Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 27 replies
  • Subscribers 1 subscriber
  • Views 5798 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL problems after updating to 7.006

alasc
After updating to V 7.006 i cannot reach my internal network.
I also have to authenticate two times when I initially connect.

In OpenVPN log there´s no entry and in Packetfilter log is no entry, too.

What´s going on?
I will have quite a bad day tomorrow when my users want to access network 
They will not be able to work.

Any hints?

Regards,
Alex


This thread was automatically locked due to age.
Parents
  • 0
    Well that makes two of us... are you authenticating SSL users to a backend (in our case, Active Directory)? I found the issue is related to using a backend to authenticate; when I created a test user with local (to the Astaro) authentication, it only takes one try to logon the vpn.  I started a ticket Saturday afternoon, I'm sure I'll hear from Astaro Monday... good (actually not good) to hear that we're not the only ones with the SSL problem.  Additionally I might add that there's no errors listed in the AUA log either on our production unit.

    Also found that something in this release breaks NAT Traversal for clients behind a NAT when using the IPSEC remote access... also started a ticket with Astaro on that... this release seems to have added a number of bugs...

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Hi,

    i only have local users but theay are all being nat´ed.

    Hope this will be fixed soon.
    Can you post the answer from Astaro on this topic here, please.

    Kind regards,

    Alex
  • 0 in reply to alasc
    Latest update: they're working on a fix, no eta.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Thank you !

    Keep us updated ...

    Kind regards,

    Alex
  • 0 in reply to alasc
    Ssl is working correct. The problem would be in the Intrusion protection system.
    Disable this and your problem is most likely solved!
    Now you do not need the disable entire IPS. Only a part of it.
    You are right that the problem came with version 7.006!!!
    I hope this helps you to solve yours.

    Greetings.

    If you have a question about ips just ask!
  • 0 in reply to ibeheer
    Hi,

    which part of IPS do you mean ? I disabled whole IPS but SSL doesn ´t work.

    Regards,

    Alex
  • 0 in reply to alasc
    Uh... no... it's not IPS... Astaro has confirmed the SSL issue as an Authentication issue, and are working on a fix.  For me, simply changing the authentication from AD Integrated to Local allows it to work properly... they've confirmed the issue, and will have to implement a fix in a future (hopefully the next one) up2date.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Attacks against Servers > HTTP Servers > Common > Set option to alert and notification to off.


    If you don't turn this setting off you can't download in het user portal from an external link.
  • 0 in reply to ibeheer
    Again, not an issue here.  Astaro support has confirmed that there is an issue with SSL (OpenVPN) and Authentication.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Your right. The have solved that problem. Update pattern 4.005 resolved the issue.
  • 0 in reply to ibeheer
    Just updated to V7.007.

    Problem still exits [:(]

    When will this boring issue being fixed ?!

    Regards,

    Alex
  • 0 in reply to alasc
    Who knows?  The up2date didn't claim to do anything with VPN, just a few small fixes, like Webadmin issues, EDirectory, reporting issues.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to alasc
    Who knows?  The up2date didn't claim to do anything with VPN, just a few small fixes, like Webadmin issues, EDirectory, reporting issues.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent
    Yes, you´re right !

    I can not believe this ... It´s an essential feature.

    I ´ll keep an eye on the known issue list. BTW, I don´t see there this issue - curious !!

    Regards,

    Alex
  • 0 in reply to alasc
    I upgrade from 6.xx to 7.x last Friday so now I am on 7.07.  Other than SSL VPN everything has been working great.

    Today I had to restart the User Authentication daemon to get  the VPN to allow me to connect.

    Has anyone else had this happen?

    -Scott
  • 0 in reply to ScottL
    I'm not surprised... Astaro seems to think the SSL problem is due to an issue in the User Authentication Daemon --- and this last up2date did make some changes to it (for eDirectory), so there's always the possibility a new bug has been introduced.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Are there any updates yet ? This is getting serious ....

    Astaro, when will this be fixed again ?

    Regards,

    Alex
  • 0 in reply to alasc
    No updates on this yet (I'm one of the folks that opened a ticket on this) ... they know what the problem is, it is a confirmed bug.  I can only think that this will be fixed in an upcoming up2date.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Having the same issue. Opened a ticket yesterday morning requesting a phone call, got an e-mail message at 9:38 last night.
    What about restoring from an earlier backup, say 7.005?
  • 0 in reply to BrucekConvergent
    Anyone have any idea when this will be fixed? Restoring 7.005 didn't fix it. Still having the same issue. Anyone have a good work around?

    UPDATE, my issue was NOT Astaro's fault, the route got changed on the default gateway. Now I get to figure out how that could have happened.
  • 0 in reply to kwyrick
    I've read this thread a couple of times and I'm still not sure I understand the issue.. we're on 7.007, users are authenticating against AD, and SSLVPN works just fine. We were getting the "double login" issue but it otherwise worked fine, yet within the last week even THAT has somehow gone away... now a single login works just fine.

    Can someone tell me what this issue really is? Does it affect only "some" people using SSLVPN?
  • 0 in reply to jkmichael
    Hi,

    I can login successfully with only one attempt. 
    But we do not get access to internal network, that´s the problem !

    Regards,

    Alex
Cookie Information Banner