SSL VPN Stopped Working - SFOS 16.05.1 MR-1

Ran into the same issue. Switching to TCP resolves issue. 

I switched to TCP, re-downloaded the configuration and its still not working.

Here is the error I receive:

TCP: connect to [AF_INET]76.189.XXX.XXX:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive

Get down to the shell via SSH and try starting the service via this command:

service sslvpn:start -d -s nosync

I've been working a tech support case on SSL VPN and the service technician did that to get things going after updating to 16.05.1MR-1.

HTH

I'm at a loss, tried to stop/start services and the issue remains.

GUI and console didn't work for me.  Only the above line from the device management, advanced shell worked for me.

Thats what I did. Device Management > Advanced Shell > then ran the command 

I believe it may have something to do with the firewall rules.  I tried to login with a different, incorrect password, it it appears the packets are even getting through to authenticate the user.

Does anyone have any additional suggestions?  I am going out of town for work next week, and would like to be able to use my VPN.

I feel it has something to do with the firewall policy settings, due to UDP simply timing out, and TCP not even getting to the point of user auth.  

I setup my firewall policy settings as per the instructions, and everything worked properly until I upgraded to SFOS 16.

Thank you for any assistance.

-SG

What rules do you have? For mine to work, I have the following;

Rule #1

Source: VPN

Any Service

Dest: LAN

Enable MASQ

Rule #2

Source: LAN

Any Service

Dest: VPN

Also, in the remote access config, for permitted resources I had to manually make a definition for the LAN, rather than just use "port1"

My rules appear to match yours exactly.

Rule #1:

Rule #2

Try disabling "match known users". Also does your SSL VPN profile have the network as a definition or just the port/bridge?

I'll try disabling known users.  I have created a profile for #Port1, that I called Main_lan.

I'll try disabling known users.  I have created a profile for #Port1, that I called Main_lan.

Update,

Still not working.  However, if I try to connect to my VPN from inside my network, i get the same failed error message of a TLS timeout on UDP when it tries to connect to my external IP.

However, if I try and have it join internally to my 192.168.1.1:8443 address, it connects no problem.  

Somehow, my external IP is blocking the connection???

From the advanced shell you can issue the drppkt command to see if the firewall is blocking something.

for example:

"drppkt host 192.168.203.2" will filter on the host

"drppkt 192.168.203.2 and port 389" will filter on the host and port.

FWIW I cannot get SSL VPN working on UDP.  Tech support is throwing back to development.  TCP ports (most of the time).

I'm convinced either Time Warner (spectrum) is blocking the default VPN SSL port, or something else is causing the packets to not get through to my Sophos XG router.

I'm going to download Wireshark and see if I can trace the packets that way.