Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 134664 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange skype and socks5 behavior

ErikFranzén

Have configured Skype to use Socks5 with "Automatic detect settings".On the client Win 10 machine I have a proxy agent which sets system proxy address depending on network.

When starting Skype, I get this in the UTM socks log

2016:07:07-15:39:34 fw sockd[29168]: info: pass(1): tcp/accept [: 192.168.1.10.65433 192.168.1.1.1080
2016:07:07-15:39:34 fw sockd[29168]: info: block(1): tcp/accept ]: 192.168.1.10.65433 192.168.1.1.1080: error after having read 24 bytes: access denied by AUA

What have I done wrong?



This thread was automatically locked due to age.
Parents
  • 0

    i'm having this same issue, but i'm using AD users as allowed, i even added the AD user specifically and nothing.

     

    i've tried shortname, domain\shotname and FQDN, all attempts give access denied by AUA, what's going on?

  • 0 in reply to Mast_01

    What do you see in the User Authentication log?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    in the UA log i get:

     

    2016:10:20-18:08:53 utm aua[9774]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.10.10.36 (radius)"
    2016:10:20-18:08:53 utm aua[9774]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.10.10.36 (adirectory)"
    2016:10:20-18:08:53 utm aua[9774]: id="3006" severity="info" sys="System" sub="auth" name="Trying 10.10.10.35 (adirectory)"
    2016:10:20-18:08:53 utm aua[9774]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="10.10.10.192" host="" user="user@domain.com.ar" caller="socks" reason="DENIED"
     
     
    with the shortname it does the same
  • 0 in reply to Mast_01

    I hate to have to look in the logs on a WinServer, but what does the RADIUS log show on 10.10.10.36?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob, i'm not using radius for this auth, i had it enabled for pptp.

    the radius log shows an access attempt then a reject

    just for testing i disabled RADIUS and the error persists:

    2016:10:28-11:54:02 utm aua[12636]: id="3005" severity="warn" sys="System" sub="auth" name="Authentication failed" srcip="10.10.10.192" host="" user="user" caller="socks" reason="DENIED".

     

    EDIT:

    i've opened a support case for this and looks like a skype bug, the support guys pointed me to https://community.skype.com/t5/Windows-desktop-client/Skype-7-22-0-108-does-not-work-with-Socks5-Proxy/td-p/4359698

    i setup a packet capture with wireshark and did a test with skype and with curl, with skype the password is sent either empty or mangled, with curl it works perfectly(test with good and bad password and responses are as expected).

    the bug is still present on the current 7.94 version i'll see how to report this to skype if at all possible.

     

    EDIT2: got in touch with skype support, i'm amazed how fast and receptive they where, the support guy connected to my PC with logmein to reproduce the issue -which i did- and he acknowledged it might be a problem and he said that they'll refresh my account(that's kind of BS as this bug happens before skype logs in) and to check back in a day, i have a case number which i'll reference next week if it keeps failing(which it will do...)

  • 0 in reply to Mast_01

    Any news about this?

    Got the same problem using UTM 9.411-3 and Skype 7.35.0.101

  • 0 in reply to ErikFranzen

    i gave up on this, skype won't fix anything.

     

    funny thing is thanks to this i'm forced to use full outgoing enabled packet filter for the lan or skype simply won't work for voice/video and i won't enable an open socks proxy

  • 0 in reply to Mast_01

    Glad I'm personally still on Skype 7.21.  Thanks for the warnings, guys - I'll get this out to everyone.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Mast_01

    Glad I'm personally still on Skype 7.21.  Thanks for the warnings, guys - I'll get this out to everyone.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML