hi everyone, we have been using sophos firewalls for a few months now and they work perfectly.
all users are able to connect safely in vpn and work remotely. There is one of our external collaborators who can't connect, he gets a connection error (I'll post the log file below).obviously the procedures for creating accounts and associated groups are the same as those that work. firewall is updated to the latest version.
Fri Jun 04 16:15:16 2021 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Fri Jun 04 16:15:16 2021 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Fri Jun 04 16:15:16 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Fri Jun 04 16:15:16 2021 Need hold release from management interface, waiting...
Fri Jun 04 16:15:16 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Fri Jun 04 16:15:16 2021 MANAGEMENT: CMD 'state on'
Fri Jun 04 16:15:16 2021 MANAGEMENT: CMD 'log all on'
Fri Jun 04 16:15:16 2021 MANAGEMENT: CMD 'hold off'
Fri Jun 04 16:15:16 2021 MANAGEMENT: CMD 'hold release'
Fri Jun 04 16:15:31 2021 MANAGEMENT: CMD 'username "Auth" "tecnosilos"'
Fri Jun 04 16:15:31 2021 MANAGEMENT: CMD 'password [...]'
Fri Jun 04 16:15:31 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jun 04 16:15:31 2021 Attempting to establish TCP connection with [AF_INET]109.73.88.149:8443 [nonblock]
Fri Jun 04 16:15:31 2021 MANAGEMENT: >STATE:1622816131,TCP_CONNECT,,,,,,
Fri Jun 04 16:15:32 2021 TCP connection established with [AF_INET]109.73.88.149:8443
Fri Jun 04 16:15:32 2021 TCPv4_CLIENT link local: [undef]
Fri Jun 04 16:15:32 2021 TCPv4_CLIENT link remote: [AF_INET]109.73.88.149:8443
Fri Jun 04 16:15:32 2021 MANAGEMENT: >STATE:1622816132,WAIT,,,,,,
Fri Jun 04 16:15:32 2021 MANAGEMENT: >STATE:1622816132,AUTH,,,,,,
Fri Jun 04 16:15:32 2021 TLS: Initial packet from [AF_INET]109.73.88.149:8443, sid=4758463c 44a5ced6
Fri Jun 04 16:15:32 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jun 04 16:15:33 2021 VERIFY OK: depth=1, C=IT, ST=AN, L=Jesi, O=Cooperlat Societa Cooperativa, OU=OU, CN=Sophos_CA_C1A0CA7M8BYRY44, emailAddress=alessandro.palmieri@gruppofilippetti.it
Fri Jun 04 16:15:33 2021 VERIFY X509NAME OK: C=IT, ST=AN, L=Jesi, O=Cooperlat Societa Cooperativa, OU=OU, CN=SophosApplianceCertificate_C1A0CA7M8BYRY44, emailAddress=alessandro.palmieri@gruppofilippetti.it
Fri Jun 04 16:15:33 2021 VERIFY OK: depth=0, C=IT, ST=AN, L=Jesi, O=Cooperlat Societa Cooperativa, OU=OU, CN=SophosApplianceCertificate_C1A0CA7M8BYRY44, emailAddress=alessandro.palmieri@gruppofilippetti.it
Fri Jun 04 16:15:34 2021 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Jun 04 16:15:34 2021 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jun 04 16:15:34 2021 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Jun 04 16:15:34 2021 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jun 04 16:15:34 2021 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Jun 04 16:15:34 2021 [SophosApplianceCertificate_C1A0CA7M8BYRY44] Peer Connection Initiated with [AF_INET]109.73.88.149:8443
Fri Jun 04 16:15:35 2021 MANAGEMENT: >STATE:1622816135,GET_CONFIG,,,,,,
Fri Jun 04 16:15:36 2021 SENT CONTROL [SophosApplianceCertificate_C1A0CA7M8BYRY44]: 'PUSH_REQUEST' (status=1)
Fri Jun 04 16:15:38 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.81.234.5,sndbuf 0,rcvbuf 0,sndbuf 0,rcvbuf 0,ping 45,ping-restart 180,route 172.16.120.0 255.255.255.0,route 172.16.110.0 255.255.255.0,route 172.16.120.0 255.255.255.0,topology subnet,route remote_host 255.255.255.255 net_gateway,inactive 900 7680,dhcp-option DNS 172.16.110.104,dhcp-option DNS 172.16.120.1,dhcp-option DOMAIN salpa.locale,ifconfig 10.81.234.6 255.255.255.0'
Fri Jun 04 16:15:38 2021 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jun 04 16:15:38 2021 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Jun 04 16:15:38 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jun 04 16:15:38 2021 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jun 04 16:15:38 2021 OPTIONS IMPORT: route options modified
Fri Jun 04 16:15:38 2021 OPTIONS IMPORT: route-related options modified
Fri Jun 04 16:15:38 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jun 04 16:15:38 2021 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=17 HWADDR=00:1b:1b:bf:f9:fe
Fri Jun 04 16:15:38 2021 open_tun, tt->ipv6=0
Fri Jun 04 16:15:38 2021 TAP-WIN32 device [Talk2m-eCatcher] opened: \\.\Global\{B90034ED-221A-4484-9E26-24BFE29CDC64}.tap
Fri Jun 04 16:15:38 2021 TAP-Windows Driver Version 9.21
Fri Jun 04 16:15:39 2021 NETSH: C:\WINDOWS\system32\netsh.exe interface ip set address Talk2m-eCatcher dhcp
Fri Jun 04 16:15:39 2021 ERROR: netsh command failed: returned error code 1
Fri Jun 04 16:15:44 2021 NETSH: C:\WINDOWS\system32\netsh.exe interface ip set address Talk2m-eCatcher dhcp
Fri Jun 04 16:15:44 2021 ERROR: netsh command failed: returned error code 1
Fri Jun 04 16:15:49 2021 NETSH: C:\WINDOWS\system32\netsh.exe interface ip set address Talk2m-eCatcher dhcp
Fri Jun 04 16:15:50 2021 ERROR: netsh command failed: returned error code 1
Fri Jun 04 16:15:55 2021 NETSH: C:\WINDOWS\system32\netsh.exe interface ip set address Talk2m-eCatcher dhcp
Fri Jun 04 16:15:55 2021 ERROR: netsh command failed: returned error code 1
Fri Jun 04 16:15:59 2021 MANAGEMENT: Client disconnected
Fri Jun 04 16:15:59 2021 NETSH: command failed
Fri Jun 04 16:15:59 2021 Exiting due to fatal error
This thread was automatically locked due to age.
