Remote Access VPN - IPSEC with Certificate - connection export .scx file invalid - SFOS 19.5

Question

Remote Access VPN IPSEC with Authentication type certificate does still lead to invalid connection .scx file on SFOS 19.5.0 GA-Build197 and SFOS 19.5.1 MR-1-Build278 if the "Company Name" in the Certificate does contain Whitespaces. 
 There are some Bug Reports like NC-85383 and NC-95633 whitch are listed as "resoled issues" at the release notes: https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=19.5 
 Looks like the same Problem is reported for older Firmware Versions: IPSEC Remote Access .scx file invalid 
 
 CA Settings 
 No "German" Umlaute / "Special" Characters but Whitespaces in Company Name Organization Name. 
 
 Certificate Settings

Content of xxx.scx: 
 cannot open file /tmp/root_cert.txt at /scripts/vpn/ipsec/generateJSONVPNClientConf.pl line 331.

Giridhar Katti · Answer

Hi Philbert, 
 This is the update after some more testing on this issue by our QE. 
 >>> 
 I configured IPSec RA in 19.0 MR1 (Akamaru) build 367, with spaces in Organization Name (also in common name and organizational unit), where the issue is present. Then I upgraded to 19.5 MR1 (Hatutu) build 278, where the fix is present. Before upgrade, I could see the scx file throwing the error and after the upgrade I could see the scx file getting generated successfully and I was able to connect from Windows too. 
 We suspect that there could be some other issue in the certificate in the customer&rsquo;s case. Would it be possible to get access to the customer device to check what else may be missing? 
 >>>

Remote Access VPN - IPSEC with Certificate - connection export .scx file invalid - SFOS 19.5

CA Settings

Certificate Settings

Top Replies