Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 10921 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Users can no longer log in to SSL VPN / User Portal

PierceMacMillan

After the most recent update my SSL VPN on my SG 230 is completely non-functional.  I tried rolling back but that did nothing.

If I try to log into the user portal, there is no option for VPN Access.  The SSL VPN never authenticates.  It now always craps out with bad username / password for every user in my company. 

I think this must have something to do with the AD connector.  As the logs look funny.  But I checked the connection to AD with the AD Admin account and it says it passed the test.  I also noticed somebody calling from Paris is trying to get in.  Would that be causing these problems?  Thanks in advance for your help.

Here are some logs:
Live Log: SSL VPN
Filter:
Autoscroll
Reload

2017:04:10-10:26:22 utm01 openvpn[7014]: "Local computer IP":50957 Local Options hash (VER=V4): '00bc425f'

2017:04:10-10:26:22 utm01 openvpn[7014]: "Local computer IP":50957 Expected Remote Options hash (VER=V4): 'ec542dd5'

2017:04:10-10:26:22 utm01 openvpn[7014]: "Local computer IP":50957 UDPv4 READ [14] from [AF_INET]"Local computer IP":50957 (via [AF_INET]"SOPHOS UTM IP"%ppp0): P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

2017:04:10-10:26:22 utm01 openvpn[7014]: "Local computer IP":50957 TLS: Initial packet from [AF_INET]"Local computer IP":50957 (via [AF_INET]"SOPHOS UTM IP"%ppp0), sid=647eacc8 b3e1a73b

2017:04:10-10:26:22 utm01 openvpn[7014]: "Local computer IP":50957 UDPv4 WRITE [26] to [AF_INET]"Local computer IP":50957 (via [AF_INET]"SOPHOS UTM IP"%ppp0): P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0

2017:04:10-10:26:22 utm01 openvpn[7014]: "Local computer IP":50957 UDPv4 READ [22] from [AF_INET]"Local computer IP":50957 (via [AF_INET]"SOPHOS UTM IP"%ppp0): P_ACK_V1 kid=0 [ 0 ]

2017:04:10-10:26:25 utm01 openvpn[7014]: "Local computer IP":50956 SIGTERM[soft,delayed-exit] received, client-instance exiting

2017:04:10-10:27:23 utm01 openvpn[7014]: "Local computer IP":50957 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2017:04:10-10:27:23 utm01 openvpn[7014]: "Local computer IP":50957 TLS Error: TLS handshake failed

2017:04:10-10:27:23 utm01 openvpn[7014]: "Local computer IP":50957 SIGUSR1[soft,tls-error] received, client-instance restarting

 

Live Log: User authentication daemon


2017:04:10-10:40:35 utm01 aua[3731]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="212.83.160.203" host="" user="guest" caller="sshd" reason="Too many failures from client 212.83.160.203, still blocked for 587 seconds"

2017:04:10-10:40:36 utm01 aua[3731]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="212.83.160.203" host="" user="ubnt" caller="sshd" reason="Too many failures from client 212.83.160.203, still blocked for 586 seconds"

2017:04:10-10:40:41 utm01 aua[3731]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="212.83.160.203" host="" user="support" caller="sshd" reason="Too many failures from client 212.83.160.203, still blocked for 581 seconds"

2017:04:10-10:44:20 utm01 aua[21131]: id="3006" severity="info" sys="System" sub="auth" name="Bad password"

2017:04:10-10:44:20 utm01 aua[21131]: id="3006" severity="info" sys="System" sub="auth" name="Trying "LOCAL SUBNET".10 (adirectory)"

2017:04:10-10:44:20 utm01 aua[21131]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip=""OTHER SUBNET".65" host="" user="admin" caller="webadmin" reason="DENIED"

2017:04:10-10:44:36 utm01 aua[21183]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip=""OTHER SUBNET".65" host="" user="admin" caller="webadmin" engine="local"

2017:04:10-10:47:15 utm01 aua[3731]: id="3006" severity="info" sys="System" sub="auth" name="Child 21183 is running too long. Terminating child"

2017:04:10-10:47:15 utm01 aua[21683]: id="3006" severity="info" sys="System" sub="auth" name="Trying "LOCAL SUBNET".10 (adirectory)"

2017:04:10-10:47:15 utm01 aua[21683]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip=""EXTERNAL SUBNET"" host="" user="test.user" caller="portal" engine="adirectory"

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Please show me a picture of the Global Tab in Management | User Portal.

    What do you see in the aua.log? If you look in the aua.log and see

    • name=“Authentication failed: Local user "user1" is disabled”
    • reason=“DENIED”
    • id=“3006” & id=“3005” which mean "Informational Message – General information is issued by the daemon" and "Authentication failed – A user has failed to authenticate" respectively

    In this case, it is pretty clear that the user is unable to login because their account is disabled. Make sure the User host definition is enabled and has a green status.

    Thanks

Reply
  • 0

    Hi,

    Please show me a picture of the Global Tab in Management | User Portal.

    What do you see in the aua.log? If you look in the aua.log and see

    • name=“Authentication failed: Local user "user1" is disabled”
    • reason=“DENIED”
    • id=“3006” & id=“3005” which mean "Informational Message – General information is issued by the daemon" and "Authentication failed – A user has failed to authenticate" respectively

    In this case, it is pretty clear that the user is unable to login because their account is disabled. Make sure the User host definition is enabled and has a green status.

    Thanks

Children
No Data