Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG-105 SSL VPN not working for new users

Carlos Buitrago

Hi. Something weird is happening in my SSL VPN connections.

One OLD users sais me that he can't connect because of wrong credentials (that sais the log), the other users can do the connection.

To check, I tried to add a new user to VPN, without luck, the same causistics as metioned OLD user.

I don't undertand why OLD users except one can connect and new users can't.

I've check the configuration a million times (and I insist, almost all OLD users are working like a charm).

client Log:

Mon May 02 11:02:49 2022 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon May 02 11:02:49 2022 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon May 02 11:02:49 2022 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon May 02 11:02:49 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon May 02 11:02:49 2022 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon May 02 11:02:49 2022 [Appliance_Certificate_pOqpfvkVunGTfTP] Peer Connection Initiated with [AF_INET]
Mon May 02 11:02:50 2022 MANAGEMENT: >STATE:1651482170,GET_CONFIG,,,,,,
Mon May 02 11:02:51 2022 SENT CONTROL [Appliance_Certificate_pOqpfvkVunGTfTP]: 'PUSH_REQUEST' (status=1)
Mon May 02 11:02:51 2022 AUTH: Received control message: AUTH_FAILED
Mon May 02 11:02:51 2022 SIGUSR1[soft,auth-failure] received, process restarting
Mon May 02 11:02:51 2022 MANAGEMENT: >STATE:1651482171,RECONNECTING,auth-failure,,,,,
Mon May 02 11:02:51 2022 Restart pause, 5 second(s)
Mon May 02 11:02:51 2022 MANAGEMENT: CMD 'auth-retry none'
Mon May 02 11:02:56 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon May 02 11:02:56 2022 Attempting to establish TCP connection with [AF_INET] [nonblock]
Mon May 02 11:02:56 2022 MANAGEMENT: >STATE:1651482176,TCP_CONNECT,,,,,,
Mon May 02 11:02:57 2022 TCP connection established with [AF_INET]
Mon May 02 11:02:57 2022 TCPv4_CLIENT link local: [undef]
Mon May 02 11:02:57 2022 TCPv4_CLIENT link remote: [AF_INET]
Mon May 02 11:02:57 2022 MANAGEMENT: >STATE:1651482177,WAIT,,,,,,
Mon May 02 11:02:57 2022 MANAGEMENT: >STATE:1651482177,AUTH,,,,,,

Firewall log:

Autenticaciónmessageid="17711" log_type="Event" log_component="SSL VPN Authentication"
log_subtype="Authentication" status="Failed" user="prueba" user_group=""
client_used="N/A" auth_mechanism="Local" reason="wrong credentials" src_ip="" message="User prueba failed to login to SSLVPN through Local authentication mechanism because of wrong credentials"
name="" src_mac=""

IP HIDED.

Can anyone help me?



This thread was automatically locked due to age.
Parents
  • 0

    Hi : Thank you for reaching out to the Sophos community team. Around the above time if you check the Authentication Live Log Viewer logs what is the error message appearing there for that user? if it is indicating the "Max Log limited reached" then please check “Simultaneous logins” limits for the user and if “use global setting” is selected also verify “simultaneous logins” for Global settings.

    If there is X number of simultaneous login is selected and the user is already login for that X number of times then one possible reason "AUTH_FAILED" may appear.

    If the above is not the case, then on the XG end SSL VPN and authentication (access_server.log) services in debug mode may give further hints on what causes AUTH to fail along with end-user side logs.

    Also if the issue is reproducible all the time by adding a new user as well then you may log a support case to have the next investigation on the same.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • 0

    Hi : Thank you for reaching out to the Sophos community team. Around the above time if you check the Authentication Live Log Viewer logs what is the error message appearing there for that user? if it is indicating the "Max Log limited reached" then please check “Simultaneous logins” limits for the user and if “use global setting” is selected also verify “simultaneous logins” for Global settings.

    If there is X number of simultaneous login is selected and the user is already login for that X number of times then one possible reason "AUTH_FAILED" may appear.

    If the above is not the case, then on the XG end SSL VPN and authentication (access_server.log) services in debug mode may give further hints on what causes AUTH to fail along with end-user side logs.

    Also if the issue is reproducible all the time by adding a new user as well then you may log a support case to have the next investigation on the same.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?