Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1607 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect only connects one time - Strongswan service needs to be killed and restarted to connect again

Stefan Prokopf

Hi,

i got an issue with a Windows 11 client. The Sophos Connect client using an existing IPsecVPN connection doesnt connect anymore.

On investigation i figured out, that the client connects one time after reboot - if i disconnect the session and try to connect again, the connection fails. At the Firewall i just can see an log entry with "Timeout" then. The logfile at the client tells "sophos connect befehl konnte nicht an ipsec dienst gesendet werden" (could not send command to ipsec service.

I reinstalled the Sophos Connect Service, deleted the SophosConnect Folder at programmx86, rebootet the machine and installed the client again. This didnt resolve the issue. During deinstallation, the service Strongswan coulnd be stopped.

The process charon-svc.exe needs to be killed in order to be able to stop the strongswan service.

Instead of reboot this also makes able to connect once again - after disconnect, stop strongswan service and during that try of stoping the service the process charon-svc needs to be killed. After restart of the strongswan service the connection can be established once.

Any Idea what needed to be cleaned addtional to get the Connect client again to work properly?

Thanks,

Stefan



This thread was automatically locked due to age.
  • 0

    Hi Stefan Prokopf

    Please share the Sophos XG/S firewall model number and firmware version.

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    The Model is XGS107 and the firmware is SFOS 19.0.1 MR-1-Build365 - there were no changes at the XGS and this setup was running for 2 month. Also other PCs still can connect without any of that issue via IPSecVPN

  • 0 in reply to Stefan Prokopf

    Suspecting an issue with the System ends. Try to connect the same user with another PC for a test.

    Can you share the feedback by updating Windows 11?

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    The question is - can I do any cleanup more than just deinstall and delete programmx86\Sophos Folder?

    There must be something remain bad at the system, i couldnt cleanup...

    Again: This issue just occurs after one connection did work. Then i disconnect the IPSec VPN at this client and then the connection fails. A reboot or as described above killing the service allows again to connect once. This procedure can repeated.

    The issue is the same if I use different users. I just got that issue at this specific PC. Connections at another PC with same user(s) work fine. Also at this PC the connection worke fine for month. It seems that something must happend that broke this "Strongswan" service - as i can not stop the service when the issue appears, that i cant establish a second connection after reboot.

  • 0

    You need to stop/kill the strongswan service in Windows.

    Pls try this

    1. Open the services applet. Click Start > Programs > Administrative Tools > Services. –or– Click Start > Settings > Control Panel > Administrative Tools > Services.
    2. Click on strongswan service
    3. Stop or kill the strongswan before reinstalling the SCC

    Let me know if this helps.

  • 0 in reply to Giridhar Katti

    I needed to kill the Strongswan service before process of the deinstallation works fine. So should i check after deinstallation and the reboot if the service was deinstalled?

  • 0 in reply to Stefan Prokopf

    And also again - just stopping the service doesnt work after the issue occurs. I also need to kill the process before stoping the service works. Windows otherwhise tells the service could not be stopped

  • 0 in reply to Giridhar Katti

    Same problem here after upgrading Sophos Coonect to new build 2.2.90.1104 (under Windows 11 Pro OS)
    One connection (other endpoint: XGS4300 (SFOS 19.5.0 GA-Build197)) is possible. Then the error message "befehl konnte nicht an ipsec-dienst gesendet werden".
    Strongswan service needs to be killed via taskkill /f.
    Then one connection works again.Uninstall not necessary.
    Seems to be a new problem with build 2.2.90.

    Any ideas?

  • 0 in reply to Markus Weiler

    We are checking to reproduce the issue. We will keep the thread posted.

Unfiltered HTML