Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 4 subscribers
  • Views 9522 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN über Fritzbox 7490 auf Firmennetzwerk

GreenL

Habe mit mehreren Geräten (MacBook [über WLAN], PC [über LAN], Android) über mehrere VPN Clients versucht auf mein Firmennetzwerk zuzugreifen (und es ging schon mal).

Gehe ich mit den Geräten in ein anderes WLAN (oder mit Handy über Mobilfunk), kann ich zugreifen.

Aber zuhause kommt immer "TLS Error: TLS key negotiation failed"

Sun May 03 15:48:19 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Oct 30 2018
Sun May 03 15:48:19 2020 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
Enter Management Password:
Sun May 03 15:48:19 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun May 03 15:48:19 2020 Need hold release from management interface, waiting...
Sun May 03 15:48:20 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun May 03 15:48:20 2020 MANAGEMENT: CMD 'state on'
Sun May 03 15:48:20 2020 MANAGEMENT: CMD 'log all on'
Sun May 03 15:48:20 2020 MANAGEMENT: CMD 'hold off'
Sun May 03 15:48:20 2020 MANAGEMENT: CMD 'hold release'
Sun May 03 15:48:32 2020 MANAGEMENT: CMD 'username "Auth" "myname"'
Sun May 03 15:48:32 2020 MANAGEMENT: CMD 'password [...]'
Sun May 03 15:48:32 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun May 03 15:48:32 2020 MANAGEMENT: >STATE:1588513712,RESOLVE,,,,,,
Sun May 03 15:48:32 2020 UDPv4 link local: [undef]
Sun May 03 15:48:32 2020 UDPv4 link remote: [AF_INET]XX.XX.61.12:443
Sun May 03 15:48:32 2020 MANAGEMENT: >STATE:1588513712,WAIT,,,,,,
Sun May 03 15:49:32 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun May 03 15:49:32 2020 TLS Error: TLS handshake failed
Sun May 03 15:49:32 2020 SIGUSR1[soft,tls-error] received, process restarting
Sun May 03 15:49:32 2020 MANAGEMENT: >STATE:1588513772,RECONNECTING,tls-error,,,,,

die Konfig von meiner Firma zur Verfügung gestellt ist:

ip-win32 dynamic
client
dev tun
proto udp
remote sophos.meinecomp.de 443
tls-remote "C=de, L=mycity, O=meinecomp, CN=sophos.meinecomp.de, emailAddress=it@meinecomp.de"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-128-CBC
auth SHA1
comp-lzo
route-delay 4
verb 3
reneg-sec 0
<ca>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            b2:1c:b9:43:0a:c2:a9:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=de, L=mycity, O=meinecomp, CN=meinecomp VPN CA/emailAddress=it@meinecomp.de
        Validity
            Not Before: Aug 1 08:32:32 2018 GMT
            Not After : Jan  1 00:00:00 2038 GMT
        Subject: C=de, L=mycity, O=meinecomp, CN=meinecomp VPN CA/emailAddress=it@meinecomp.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

...

 

Eigentlich muss es an der FritzBox (finde aber nichts, was ich einstellen könnte) oder an meinem Provider (hat keine Idee) liegen.

Hat jemand einen Tipp?



This thread was automatically locked due to age.
Parents
  • 0

    Hallo,

    Herzlich willkommen hier in der Community !

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    Have you tried downloading your configuration file to your device again?

    Does your ISP block UDP 443?  I know that happens more often in Deutschland than in the USA.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

  • 0 in reply to BAlfson

    BAlfson said:

    Have you tried downloading your configuration file to your device again?

    i tried 3 devices. And they are all working in different WLAN.

    Habe es mit 3 Geräten probiert. Alle funktionieren in anderem WLAN

    BAlfson said:

    Does your ISP block UDP 443?

    Wie kann ich das feststellen? Versucht habe ich: (tcp um einen Unterschied zu sehen)

    C:\PortQryV2>portqry -n sophos.company.de -e 443 -p tcp

    Querying target system called:

     sophos.company.de

    Attempting to resolve name to IP address...

    Name resolved to xx.xx.x65.12

    querying...

    TCP port 443 (https service): LISTENING

    C:\PortQryV2>portqry -n sophos.company.de -e 443 -p udp

    Querying target system called:

     sophos.company.de

    Attempting to resolve name to IP address...

    Name resolved to xx.xx.x5.12

    querying...

    UDP port 443 (https service): LISTENING or FILTERED

  • 0 in reply to GreenL

    Welchen Provider hast du?

Reply Children