Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 14257 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN Client is connected but there isn't traffic

David Babiano Rodriguez

Hi to all!!

I have an issue with the SSL vpn client configuration.. The client is able to connect but I can see in the log the next lines (is not a complete log):

 

Tue Jan 10 15:57:20 2017 MANAGEMENT: >STATE:1484060240,ASSIGN_IP,,10.3.33.101,,,,
Tue Jan 10 15:57:24 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:24 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:28 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:28 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:29 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:29 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:30 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:30 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:31 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:31 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:33 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:33 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:34 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:34 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:35 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:35 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:36 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:36 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:37 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:37 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:39 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:39 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:40 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:40 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:41 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:41 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:42 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:42 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:43 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:43 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:44 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:44 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:45 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:45 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:46 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:46 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:47 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:47 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:48 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:48 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:49 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:49 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:50 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:50 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:51 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:51 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:52 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:52 2017 Route: Waiting for TUN/TAP interface to come up...
Tue Jan 10 15:57:54 2017 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 172.20.35.193 MASK 255.255.255.255 192.168.1.1
Tue Jan 10 15:57:54 2017 Route addition via service succeeded
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.3.33.100
Tue Jan 10 15:57:54 2017 Warning: route gateway is not reachable on any active network adapters: 10.3.33.100
Tue Jan 10 15:57:54 2017 Route addition via service failed
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.3.33.100
Tue Jan 10 15:57:54 2017 Warning: route gateway is not reachable on any active network adapters: 10.3.33.100
Tue Jan 10 15:57:54 2017 Route addition via service failed
Tue Jan 10 15:57:54 2017 MANAGEMENT: >STATE:1484060274,ADD_ROUTES,,,,,,
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 172.20.35.193 MASK 255.255.255.255 192.168.1.1
Tue Jan 10 15:57:54 2017 ROUTE: route addition failed using service: El objeto ya existe. [status=5010 if_index=10]
Tue Jan 10 15:57:54 2017 Route addition via service failed
Tue Jan 10 15:57:54 2017 C:\Windows\system32\route.exe ADD 172.20.35.193 MASK 255.255.255.255 192.168.1.1
Tue Jan 10 15:57:54 2017 ROUTE: route addition failed using service: El objeto ya existe. [status=5010 if_index=10]
Tue Jan 10 15:57:54 2017 Route addition via service failed

Then, the system is not adding the network interface in the client laptop and the routes isn't appear anywhere... So, when I try to reach the internal LAN, the traffic goes to the client's default gateway instead going throught the SSL-VPN and the traffic is not reaching the LAN... 

Any idea???

Thanks in advance!!!

Regards

David.



This thread was automatically locked due to age.
Parents
  • 0

    Weird to see tunnel coming up so many times in 30 seconds.  Probably is goes down as quickly.
    And when it is down, route addition to tunnel peer 10.3.33.100 has to fail.

    Am I correct assuming:
    -192.168.1.1 is gateway on your LAN
    -172.20.35.193 is sslvpn server IP.  (it's a private IP, that raises some eyebrows)
    -OpenVPN tries to route all traffic over the VPN, not just some internal networks

Reply
  • 0

    Weird to see tunnel coming up so many times in 30 seconds.  Probably is goes down as quickly.
    And when it is down, route addition to tunnel peer 10.3.33.100 has to fail.

    Am I correct assuming:
    -192.168.1.1 is gateway on your LAN
    -172.20.35.193 is sslvpn server IP.  (it's a private IP, that raises some eyebrows)
    -OpenVPN tries to route all traffic over the VPN, not just some internal networks

Children
  • 0 in reply to sixteen again

    Hi sixteen,

    yes, it's correct... Now, I have the appliance in a lab (I'm new in Sophos), but I have to configure the appliance to take it and go to install it to my customer...

    the IP address 192.168.1.1 is a router which knows thew to subnets... The lab is:

     

    The green arrow is the SSL-VPN connection (I have got connectivity via routing between the laptop and the sophos appliance).... The system is leasing to me one IP address but I don't see this anywhere and the traffic is not going via tunnel... I don't know how to OpenVPN client works but the Cisco Anyconnect client, brings up a new interface which is used to reach the internal network, I think the OpenVPN client works equal, correct??

    Thanks in advance!!

    Regards,

    David.

  • 0 in reply to David Babiano Rodriguez

    HI Sixteen , 

    As per the logs , it would seem that the SSL VPN client is having troubleshoot overwriting the default route , have you tried with different system also does your XG appliance have a Public address which is reachable from your system . 

  • +1 in reply to Aditya Patel

    Hi Aditya,

    I've solved this issue.... The problem is I have got installed the Cisco Anyconnect Client, this software has a module which manage the network, this is usefull to manage the wifi connections in your PC because with one click i can change the wifi network that I connect... I've disabled this module and the sophos cliente has connected fine and quickly... Now all is working fine!!!

    Thanks for all and I sorry for the inconvenience...

    Kind Regards,

    David.

  • 0 in reply to David Babiano Rodriguez

    HI  David , 

    Its no problem , your Issue and resolution would be sure be of help to others . Keep us posted for any issue you are facing.