Sophos XG-105 SSL VPN not working for new users

Question

Hi. Something weird is happening in my SSL VPN connections. 
 One OLD users sais me that he can't connect because of wrong credentials (that sais the log), the other users can do the connection. 
 To check, I tried to add a new user to VPN, without luck, the same causistics as metioned OLD user. 
 I don't undertand why OLD users except one can connect and new users can't. 
 I've check the configuration a million times (and I insist, almost all OLD users are working like a charm). 
 client Log: 
 Mon May 02 11:02:49 2022 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Mon May 02 11:02:49 2022 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mon May 02 11:02:49 2022 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key Mon May 02 11:02:49 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Mon May 02 11:02:49 2022 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Mon May 02 11:02:49 2022 [Appliance_Certificate_pOqpfvkVunGTfTP] Peer Connection Initiated with [AF_INET] Mon May 02 11:02:50 2022 MANAGEMENT: >STATE:1651482170,GET_CONFIG,,,,,, Mon May 02 11:02:51 2022 SENT CONTROL [Appliance_Certificate_pOqpfvkVunGTfTP]: 'PUSH_REQUEST' (status=1) Mon May 02 11:02:51 2022 AUTH: Received control message: AUTH_FAILED Mon May 02 11:02:51 2022 SIGUSR1[soft,auth-failure] received, process restarting Mon May 02 11:02:51 2022 MANAGEMENT: >STATE:1651482171,RECONNECTING,auth-failure,,,,, Mon May 02 11:02:51 2022 Restart pause, 5 second(s) Mon May 02 11:02:51 2022 MANAGEMENT: CMD 'auth-retry none' Mon May 02 11:02:56 2022 Socket Buffers: R=[65536->65536] S=[65536->65536] Mon May 02 11:02:56 2022 Attempting to establish TCP connection with [AF_INET] [nonblock] Mon May 02 11:02:56 2022 MANAGEMENT: >STATE:1651482176,TCP_CONNECT,,,,,, Mon May 02 11:02:57 2022 TCP connection established with [AF_INET] Mon May 02 11:02:57 2022 TCPv4_CLIENT link local: [undef] Mon May 02 11:02:57 2022 TCPv4_CLIENT link remote: [AF_INET] Mon May 02 11:02:57 2022 MANAGEMENT: >STATE:1651482177,WAIT,,,,,, Mon May 02 11:02:57 2022 MANAGEMENT: >STATE:1651482177,AUTH,,,,,,

Firewall log: 
 Autenticaci&oacute;nmessageid="17711" log_type="Event" log_component="SSL VPN Authentication" log_subtype="Authentication" status="Failed" user="prueba" user_group="" client_used="N/A" auth_mechanism="Local" reason="wrong credentials" src_ip="" message="User prueba failed to login to SSLVPN through Local authentication mechanism because of wrong credentials" name="" src_mac="" 
 
 IP HIDED. 
 
 Can anyone help me?

Vishal_R · Answer

Hi Carlos Buitrago : Thank you for reaching out to the Sophos community team. Around the above time if you check the Authentication Live Log Viewer logs what is the error message appearing there for that user? if it is indicating the "Max Log limited reached" then please check &ldquo;Simultaneous logins&rdquo; limits for the user and if &ldquo;use global setting&rdquo; is selected also verify &ldquo;simultaneous logins&rdquo; for Global settings. If there is X number of simultaneous login is selected and the user is already login for that X number of times then one possible reason "AUTH_FAILED" may appear. If the above is not the case, then on the XG end SSL VPN and authentication (access_server.log) services in debug mode may give further hints on what causes AUTH to fail along with end-user side logs. Also if the issue is reproducible all the time by adding a new user as well then you may log a support case to have the next investigation on the same.

Sophos XG-105 SSL VPN not working for new users

Top Replies

Submitted a Tech Support Case lately from the Support Portal?