Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 9513 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Suddenly Stopped Working

LRJadmin

Good Evening,

I recently joined a team and started up our own MSP. One of the clients we took over is using a Sophos XG210 (SFOS 17.0.3 MR-3). I am not real familiar with Sophos, though this same unit died and was RMA'd largely in part due to someone in one of these forums that worked at Sophos, so it was pretty impressive.

 

Anyway, this evening suddenly nobody in the company was able to connect remotely using the SSL VPN. I received a call from the owner and he was not happy, and I have absolutely no idea where to look or what to do. Any suggestions on the matter would be great. Some additional information is below:

  • This started with one person not being able to connect, then spread and nobody could connect or even if connected could not access anything
  • Current firmware is SFOS 17.0.3 MR-3
  • No changes were made to the firewall
  • This is now affecting all users
  • They use active directory to authenticate
  • TCP is being used for the VPN
  • Traffic is still passing internally, I am able to connect using my RMM tools
  • When attempting to connect the stoplight turns from red to yellow, and then just stays there indefinitely
  • Here is a copy of what the log is saying when trying to connect

Tue Jan 23 20:58:40 2018 Connection reset, restarting [0]
Tue Jan 23 20:58:40 2018 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jan 23 20:58:40 2018 MANAGEMENT: >STATE:1516762720,RECONNECTING,connection-reset,,,,,
Tue Jan 23 20:58:40 2018 Restart pause, 5 second(s)
Tue Jan 23 20:58:45 2018 Socket Buffers: R=[65536->65536] S=[64512->64512]
Tue Jan 23 20:58:45 2018 Attempting to establish TCP connection with [AF_INET]128.92.104.243:8443 [nonblock]
Tue Jan 23 20:58:45 2018 MANAGEMENT: >STATE:1516762725,TCP_CONNECT,,,,,,
Tue Jan 23 20:58:46 2018 TCP connection established with [AF_INET]128.92.104.243:8443
Tue Jan 23 20:58:46 2018 TCPv4_CLIENT link local: [undef]
Tue Jan 23 20:58:46 2018 TCPv4_CLIENT link remote: [AF_INET]128.92.104.243:8443
Tue Jan 23 20:58:46 2018 MANAGEMENT: >STATE:1516762726,WAIT,,,,,,
Tue Jan 23 20:58:46 2018 MANAGEMENT: >STATE:1516762726,AUTH,,,,,,
Tue Jan 23 20:58:46 2018 TLS: Initial packet from [AF_INET]128.92.104.243:8443, sid=aac863d6 8c4fa7bf
Tue Jan 23 20:58:47 2018 VERIFY OK: depth=1, C=US, ST=Wisconsin, L=Madison, O=Acuity Consulting Services LLC, OU=OU, CN=Sophos_CA_C22042XQGW694E6, emailAddress=helpdesk@acuitycs.com
Tue Jan 23 20:58:47 2018 VERIFY X509NAME OK: C=US, ST=WI, L=Madison, O=Johnson Block, OU=OU, CN=SophosApplianceCertificate_C2201783JRGRJB0, emailAddress=lrasmussen@
Tue Jan 23 20:58:47 2018 VERIFY OK: depth=0, C=US, ST=WI, L=Madison, O=Johnson Block, OU=OU, CN=SophosApplianceCertificate_C2201783JRGRJB0, emailAddress=lrasmussen@
Tue Jan 23 20:58:48 2018 Connection reset, restarting [0]
Tue Jan 23 20:58:48 2018 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jan 23 20:58:48 2018 MANAGEMENT: >STATE:1516762728,RECONNECTING,connection-reset,,,,,
Tue Jan 23 20:58:48 2018 Restart pause, 5 second(s)
Tue Jan 23 20:58:53 2018 Socket Buffers: R=[65536->65536] S=[64512->64512]
Tue Jan 23 20:58:53 2018 Attempting to establish TCP connection with [AF_INET]128.92.104.243:8443 [nonblock]
Tue Jan 23 20:58:53 2018 MANAGEMENT: >STATE:1516762733,TCP_CONNECT,,,,,,
Tue Jan 23 20:58:54 2018 TCP connection established with [AF_INET]128.92.104.243:8443
Tue Jan 23 20:58:54 2018 TCPv4_CLIENT link local: [undef]
Tue Jan 23 20:58:54 2018 TCPv4_CLIENT link remote: [AF_INET]128.92.104.243:8443
Tue Jan 23 20:58:54 2018 MANAGEMENT: >STATE:1516762734,WAIT,,,,,,
Tue Jan 23 20:58:54 2018 MANAGEMENT: >STATE:1516762734,AUTH,,,,,,
Tue Jan 23 20:58:54 2018 TLS: Initial packet from [AF_INET]128.92.104.243:8443, sid=da613d9d 0a44de5b
Tue Jan 23 20:58:54 2018 VERIFY OK: depth=1, C=US, ST=Wisconsin, L=Madison, O=Acuity Consulting Services LLC, OU=OU, CN=Sophos_CA_C22042XQGW694E6, emailAddress=helpdesk@acuitycs.com
Tue Jan 23 20:58:54 2018 VERIFY X509NAME OK: C=US, ST=WI, L=Madison, O=Johnson Block, OU=OU, CN=SophosApplianceCertificate_C2201783JRGRJB0, emailAddress=lrasmussen@
Tue Jan 23 20:58:54 2018 VERIFY OK: depth=0, C=US, ST=WI, L=Madison, O=Johnson Block, OU=OU, CN=SophosApplianceCertificate_C2201783JRGRJB0, emailAddress=lrasmussen@
Tue Jan 23 20:58:54 2018 Connection reset, restarting [0]
Tue Jan 23 20:58:54 2018 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jan 23 20:58:54 2018 MANAGEMENT: >STATE:1516762734,RECONNECTING,connection-reset,,,,,
Tue Jan 23 20:58:54 2018 Restart pause, 5 second(s)

 

 

Thank you so much for any help you can give or any direction you can lend. I am struggling mightily with this, but more importantly, my client is unable to work. Thanks again for your time everyone!

-Larry



This thread was automatically locked due to age.
Parents
  • 0

    Can you at least connect using local authentication? To do so you'll need to download the SSL VPN configuration and package from the user on the UTM. Tick the box next to a local user, click the arrow pointing down at the top and download and install the package. Ensure that user has rights to connect to the VPN. That will tell you if you need to investigate the backend authentication (AD) or not.

Reply
  • 0

    Can you at least connect using local authentication? To do so you'll need to download the SSL VPN configuration and package from the user on the UTM. Tick the box next to a local user, click the arrow pointing down at the top and download and install the package. Ensure that user has rights to connect to the VPN. That will tell you if you need to investigate the backend authentication (AD) or not.

Children
No Data