Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 3126 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN frequent Disconnect

NOC F1SOFT

Hello All

We are facing issue with SSL VPN with frequent Disconnect. It is affecting our Day to Day work. 300-400 people are depended on vpn.

Kindly help to solve this issue. 

Model = XG310

Firmware Version = SFOS 19.0.0 GA-Build317

Thank you



This thread was automatically locked due to age.
  • 0

    Hello ,

    Thank you for reaching out to the community. please follow the KBA below for troubleshooting:
    Troubleshoot SSL VPN: https://support.sophos.com/support/s/article/KB-000036884?language=en_US
    > Also check the disk usage under the ssh menu > press 4 for the device console:
    console> system diagnostics show disk

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Disk Utilization is

    console> system diagnostics show disk
    Partition Utilization(%)
    ===============================
    configuration 30%
    content 2%
    report 59%
    console>

    And i have already troubleshoot guide provided by you.

    I am using Sophos SSL VPN since 2018 for our staff. But now a days we are facing frequent disconnect issue. I thought SSL VPN ipv4 lease is not sufficient so i changed from /24 to /23 still issue is not solved.

    Issue is like i am using vpn continuously but is disconnected while using.

    If you have any idea to solve this issue plz guide me.

    Thank you 

  • 0 in reply to NOC F1SOFT

    Hey ,

    So the issue started suddenly? Did you face the issue in the previous firmware or only after upgrading to SFOS v19 GA? Where any changes made recently ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    There was issue in previous firmware too but not as much of now. Now adays we are getting lots of complain about vpn disconnect while using. It is clear that all the configuration are correct because everyone can connect vpn and access provided resources.

    lots of complain about VPN disconnect while working with VPN.

  • 0 in reply to NOC F1SOFT

    Can you share the client logs for those users who are facing the disconnection ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    I will Share all troublesome client, once i got issue reported by them till tomorrow.

  • 0

    Hi NOC FISOFT,

    You can also provide us with any error message users get when they are disconnected. Users are always presented with different error messages when they disconnect.

    Also checking the sslvpn.log and clientless_access.log then grep with the username can also provide more information while enabling debug.

    Regards,

    Kingsley

  • 0 in reply to Kingsley Okeke

    Hello

    This is client log

    Wed Aug 24 17:27:17 2022 MANAGEMENT: Client disconnected
    Wed Aug 24 17:27:17 2022 ERROR: could not read Auth username/password/ok/string from management interface
    Wed Aug 24 17:27:17 2022 Exiting due to fatal error
    Wed Aug 24 17:27:17 2022 C:\WINDOWS\system32\route.exe DELETE x.x.x.x MASK 255.255.0.0 x.x.x.x
    Wed Aug 24 17:27:17 2022 Route deletion via service succeeded
    Wed Aug 24 17:27:17 2022 C:\WINDOWS\system32\route.exe DELETE x.x.x.x MASK 255.240.0.0 x.x.x.x
    Wed Aug 24 17:27:17 2022 Route deletion via service succeeded
    Wed Aug 24 17:27:17 2022 C:\WINDOWS\system32\route.exe DELETE x.x.x.x MASK 255.255.255.0 x.x.x.x
    Wed Aug 24 17:27:17 2022 Route deletion via service succeeded
    Wed Aug 24 17:27:17 2022 C:\WINDOWS\system32\route.exe DELETE x.x.x.x MASK 255.0.0.0 x.x.x.x
    Wed Aug 24 17:27:17 2022 Route deletion via service succeeded
    Wed Aug 24 17:27:17 2022 C:\WINDOWS\system32\route.exe DELETE x.x.x.x MASK 255.255.255.255 x.x.x.x
    Wed Aug 24 17:27:17 2022 Route deletion via service succeeded
    Wed Aug 24 17:27:17 2022 Closing TUN/TAP interface

  • 0 in reply to NOC F1SOFT

    Hello ,

    Can you check the user settings under the authentication > user > <whoever the user is> 
    Check if MAC binding is not enabled, if yes then disable it and also check the simultaneous logins > see if it is not limited > change it to Unlimited and then check the results !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Kingsley Okeke

