Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 10850 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with VPNSSL connection

Sacha
Dear friends ,

I Have an issue for some of my VPNSSL Users.
It work from most place but i have an issue from 2 specific offices.
Please note that a single computer work from somewhere (for ex: User's Home) And wont work anymore from this other office

here is the client log :
Thu Jan 02 16:53:48 2014 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jun 14 2013
Thu Jan 02 16:53:48 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jan 02 16:53:48 2014 Need hold release from management interface, waiting...
Thu Jan 02 16:53:49 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jan 02 16:53:49 2014 MANAGEMENT: CMD 'state on'
Thu Jan 02 16:53:49 2014 MANAGEMENT: CMD 'log all on'
Thu Jan 02 16:53:49 2014 MANAGEMENT: CMD 'hold off'
Thu Jan 02 16:53:49 2014 MANAGEMENT: CMD 'hold release'
Thu Jan 02 16:54:15 2014 MANAGEMENT: CMD 'username "Auth" "user.name"'
Thu Jan 02 16:54:15 2014 MANAGEMENT: CMD 'password [...]'
Thu Jan 02 16:54:15 2014 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Jan 02 16:54:15 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jan 02 16:54:16 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jan 02 16:54:16 2014 Attempting to establish TCP connection with [AF_INET]IPADRESS:443 [nonblock]
Thu Jan 02 16:54:16 2014 MANAGEMENT: >STATE:1388678056,TCP_CONNECT,,,
Thu Jan 02 16:54:26 2014 TCP: connect to [AF_INET]IPADRESS:443 failed, will try again in 5 seconds: Le système a tenté de joindre un lecteur à un répertoire stocké sur un lecteur joint.  


And here is the Sophos log for the same connection :
2014:01:02-16:52:40 FW-***-1 openvpn[4425]: TCP connection established with [AF_INET]IPADRESS:27701 (via [AF_INET]IPADRESS:443)
2014:01:02-16:52:40 FW-***-1 openvpn[4425]: IPADRESS:27701 Non-OpenVPN client protocol detected
2014:01:02-16:52:40 FW-***-1 openvpn[4425]: IPADRESS:27701 SIGTERM[soft,port-share-redirect] received, client-instance exiting


Well, i am not so good at managing my sophos (well its working almost anywere tho) and i wonder if this is about one of my firewall rules or if the issue is located on the other offices firewall


Thanks for you reply and sorry about my english [:)]

Sacha


This thread was automatically locked due to age.
  • 0
    Since it says this:

    TCP: connect to [AF_INET]IPADRESS:443 failed, will try again....

    It looks like the connection to port 443 of your UTM fails. Most likely it is something with the firewall at this remote location from which you want to connect to your UTM.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels
    Since it says this:

    TCP: connect to [AF_INET]IPADRESS:443 failed, will try again....

    It looks like the connection to port 443 of your UTM fails. Most likely it is something with the firewall at this remote location from which you want to connect to your UTM.


    Thanks for your answer mate.
    The strange thing on this is the UTM log saying
     TCP connection established with [AF_INET]IPADRESS:27701 (via [AF_INET]IPADRESS:443)

    Like the connection was established sucessfully but break right after.
  • 0
    Try #1 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML