SSL VPN not connecting

Question

Hello, 
 
 I have setup the SSL VPN but I cannot connect to it. When i try, the connection resets. Some logs perhaps might help below. Accessing the User portal doesn't seem to be an issue so i don't know what might be wrong. 
 
 Thanks in advance! 
 Sidenote: IPs and usernames have been removed and replaced with {} 
 On the UTM: 
 
 vpn-1 openvpn[9336]: {CLIENT IP ADDRESS}:24784 SIGUSR1[soft,connection-reset] received, client-instance restarting vpn-1 openvpn[9336]: TCP connection established with [AF_INET]{ISP IP ADDRESS}:60864 (via [AF_INET]{SERVER IP ADDRESS}:443) vpn-1 openvpn[9336]: {ISP IP ADDRESS}:60864 Non-OpenVPN client protocol detected vpn-1 openvpn[9336]: {ISP IP ADDRESS}:60864 SIGTERM[soft,port-share-redirect] received, client-instance exiting vpn-1 openvpn[9336]: TCP connection established with [AF_INET]{ISP ANOTHER IP ADDRESS}:50802 (via [AF_INET]{SERVER IP ADDRESS}:443) vpn-1 openvpn[9336]: {ISP ANOTHER IP ADDRESS}:50802 Non-OpenVPN client protocol detected vpn-1 openvpn[9336]: {ISP ANOTHER IP ADDRESS}:50802 SIGTERM[soft,port-share-redirect] received, client-instance exiting vpn-1 openvpn[9336]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt vpn-1 openvpn[9336]: MANAGEMENT: CMD 'status -1' vpn-1 openvpn[9336]: MANAGEMENT: Client disconnected vpn-1 openvpn[9336]: TCP connection established with [AF_INET]{CLIENT IP ADDRESS}:28930 (via [AF_INET]{SERVER IP ADDRESS}:443) vpn-1 openvpn[9336]: {CLIENT IP ADDRESS}:28930 TLS: Initial packet from [AF_INET]{CLIENT IP ADDRESS}:28930 (via [AF_INET]{SERVER IP ADDRESS}:443), sid=f09b225d 08e16e4c vpn-1 openvpn[9336]: {CLIENT IP ADDRESS}:28930 Connection reset, restarting [-1] vpn-1 openvpn[9336]: {CLIENT IP ADDRESS}:28930 SIGUSR1[soft,connection-reset] received, client-instance restarting 
 Client Side 1: 
 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jun 25 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09 Enter Management Password: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Need hold release from management interface, waiting... MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 MANAGEMENT: CMD 'state on' MANAGEMENT: CMD 'log all on' MANAGEMENT: CMD 'hold off' MANAGEMENT: CMD 'hold release' MANAGEMENT: CMD 'username "Auth" "{USER}"' MANAGEMENT: CMD 'password [...]' Socket Buffers: R=[65536->65536] S=[65536->65536] MANAGEMENT: >STATE:1482303961,RESOLVE,,,,,, Attempting to establish TCP connection with [AF_INET]{SERVER IP ADDRESS}:443 [nonblock] MANAGEMENT: >STATE:1482303961,TCP_CONNECT,,,,,, TCP connection established with [AF_INET]{SERVER IP ADDRESS}:443 TCPv4_CLIENT link local: [undef] TCPv4_CLIENT link remote: [AF_INET]{SERVER IP ADDRESS}:443 MANAGEMENT: >STATE:1482303962,WAIT,,,,,, MANAGEMENT: >STATE:1482303962,AUTH,,,,,, TLS: Initial packet from [AF_INET]{SERVER IP ADDRESS}:443, sid=280f400d fe17ec8c WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Fatal TLS error (check_tls_errors_co), restarting SIGUSR1[soft,tls-error] received, process restarting MANAGEMENT: >STATE:1482303963,RECONNECTING,tls-error,,,,, Restart pause, 