Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 3124 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN frequent Disconnect

NOC F1SOFT

Hello All

We are facing issue with SSL VPN with frequent Disconnect. It is affecting our Day to Day work. 300-400 people are depended on vpn.

Kindly help to solve this issue. 

Model = XG310

Firmware Version = SFOS 19.0.0 GA-Build317

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Hi NOC FISOFT,

    You can also provide us with any error message users get when they are disconnected. Users are always presented with different error messages when they disconnect.

    Also checking the sslvpn.log and clientless_access.log then grep with the username can also provide more information while enabling debug.

    Regards,

    Kingsley

  • 0 in reply to Kingsley Okeke

    Hello

    This are logs on user side. they got disconnect while working on VPN

    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.240.0.0 x.x.x.1
    Wed Aug 24 09:31:34 2022 Route addition via service succeeded
    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.0.0 x.x.x.1
    Wed Aug 24 09:31:35 2022 Route addition via service succeeded
    Wed Aug 24 09:31:35 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.255.255 x.x.x.x
    Wed Aug 24 09:31:35 2022 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=19]
    Wed Aug 24 09:31:35 2022 Route addition via service failed
    Wed Aug 24 09:31:35 2022 Initialization Sequence Completed
    Wed Aug 24 09:31:35 2022 MANAGEMENT: >STATE:1661312795,CONNECTED,SUCCESS,x.x.x.178,x.x.x.x,8443,x.x.x.x,60181
    Wed Aug 24 17:31:28 2022 VERIFY OK: depth=1, C=NP, ST=Not applicable, L=XXXXX, O=XXXXX Pvt Ltd, OU=OU, CN=Sophos_CA_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:28 2022 VERIFY X509NAME OK: C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_C320ABWHF4P2M31, emailAddress=noc@XXXX
    Wed Aug 24 17:31:28 2022 VERIFY OK: depth=0, C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:30 2022 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Wed Aug 24 17:31:30 2022 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:30 2022 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Wed Aug 24 17:31:30 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:30 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Wed Aug 24 17:31:45 2022 Connection reset, restarting [0]
    Wed Aug 24 17:31:45 2022 SIGUSR1[soft,connection-reset] received, process restarting
    Wed Aug 24 17:31:45 2022 MANAGEMENT: >STATE:1661341605,RECONNECTING,connection-reset,,,,,
    Wed Aug 24 17:31:45 2022 Restart pause, 5 second(s)
    Wed Aug 24 17:31:50 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Wed Aug 24 17:31:50 2022 Attempting to establish TCP connection with [AF_INET]x.x.x.x:8443 [nonblock]
    Wed Aug 24 17:31:50 2022 MANAGEMENT: >STATE:1661341610,TCP_CONNECT,,,,,,
    Wed Aug 24 17:31:51 2022 TCP connection established with [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:51 2022 TCPv4_CLIENT link local: [undef]
    Wed Aug 24 17:31:51 2022 TCPv4_CLIENT link remote: [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:51 2022 MANAGEMENT: >STATE:1661341611,WAIT,,,,,,
    Wed Aug 24 17:31:51 2022 MANAGEMENT: >STATE:1661341611,AUTH,,,,,,
    Wed Aug 24 17:31:51 2022 TLS: Initial packet from [AF_INET]x.x.x.x:8443, sid=4a152aa9 731cf275
    Wed Aug 24 17:31:51 2022 VERIFY OK: depth=1, C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=Sophos_CA_XXXX, emailAddress=noc@f1soft.com
    Wed Aug 24 17:31:51 2022 VERIFY X509NAME OK: C=NP, ST=Not applicable, L=XXXX, O=XXXX Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=noc@XXXX
    Wed Aug 24 17:31:51 2022 VERIFY OK: depth=0, C=NP, ST=Not applicable, L=XXXX, O=XXXX, OU=OU, CN=SophosApplianceCertificate_XXXX, emailAddress=XXXX


