This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL problems after updating to 7.006

After updating to V 7.006 i cannot reach my internal network.
I also have to authenticate two times when I initially connect.

In OpenVPN log there´s no entry and in Packetfilter log is no entry, too.

What´s going on?
I will have quite a bad day tomorrow when my users want to access network
They will not be able to work.

Any hints?

Regards,
Alex

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 18 years ago

Well that makes two of us... are you authenticating SSL users to a backend (in our case, Active Directory)? I found the issue is related to using a backend to authenticate; when I created a test user with local (to the Astaro) authentication, it only takes one try to logon the vpn. I started a ticket Saturday afternoon, I'm sure I'll hear from Astaro Monday... good (actually not good) to hear that we're not the only ones with the SSL problem. Additionally I might add that there's no errors listed in the AUA log either on our production unit.

Also found that something in this release breaks NAT Traversal for clients behind a NAT when using the IPSEC remote access... also started a ticket with Astaro on that... this release seems to have added a number of bugs...

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to BrucekConvergent

Hi,

i only have local users but theay are all being nat´ed.

Hope this will be fixed soon.
Can you post the answer from Astaro on this topic here, please.

Kind regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to alasc

Nope, I've emailed them this morning to see if they've gotten anywhere with this... I'm starting to think this has more to do with NAT than authentication -- seeing as how NAT is causing issues with our IPSEC connections as well.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to BrucekConvergent

Good morning,

are there any updates ? I ´ve not seen this issue on Known Issue List yet.

Kind regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to alasc

No updates... all I've been told is my case is with the "escalation" team...

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to BrucekConvergent

That´s bad news for us all ...

Please write if you receive any updates from Astaro.
I need this feature again.

Have a nice day.

Regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to alasc

Latest update: they're working on a fix, no eta.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to BrucekConvergent

Thank you !

Keep us updated ...

Kind regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 ibeheer over 18 years ago in reply to alasc

Ssl is working correct. The problem would be in the Intrusion protection system.
Disable this and your problem is most likely solved!
Now you do not need the disable entire IPS. Only a part of it.
You are right that the problem came with version 7.006!!!
I hope this helps you to solve yours.

Greetings.

If you have a question about ips just ask!
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to ibeheer

Hi,

which part of IPS do you mean ? I disabled whole IPS but SSL doesn ´t work.

Regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to alasc

Uh... no... it's not IPS... Astaro has confirmed the SSL issue as an Authentication issue, and are working on a fix. For me, simply changing the authentication from AD Integrated to Local allows it to work properly... they've confirmed the issue, and will have to implement a fix in a future (hopefully the next one) up2date.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 ibeheer over 18 years ago in reply to BrucekConvergent

Attacks against Servers > HTTP Servers > Common > Set option to alert and notification to off.

If you don't turn this setting off you can't download in het user portal from an external link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ibeheer over 18 years ago in reply to BrucekConvergent

Attacks against Servers > HTTP Servers > Common > Set option to alert and notification to off.

If you don't turn this setting off you can't download in het user portal from an external link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BrucekConvergent over 18 years ago in reply to ibeheer

Again, not an issue here. Astaro support has confirmed that there is an issue with SSL (OpenVPN) and Authentication.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 ibeheer over 18 years ago in reply to BrucekConvergent

Your right. The have solved that problem. Update pattern 4.005 resolved the issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to ibeheer

Just updated to V7.007.

Problem still exits [:(]

When will this boring issue being fixed ?!

Regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to alasc

Who knows? The up2date didn't claim to do anything with VPN, just a few small fixes, like Webadmin issues, EDirectory, reporting issues.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to BrucekConvergent

Yes, you´re right !

I can not believe this ... It´s an essential feature.

I ´ll keep an eye on the known issue list. BTW, I don´t see there this issue - curious !!

Regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 ScottL over 18 years ago in reply to alasc

I upgrade from 6.xx to 7.x last Friday so now I am on 7.07. Other than SSL VPN everything has been working great.

Today I had to restart the User Authentication daemon to get the VPN to allow me to connect.

Has anyone else had this happen?

-Scott
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to ScottL

I'm not surprised... Astaro seems to think the SSL problem is due to an issue in the User Authentication Daemon --- and this last up2date did make some changes to it (for eDirectory), so there's always the possibility a new bug has been introduced.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 alasc over 18 years ago in reply to BrucekConvergent

Are there any updates yet ? This is getting serious ....

Astaro, when will this be fixed again ?

Regards,

Alex
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 18 years ago in reply to alasc

No updates on this yet (I'm one of the folks that opened a ticket on this) ... they know what the problem is, it is a confirmed bug. I can only think that this will be fixed in an upcoming up2date.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel
0 kwyrick over 18 years ago in reply to BrucekConvergent

Having the same issue. Opened a ticket yesterday morning requesting a phone call, got an e-mail message at 9:38 last night.
What about restoring from an earlier backup, say 7.005?
Cancel
Vote Up 0 Vote Down

Cancel