection established with [AF_INET6]::ffff:x.x.x.x:64745

Tue Nov 17 15:34:30 2020 [6127] ::ffff:x.x.x.x WARNING: Bad encapsulated packet length from peer (17231), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

Tue Nov 17 15:34:30 2020 [6127] ::ffff:x.x.x.x Connection reset, restarting [0]

Tue Nov 17 15:34:30 2020 [6127] ::ffff:x.x.x.x SIGUSR1[soft,connection-reset] received, client-instance restarting

And it just keep repeating. 

Any thoughts? 



This thread was automatically locked due to age.
Parents Reply Children
No Data