    Hello

    This are logs on user side. they got disconnect while working on VPN

    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.240.0.0 x.x.x.1
    Wed Aug 24 09:31:34 2022 Route addition via service succeeded
    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.0.0 x.x.x.1
    Wed Aug 24 09:31:35 2022 Route addition via service succeeded
    Wed Aug 24 09:31:35 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.255.255 x.x.x.x
    Wed Aug 24 09:31:35 2022 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=19]
    Wed Aug 24 09:31:35 2022 Route addition via service failed
    Wed Aug 24 09:31:35 2022 Initialization Sequence Completed
    Wed Aug 24 09:31:35 2022 MANAGEMENT: >STATE:1661312795,CONNECTED,SUCCESS,x.x.x.178,x.x.x.x,8443,x.x.x.x,60181
    Wed Aug 24 17:31:28 2022 VERIFY OK: depth=1, C=NP, ST=Not applicable, L=XXXXX, O=XXXXX Pvt Ltd, OU=OU, CN=Sophos_CA_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:28 2022 VERIFY X509NAME OK: C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_C320ABWHF4P2M31, emailAddress=noc@XXXX
    Wed Aug 24 17:31:28 2022 VERIFY OK: depth=0, C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:30 2022 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Wed Aug 24 17:31:30 2022 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:30 2022 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Wed Aug 24 17:31:30 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:30 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Wed Aug 24 17:31:45 2022 Connection reset, restarting [0]
    Wed Aug 24 17:31:45 2022 SIGUSR1[soft,connection-reset] received, process restarting
    Wed Aug 24 17:31:45 2022 MANAGEMENT: >STATE:1661341605,RECONNECTING,connection-reset,,,,,
    Wed Aug 24 17:31:45 2022 Restart pause, 5 second(s)
    Wed Aug 24 17:31:50 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Wed Aug 24 17:31:50 2022 Attempting to establish TCP connection with [AF_INET]x.x.x.x:8443 [nonblock]
    Wed Aug 24 17:31:50 2022 MANAGEMENT: >STATE:1661341610,TCP_CONNECT,,,,,,
    Wed Aug 24 17:31:51 2022 TCP connection established with [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:51 2022 TCPv4_CLIENT link local: [undef]
    Wed Aug 24 17:31:51 2022 TCPv4_CLIENT link remote: [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:51 2022 MANAGEMENT: >STATE:1661341611,WAIT,,,,,,
    Wed Aug 24 17:31:51 2022 MANAGEMENT: >STATE:1661341611,AUTH,,,,,,
    Wed Aug 24 17:31:51 2022 TLS: Initial packet from [AF_INET]x.x.x.x:8443, sid=4a152aa9 731cf275
    Wed Aug 24 17:31:51 2022 VERIFY OK: depth=1, C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=Sophos_CA_XXXX, emailAddress=noc@f1soft.com
    Wed Aug 24 17:31:51 2022 VERIFY X509NAME OK: C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:51 2022 VERIFY OK: depth=0, C=NP, ST=Not applicable, L=XXXX, O=XXXX, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=XXXX


    Wed Aug 24 17:31:54 2022 Data Channel Encrypt: Cipher 'XXX' initialized with 128 bit key
    Wed Aug 24 17:31:54 2022 Data Channel Encrypt: Using 256 bit message hash 'XXX' for HMAC authentication
    Wed Aug 24 17:31:54 2022 Data Channel Decrypt: Cipher 'XXX' initialized with 128 bit key
    Wed Aug 24 17:31:54 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:54 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Wed Aug 24 17:31:54 2022 [SophosApplianceCertificate_XXXX] Peer Connection Initiated with [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:55 2022 MANAGEMENT: >STATE:1661341615,GET_CONFIG,,,,,,
    Wed Aug 24 17:31:56 2022 SENT CONTROL [SophosApplianceCertificate_XXXX]: 'PUSH_REQUEST' (status=1)
    Wed Aug 24 17:31:56 2022 AUTH: Received control message: AUTH_FAILED
    Wed Aug 24 17:31:56 2022 SIGUSR1[soft,auth-failure] received, process restarting
    Wed Aug 24 17:31:56 2022 MANAGEMENT: >STATE:1661341616,RECONNECTING,auth-failure,,,,,
    Wed Aug 24 17:31:56 2022 Restart pause, 5 second(s)

Unfiltered HTML