Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 454 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Access VPN - IPSEC with Certificate - connection export .scx file invalid - SFOS 19.5

philbert

Remote Access VPN IPSEC with Authentication type certificate does still lead to invalid connection .scx file on SFOS 19.5.0 GA-Build197 and SFOS 19.5.1 MR-1-Build278 if the "Company Name" in the Certificate does contain Whitespaces.

There are some Bug Reports like NC-85383 and NC-95633 whitch are listed as "resoled issues" at the release notes: https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=19.5

Looks like the same Problem is reported for older Firmware Versions:  IPSEC Remote Access .scx file invalid 

CA Settings

No "German" Umlaute / "Special" Characters but Whitespaces in Company Name Organization Name.

Certificate Settings

Content of xxx.scx:

cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/generateJSONVPNClientConf.pl line 331.



This thread was automatically locked due to age.
  • 0

    If I remove the Whitespaces in "Company Name" for the Certificate, the .scx file is generated correctly.

    Please fix the BUG!

  • 0 in reply to philbert

    We tried to reproduce the issue on the SFOS 19.5.1 MR-1-Build278, we are not hitting the issue.

  • 0 in reply to Giridhar Katti

    Thanks for your Feedback.

    Whitespaces are at the Organization Name not Company Name, I`ve edited my post.

    Certificate details looks like this:

    Country name: Germany
    State: XYZ
    Locality name: Somewhere
    Organization Name: The Example Company GmbH
    Organization unit name: IT
    Common Name: xyz.example.com
    Email address: somebody@example.com

    DNS names: xyz.example.com

    If I change Organization Name to "TheExampleCompanyGmbH", it works.

    Did you test with a "new" Config on SFOS 19.5? Maybe it only happens with config upgraded from older Version? I believe we startet with the Firewall around SFOS 17 and updated at least to every Mayor MR Release.

  • 0 in reply to philbert

    Just to be sure: Do you have special characters somewhere? Because in Germany, you can easily do something like "Köln" or "München" as a City or street. 

    __________________________________________________________________________________________________________________

  • 0 in reply to philbert

    Hi Philbert,

    This is the update after some more testing on this issue by our QE.

    >>>

    I configured IPSec RA in 19.0 MR1 (Akamaru) build 367, with spaces in Organization Name (also in common name and organizational unit), where the issue is present. Then I upgraded to 19.5 MR1 (Hatutu) build 278, where the fix is present. Before upgrade, I could see the scx file throwing the error and after the upgrade I could see the scx file getting generated successfully and I was able to connect from Windows too.

    We suspect that there could be some other issue in the certificate in the customer’s case. Would it be possible to get access to the customer device to check what else may be missing?

    >>>

Unfiltered HTML