Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1147 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

(SSL VPN remote access) I can't access my laptop from my hotspot mobile !

Zidane

Dear Sophos Community,

Good Day,

I have Sophos XG125 and I configured the (SSL VPN remote access) step-by-step correctly !

The problem is when I tried to connect from my home router station (WIFI or Wired) it's working and connecting succeeded from my laptop !
But from short time not long I also connecting my laptop from my mobile hotspot 4G that was also working as well but in this moment I have a problem with this>>

I tried to connect my laptop from multiple several devices as a Hotspot with a different (ISP) and persist not to connect or access 

From hand to another I have also Sophos XG210 and I configured the (SSL VPN remote access) step-by-step correctly same same XG125 ! but with different area and different (ISP) !!  Now with the same VPN remote access on my laptop but another user configured for sure, it's working very well from my home and my mobile hotspot on my laptop !


any suggestion ? 

  



This thread was automatically locked due to age.
Parents
  • 0

    Check VPN-Log (from CLI) or take a tcpdump to check if packets reaching your firewall.

    Possible someone blocks connections from mobile ip ranges as there are thousands of devices behind one public IP.
    Is there an additional device between ISP-Router and XG?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    First of all thank you for sharing your advice with me>>

    Now about to check VPN_LOG (from CLI) or take TCPdump to check if packets reaching our Firewall, I will check-up but I guess there's no connection before sending any packets because the {Sophos SSL VPN Ethernet adapter} keeping DOWN and that should be taken into consideration !

    Otherwise there's no devices between ISP-Router and Our XG-Firewall ! 

    Please have a look at the log-file>>

    Thu May 12 09:18:24 2022 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
    Thu May 12 09:18:24 2022 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Enter Management Password:
    Thu May 12 09:18:24 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
    Thu May 12 09:18:24 2022 Need hold release from management interface, waiting...
    Thu May 12 09:18:25 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
    Thu May 12 09:18:25 2022 MANAGEMENT: CMD 'state on'
    Thu May 12 09:18:25 2022 MANAGEMENT: CMD 'log all on'
    Thu May 12 09:18:25 2022 MANAGEMENT: CMD 'hold off'
    Thu May 12 09:18:25 2022 MANAGEMENT: CMD 'hold release'
    Thu May 12 09:18:35 2022 MANAGEMENT: CMD 'username "Auth" "******"'
    Thu May 12 09:18:35 2022 MANAGEMENT: CMD 'password [...]'
    Thu May 12 09:18:35 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Thu May 12 09:18:35 2022 Attempting to establish TCP connection with [AF_INET] #####:8443 [nonblock]
    Thu May 12 09:18:35 2022 MANAGEMENT: >STATE:1652336315,TCP_CONNECT,,,,,,
    Thu May 12 09:18:36 2022 TCP connection established with [AF_INET] ######:8443
    Thu May 12 09:18:36 2022 TCPv4_CLIENT link local: [undef]
    Thu May 12 09:18:36 2022 TCPv4_CLIENT link remote: [AF_INET] #####:8443
    Thu May 12 09:18:36 2022 MANAGEMENT: >STATE:1652336316,WAIT,,,,,,
    Thu May 12 09:18:37 2022 MANAGEMENT: >STATE:1652336317,AUTH,,,,,,
    Thu May 12 09:18:37 2022 TLS: Initial packet from [AF_INET ] ##### :8443, sid=d2760b34 6fbf278c
    Thu May 12 09:18:37 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Thu May 12 09:19:20 2022 VERIFY OK: depth=1, C= #####, ST=NA, L=NA, O= #####, OU=OU, CN=Sophos_CA_##### , emailAddress=#####
    Thu May 12 09:19:20 2022 VERIFY X509NAME OK: C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_#####, emailAddress=#####
    Thu May 12 09:19:20 2022 VERIFY OK: depth=0, C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Appliance_Certificate_#####, emailAddress=#####
    Thu May 12 09:19:36 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Thu May 12 09:19:36 2022 TLS Error: TLS handshake failed
    Thu May 12 09:19:36 2022 Fatal TLS error (check_tls_errors_co), restarting
    Thu May 12 09:19:36 2022 SIGUSR1[soft,tls-error] received, process restarting
    Thu May 12 09:19:36 2022 MANAGEMENT: >STATE:#####,RECONNECTING,tls-error,,,,,
    Thu May 12 09:19:36 2022 Restart pause, 5 second(s)
    Thu May 12 09:19:41 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Thu May 12 09:19:41 2022 Attempting to establish TCP connection with [AF_INET] #####:8443 [nonblock]
    Thu May 12 09:19:41 2022 MANAGEMENT: >STATE:1652336381,TCP_CONNECT,,,,,,
    Thu May 12 09:19:45 2022 SIGTERM[hard,init_instance] received, process exiting
    Thu May 12 09:19:45 2022 MANAGEMENT: >STATE:1652336385,EXITING,init_instance,,,,,

  • 0 in reply to Zidane

    TCP 8443 is a widely used HTTPs port. Possible the Mobile-ISP try to "optimize" these Traffic.

    I would try to use TCP 1194 for these connection. This port is a known OVPN port and nobody should "accidentally" change this traffic.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • 0 in reply to Zidane

    TCP 8443 is a widely used HTTPs port. Possible the Mobile-ISP try to "optimize" these Traffic.

    I would try to use TCP 1194 for these connection. This port is a known OVPN port and nobody should "accidentally" change this traffic.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?