[9.195] No Remote Access via SSL VPN

Hello together,

for testing purposes with SSL VPN I'm using a Sophos UTM 9.2 Beta (9.195-6). Since a few days I can't get a connection via SSL VPN. I'm using the Sophos OpenVPN client. Here are the log messages with detailed log level:

2014:02:20-18:15:33 SophosUTM openvpn[8356]: MULTI: multi_create_instance called 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 Re-using SSL/TLS context 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 LZO compression initialized 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 Local Options hash (VER=V4): 'a8f55717' 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 Expected Remote Options hash (VER=V4): '22188c5b' 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 READ [14] from [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 TLS: Initial packet from [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1), sid=3179f9b4 a6ac239d 
2014:02:20-18:15:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [26] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0 
2014:02:20-18:15:35 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [14] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:15:35 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 READ [14] from [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:15:35 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [22] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_ACK_V1 kid=0 [ 0 ] 
2014:02:20-18:15:39 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [14] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:15:40 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 READ [14] from [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:15:40 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [22] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_ACK_V1 kid=0 [ 0 ] 
2014:02:20-18:15:47 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [14] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:15:48 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 READ [14] from [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:15:48 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [22] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_ACK_V1 kid=0 [ 0 ] 
2014:02:20-18:16:03 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [14] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:16:04 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 READ [14] from [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0 
2014:02:20-18:16:04 SophosUTM openvpn[8356]: 172.29.254.218:52407 UDPv4 WRITE [22] to [AF_INET]172.29.254.218:52407 (via [AF_INET]172.29.250.69%eth1): P_ACK_V1 kid=0 [ 0 ] 
2014:02:20-18:16:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
2014:02:20-18:16:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 TLS Error: TLS handshake failed 
2014:02:20-18:16:33 SophosUTM openvpn[8356]: 172.29.254.218:52407 SIGUSR1[soft,tls-error] received, client-instance restarting

It's a bit tricky infrastructure because the Sophos UTM is running as virtual machine in a DMZ behind a Checkpoint Firewall. The two Interfaces of the Sophos UTM are connected to the DMZ which is separated into smaller VLANs. This worked fine on the second half of december and on january until the beginning of february.

I have updated the Sophos UTM and I renewed the CA certificate for SSL VPN to be sure that there are no issues with the certificates. But the problem still persists.

Are there any ideas?

Thank you

TheExpert

Parents

0 d12fk over 11 years ago

Nothing obviously. I'll poke him again.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 TheExpert over 11 years ago in reply to d12fk

Hello d12fk,

are there now any news regarding policy based routing?

Thank you

TheExpert

Kind Regards

TheExpert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 TheExpert over 11 years ago in reply to d12fk

Hello d12fk,

are there now any news regarding policy based routing?

Thank you

TheExpert

Kind Regards

TheExpert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data