Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 13924 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN not working...

rtgreen10
I have followed the instructions to a T however when any client from any location tries to access the site to get at the client software per the instructions I get the following message:

Forbidden

You don't have permission to access / on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

I have tried changing the port with no luck.

In the logs is says the following:
2013:04:13-11:32:52 fw1-1 openvpn[988]: MULTI: multi_create_instance called
2013:04:13-11:32:52 fw1-1 openvpn[988]: Re-using SSL/TLS context
2013:04:13-11:32:52 fw1-1 openvpn[988]: LZO compression initialized
2013:04:13-11:32:52 fw1-1 openvpn[988]: Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
2013:04:13-11:32:52 fw1-1 openvpn[988]: Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
2013:04:13-11:32:52 fw1-1 openvpn[988]: Local Options String: 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-server'
2013:04:13-11:32:52 fw1-1 openvpn[988]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-client'
2013:04:13-11:32:52 fw1-1 openvpn[988]: Local Options hash (VER=V4): 'a4f12474'
2013:04:13-11:32:52 fw1-1 openvpn[988]: Expected Remote Options hash (VER=V4): '619088b2'
2013:04:13-11:32:52 fw1-1 openvpn[988]: TCP connection established with 76.185.84.214:64501
2013:04:13-11:32:52 fw1-1 openvpn[988]: Socket Buffers: R=[131072->131072] S=[131072->131072]
2013:04:13-11:32:52 fw1-1 openvpn[988]: TCPv4_SERVER link local: [undef]
2013:04:13-11:32:52 fw1-1 openvpn[988]: TCPv4_SERVER link remote: 76.185.84.214:64501
2013:04:13-11:32:52 fw1-1 openvpn[988]: 76.185.84.214:64501 Non-OpenVPN client protocol detected
2013:04:13-11:32:52 fw1-1 openvpn[988]: 76.185.84.214:64501 SIGTERM[soft,port-share-redirect] received, client-instance exiting
2013:04:13-11:32:52 fw1-1 openvpn[988]: TCP/UDP: Closing socket 

Not sure what is giong on as I am following the instructions to the letter.  Any help appreciated.


This thread was automatically locked due to age.
  • 0
    Please tell us the exact version - 9.006-5?

    "Non-OpenVPN client protocol detected" - I'm not sure which instructions you're following and the exact reason this appears.  What was the user trying to do - login to the VPN or download the SSL VPN Client?

    The SSL VPN Client is downloaded via the User Portal.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    most current version.  irmware version: 9.005-16
    Pattern version: 44513

    The instructions from the help section of Sophos site.

    The users are just trying to access for the first time to login to the user portal and download the client.  So I am not even getting to the client dowload area.
  • 0
    login to the user portal and download the client.

    The lines in the first post are from the SSL VPN log, so I still have a disconnect about this.  Which "instructions from the help section of Sophos site" do you mean - the ones in the help when you press the "?" in the blue dot?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Which User Portal?  The admin portal or the user portal?  I do not have a user portal to get to.  When I try i get the message from the start of the thread.  If there is another way I can login and download the client then I will try that.  

    The instructions are the ones from this link:

    www.sophos.com/en.../utm90_Remote_Access_Via_SSL_geng.pdf
  • 0
    Figured out the issue with the user portal.  I did not have a good route setup in the allowed networks.  Thank you for pushing me to re-look at settings and question myself.  I can now access the clients and see if they work for allowing access.  I appreciate the help.
  • 0 in reply to rtgreen10

    I'm having the same issue. Where did you go to fix it?

  • 0 in reply to SonnyVinyard

    Hi, Sonny, and welcome to the UTM Community!

    Please insert a picture of the 'Global' tab in 'User Portal'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I think I've fixed it. Here's the screen capture

Unfiltered HTML