Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 3125 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN frequent Disconnect

NOC F1SOFT

Hello All

We are facing issue with SSL VPN with frequent Disconnect. It is affecting our Day to Day work. 300-400 people are depended on vpn.

Kindly help to solve this issue. 

Model = XG310

Firmware Version = SFOS 19.0.0 GA-Build317

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Hi NOC FISOFT,

    You can also provide us with any error message users get when they are disconnected. Users are always presented with different error messages when they disconnect.

    Also checking the sslvpn.log and clientless_access.log then grep with the username can also provide more information while enabling debug.

    Regards,

    Kingsley

  • 0 in reply to Kingsley Okeke

    Hello

    This are logs on user side. they got disconnect while working on VPN

    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.240.0.0 x.x.x.1
    Wed Aug 24 09:31:34 2022 Route addition via service succeeded
    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.0.0 x.x.x.1
    Wed Aug 24 09:31:35 2022 Route addition via service succeeded
    Wed Aug 24 09:31:35 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.255.255 x.x.x.x
    Wed Aug 24 09:31:35 2022 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=19]
    Wed Aug 24 09:31:35 2022 Route addition via service failed
    Wed Aug 24 09:31:35 2022 Initialization Sequence Completed
    Wed Aug 24 09:31:35 2022 MANAGEMENT: >STATE:1661312795,CONNECTED,SUCCESS,x.x.x.178,x.x.x.x,8443,x.x.x.x,60181
    Wed Aug 24 17:31:28 2022 VERIFY OK: depth=1, C=NP, ST=Not applicable, L=XXXXX, O=XXXXX Pvt Ltd, OU=OU, CN=Sophos_CA_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:28 2022 VERIFY X509NAME OK: C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_C320ABWHF4P2M31, emailAddress=noc@XXXX
    Wed Aug 24 17:31:28 2022 VERIFY OK: depth=0, C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:30 2022 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Wed Aug 24 17:31:30 2022 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:30 2022 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Wed Aug 24 17:31:30 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:30 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Wed Aug 24 17:31:45 2022 Connection reset, restarting [0]
    Wed Aug 24 17:31:45 2022 SIGUSR1[soft,connection-reset] received, process restarting
    Wed Aug 24 17:31:45 2022 MANAGEMENT: >STATE:1661341605,RECONNECTING,connection-reset,,,,,
    Wed Aug 24 17:31:45 2022 Restart pause, 5 second(s)
    Wed Aug 24 17:31:50 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Wed Aug 24 17:31:50 2022 Attempting to establish TCP connection with [AF_INET]x.x.x.x:8443 [nonblock]
    Wed Aug 24 17:31:50 2022 MANAGEMENT: >STATE:1661341610,TCP_CONNECT,,,,,,
    Wed Aug 24 17:31:51 2022 TCP connection established with [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:51 2022 TCPv4_CLIENT link local: [undef]
    Wed Aug 24 17:31:51 2022 TCPv4_CLIENT link remote: [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:51 2022 MANAGEMENT: >STATE:1661341611,WAIT,,,,,,
    Wed Aug 24 17:31:51 2022 MANAGEMENT: >STATE:1661341611,AUTH,,,,,,
    Wed Aug 24 17:31:51 2022 TLS: Initial packet from [AF_INET]x.x.x.x:8443, sid=4a152aa9 731cf275
    Wed Aug 24 17:31:51 2022 VERIFY OK: depth=1, C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=Sophos_CA_XXXX, emailAddress=noc@f1soft.com
    Wed Aug 24 17:31:51 2022 VERIFY X509NAME OK: C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:51 2022 VERIFY OK: depth=0, C=NP, ST=Not applicable, L=XXXX, O=XXXX, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=XXXX


    Wed Aug 24 17:31:54 2022 Data Channel Encrypt: Cipher 'XXX' initialized with 128 bit key
    Wed Aug 24 17:31:54 2022 Data Channel Encrypt: Using 256 bit message hash 'XXX' for HMAC authentication
    Wed Aug 24 17:31:54 2022 Data Channel Decrypt: Cipher 'XXX' initialized with 128 bit key
    Wed Aug 24 17:31:54 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:54 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Wed Aug 24 17:31:54 2022 [SophosApplianceCertificate_XXXX] Peer Connection Initiated with [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:55 2022 MANAGEMENT: >STATE:1661341615,GET_CONFIG,,,,,,
    Wed Aug 24 17:31:56 2022 SENT CONTROL [SophosApplianceCertificate_XXXX]: 'PUSH_REQUEST' (status=1)
    Wed Aug 24 17:31:56 2022 AUTH: Received control message: AUTH_FAILED
    Wed Aug 24 17:31:56 2022 SIGUSR1[soft,auth-failure] received, process restarting
    Wed Aug 24 17:31:56 2022 MANAGEMENT: >STATE:1661341616,RECONNECTING,auth-failure,,,,,
    Wed Aug 24 17:31:56 2022 Restart pause, 5 second(s)

  • 0 in reply to NOC F1SOFT

    Can you check on the client machine on command prompt and execute the following command: route print
    See if the route is already there or not, If there's a route already there, there may be a chance that there are two different networks with the same IP subnet. Once you've taken care of that, you should not see the error while connecting...

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    You mean to say if one of our user1 is getting IP address 10.X.X.10 from SSL VPN DHCP lease and vpn is working fine and all resource are accessible and user2  connect ssl vpn and same 10.x.x.10 ip will be assigned to user2?

    If you mean this case than i have increased SSL VPN DHCP lease IP address to /23-- this might solve issue pointed by you.

    Am i correct on this?

  • 0 in reply to Vivek Jagad

    but if you are saying lets say i have used 192.168.100.0/24 network in our SSL VPN, avoid using same network in same firewall in any interface or on any thing on same firewall?

Reply Children
Unfiltered HTML