5 second(s) Socket Buffers: R=[65536->65536] S=[65536->65536] MANAGEMENT: >STATE:1482303968,RESOLVE,,,,,, Attempting to establish TCP connection with [AF_INET]{SERVER IP ADDRESS}:443 [nonblock] MANAGEMENT: >STATE:1482303968,TCP_CONNECT,,,,,, TCP connection established with [AF_INET]{SERVER IP ADDRESS}:443 TCPv4_CLIENT link local: [undef] TCPv4_CLIENT link remote: [AF_INET]{SERVER IP ADDRESS}:443 MANAGEMENT: >STATE:1482303969,WAIT,,,,,, MANAGEMENT: >STATE:1482303969,AUTH,,,,,, TLS: Initial packet from [AF_INET]{SERVER IP ADDRESS}:443, sid=ecb6e4fa 5ea600ee VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed Fatal TLS error (check_tls_errors_co), restarting SIGUSR1[soft,tls-error] received, process restarting MANAGEMENT: >STATE:1482303969,RECONNECTING,tls-error,,,,, Restart pause, 5 second(s) Socket Buffers: R=[65536->65536] S=[65536->65536] MANAGEMENT: >STATE:1482303974,RESOLVE,,,,,, Attempting to establish TCP connection with [AF_INET]{SERVER IP ADDRESS}:443 [nonblock] MANAGEMENT: >STATE:1482303974,TCP_CONNECT,,,,,, SIGTERM[hard,init_instance] received, process exiting MANAGEMENT: >STATE:1482303975,EXITING,init_instance,,,,, 
 Client Side 2: 
 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jun 25 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09 Enter Management Password: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341 Need hold release from management interface, waiting... MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341 MANAGEMENT: CMD 'state on' MANAGEMENT: CMD 'log all on' MANAGEMENT: CMD 'hold off' MANAGEMENT: CMD 'hold release' MANAGEMENT: CMD 'username "Auth" "a-vasileiosg"' MANAGEMENT: CMD 'password [...]' Socket Buffers: R=[65536->65536] S=[65536->65536] MANAGEMENT: >STATE:1482304343,RESOLVE,,,,,, Attempting to establish TCP connection with [AF_INET]{SERVER IP ADDRESS}:443 [nonblock] MANAGEMENT: >STATE:1482304343,TCP_CONNECT,,,,,, TCP connection established with [AF_INET]{SERVER IP ADDRESS}:443 TCPv4_CLIENT link local: [undef] TCPv4_CLIENT link remote: [AF_INET]{SERVER IP ADDRESS}:443 MANAGEMENT: >STATE:1482304344,WAIT,,,,,, Connection reset, restarting [-1] SIGUSR1[soft,connection-reset] received, process restarting MANAGEMENT: >STATE:1482304345,RECONNECTING,connection-reset,,,,, Restart pause, 5 second(s) Socket Buffers: R=[65536->65536] S=[65536->65536] MANAGEMENT: >STATE:1482304350,RESOLVE,,,,,, Attempting to establish TCP connection with [AF_INET]{SERVER IP ADDRESS}:443 [nonblock] MANAGEMENT: >STATE:1482304350,TCP_CONNECT,,,,,, TCP connection established with [AF_INET]{SERVER IP ADDRESS}:443 TCPv4_CLIENT link local: [undef] TCPv4_CLIENT link remote: [AF_INET]{SERVER IP ADDRESS}:443 MANAGEMENT: >STATE:1482304351,WAIT,,,,,, SIGTERM[hard,] received, process exiting MANAGEMENT: >STATE:1482304351,EXITING,SIGTERM,,,,,

vasileiosg · Accepted Answer

So even though SSL VPN is running over port 443, clever firewalls can understand the application type and block it. Sophos is using OpenVPN for SSL VPN which may be blocked by clever Network and Security IT people. 
 
 That was the issue and now it is solved.