    Wed Aug 24 17:31:54 2022 Data Channel Encrypt: Cipher 'XXX' initialized with 128 bit key
    Wed Aug 24 17:31:54 2022 Data Channel Encrypt: Using 256 bit message hash 'XXX' for HMAC authentication
    Wed Aug 24 17:31:54 2022 Data Channel Decrypt: Cipher 'XXX' initialized with 128 bit key
    Wed Aug 24 17:31:54 2022 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Wed Aug 24 17:31:54 2022 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Wed Aug 24 17:31:54 2022 [SophosApplianceCertificate_XXXX] Peer Connection Initiated with [AF_INET]x.x.x.x:8443
    Wed Aug 24 17:31:55 2022 MANAGEMENT: >STATE:1661341615,GET_CONFIG,,,,,,
    Wed Aug 24 17:31:56 2022 SENT CONTROL [SophosApplianceCertificate_XXXX]: 'PUSH_REQUEST' (status=1)
    Wed Aug 24 17:31:56 2022 AUTH: Received control message: AUTH_FAILED
    Wed Aug 24 17:31:56 2022 SIGUSR1[soft,auth-failure] received, process restarting
    Wed Aug 24 17:31:56 2022 MANAGEMENT: >STATE:1661341616,RECONNECTING,auth-failure,,,,,
    Wed Aug 24 17:31:56 2022 Restart pause, 5 second(s)

  • 0 in reply to NOC F1SOFT

    Try the following kba: SSL VPN clients are unable to synchronize with updates to Permitted networks and Idle time-out in remote access SSL VPN policies - https://support.sophos.com/support/s/article/KB-000041768?language=en_US

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    they are in different subnet and i have checked that hba and updated ip lease range as mentioned their

  • 0 in reply to Vivek Jagad

    i will try this and will update tomorrow

  • 0 in reply to NOC F1SOFT

    Hi NOC F1SOFT 

    Try to troubleshoot the issue with the latest firmware version available now 

    Please refer the below link to check the details : https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v19-mr1-re_2d00_release-build-365-is-now-available 

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to NOC F1SOFT
    NOC F1SOFT said:

    Hello

    This are logs on user side. they got disconnect while working on VPN

    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.240.0.0 x.x.x.1
    Wed Aug 24 09:31:34 2022 Route addition via service succeeded
    Wed Aug 24 09:31:34 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.0.0 x.x.x.1
    Wed Aug 24 09:31:35 2022 Route addition via service succeeded
    Wed Aug 24 09:31:35 2022 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.255.255 x.x.x.x
    Wed Aug 24 09:31:35 2022 ROUTE: route addition failed using service: The object already exists. [status=5010 if_index=19]
    Wed Aug 24 09:31:35 2022 Route addition via service failed
    Wed Aug 24 09:31:35 2022 Initialization Sequence Completed
    Wed Aug 24 09:31:35 2022 MANAGEMENT: >STATE:1661312795,CONNECTED,SUCCESS,x.x.x.178,x.x.x.x,8443,x.x.x.x,60181
    Wed Aug 24 17:31:28 2022 VERIFY OK: depth=1, C=NP, ST=Not applicable, L=Kathmandu, O=F1 Soft Internation Pvt Ltd, OU=OU, CN=Sophos_CA_C320ABWHF4P2M31, emailAddress=noc@f1soft.com
    Wed Aug 24 17:31:28 2022 VERIFY X509NAME OK: C=NP, ST=Not applicable, L=Kathmandu, O=F1 Soft Internation Pvt Ltd, OU=OU, CN=SophosApplianceCertificate_C320ABWHF4P2M31, emailAddress=noc@f1soft.com

    Hi  NOC F1SOFT 

    Please edit this post as it still exposes your company details as well as appliance details

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    - Could you please share the server logs at the time of issue. Looks like there's a RESET being initiated from the Server after 8 hrs of connection being on.

  • 0 in reply to Giridhar Katti

    do you use UDP? Check if user - ISP assign a real IP4 address or a private IP ...


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    I use TCP for VPN connection

  • 0 in reply to NOC F1SOFT

    Hi  - Could you please share the server side logs when the client disconnects ? From the earlier logs, we see that client is getting disconnected because of a soft reset received from the server.

  • 0 in reply to Giridhar Katti

    Every time client get disconnected we soft reset received from the server.

Reply Children
No Data
Unfiltered HTML