Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 14267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN Client is connected but there isn't traffic

David Babiano Rodriguez

Hi to all!!

I have an issue with the SSL vpn client configuration.. The client is able to connect but I can see in the log the next lines (is not a complete log):

 

Tue Jan 10 15:57:20 2017 MANAGEMENT: >STATE:1484060240,ASSIGN_IP,,10.3.33.101,,,,
Tue Jan 10 15:57:24 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:24 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:28 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:28 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:29 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:29 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:30 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:30 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:31 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:31 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:33 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:33 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:34 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:34 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:35 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:35 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:36 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:36 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:37 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:37 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:39 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:39 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:40 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:40 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:41 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:41 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:42 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:42 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:43 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:43 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:44 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:44 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:45 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:45 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:46 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:46 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:47 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:47 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:48 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:48 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:49 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:49 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:50 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:50 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:51 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:51 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:52 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:52 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:54 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 172.20.35.193 MASK 255.255.255.255 192.168.1.1
Tue Jan 10 15:57:54 2017 Route addition via service succeeded
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.3.33.100
Tue Jan 10 15:57:54 2017 Warning: route gateway is not reachable on any active network adapters: 10.3.33.100
Tue Jan 10 15:57:54 2017 Route addition via service failed
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.3.33.100
Tue Jan 10 15:57:54 2017 Warning: route gateway is not reachable on any active network adapters: 10.3.33.100
Tue Jan 10 15:57:54 2017 Route addition via service failed
Tue Jan 10 15:57:54 2017 MANAGEMENT: >STATE:1484060274,ADD_ROUTES,,,,,,
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 172.20.35.193 MASK 255.255.255.255 192.168.1.1
Tue Jan 10 15:57:54 2017 ROUTE: route addition failed using service: El objeto ya existe. [status=5010 if_index=10]
Tue Jan 10 15:57:54 2017 Route addition via service failed
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 172.20.35.193 MASK 255.255.255.255 192.168.1.1
Tue Jan 10 15:57:54 2017 ROUTE: route addition failed using service: El objeto ya existe. [status=5010 if_index=10]
Tue Jan 10 15:57:54 2017 Route addition via service failed

Then, the system is not adding the network interface in the client laptop and the routes isn't appear anywhere... So, when I try to reach the internal LAN, the traffic goes to the client's default gateway instead going throught the SSL-VPN and the traffic is not reaching the LAN... 

Any idea???

Thanks in advance!!!

Regards

David.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Aditya Patel

    Hi Aditya,

    the configuration is:

    The permitted network is 10.3.0.0/16, and the route print of the laptop: 

    C:\Users\David>route print
    ===========================================================================
    ILista de interfaces
    34...00 ff 3e c6 92 3f ......Sophos SSL VPN Adapter
    11...00 18 de 22 76 dc ......Conexión de red Intel(R) PRO/Wireless 3945ABG
    10...00 18 8b b1 7c 63 ......Controladora Gigabit Broadcom NetXtreme 57xx
    1...........................Software Loopback Interface 1
    36...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft
    37...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #2
    18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    33...00 00 00 00 00 00 00 e0 Adaptador ISATAP de Microsoft #3
    ===========================================================================

    IPv4 Tabla de enrutamiento
    ===========================================================================
    Rutas activas:
    Destino de red Máscara de red Puerta de enlace Interfaz Métrica
    0.0.0.0 0.0.0.0 172.20.32.1 172.20.34.90 20
    127.0.0.0 255.0.0.0 En vínculo 127.0.0.1 306
    127.0.0.1 255.255.255.255 En vínculo 127.0.0.1 306
    127.255.255.255 255.255.255.255 En vínculo 127.0.0.1 306
    172.20.32.0 255.255.248.0 En vínculo 172.20.34.90 276
    172.20.34.90 255.255.255.255 En vínculo 172.20.34.90 276
    172.20.35.193 255.255.255.255 172.20.32.1 172.20.34.90 276
    172.20.39.255 255.255.255.255 En vínculo 172.20.34.90 276
    224.0.0.0 240.0.0.0 En vínculo 127.0.0.1 306
    224.0.0.0 240.0.0.0 En vínculo 172.20.34.90 276
    255.255.255.255 255.255.255.255 En vínculo 127.0.0.1 306
    255.255.255.255 255.255.255.255 En vínculo 172.20.34.90 276
    ===========================================================================
    Rutas persistentes:
    Ninguno

    IPv6 Tabla de enrutamiento
    ===========================================================================
    Rutas activas:
    Cuando destino de red métrica Puerta de enlace
    1 306 ::1/128 En vínculo
    1 306 ff00::/8 En vínculo
    ===========================================================================
    Rutas persistentes:
    Ninguno

    These routes are with the client connected...

    The system should lease to my laptop an IP address of the range 10.3.33.100 - 110, but I don't see it anywhere... If I run a traceroute to the internal network, the traffic goes to my default gateway instead to go to the tunnel...    

    Regards,

    David.