Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2797 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lots of VPN traffic without VPN connection?

iroc409
Since I activated SSL remote access, my daily reports are getting a lot of traffic classified as OPenVPN, even without being connected.  I think yesterday it flagges something like 300MB of traffic, but no VPN connections.  The first day I activated remote access, and made a few test connections (to test connection from wireless VLAN to internal), it showed something like 900MB of VPN traffic.

Is the device flagging other traffic as OpenVPN traffic, or do I have a major issue here?


This thread was automatically locked due to age.
  • 0
    You can learn more about the endpoints of such traffic on the 'Bandwidth Usage' tab of 'Logging & Reporting >> Network Usage'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Thanks Bob, I will dig through that when I get a chance.
  • 0
    I looked through the traffic logs, and I'm having trouble with it at the moment, but most of the traffic appears to be going to/from my wife's cell phone, but just about everything on my network is guilty.  I think the UTM is just improperly classifying the traffic, perhaps confusing HTTPS with VPN.

    After I turned off the SSL VPN, there is no traffic on the reports that indicates VPN/tunneling.  Which should indicate that I don't have a problem with rogue VPN traffic.

    I did have some interesting logs.  I assume this is just from connection attempts, but are these kinds of logs anything I should be worried about? 

    2014:11:14-14:12:55 subway openvpn[10026]: TCP connection established with [AF_INET]198.20.69.98:34405 (via [AF_INET]:443)

    2014:11:14-14:12:57 subway openvpn[10026]: 198.20.69.98:34405 Non-OpenVPN client protocol detected

    2014:11:14-14:12:57 subway openvpn[10026]: 198.20.69.98:34405 SIGTERM[soft,port-share-redirect] received, client-instance exiting

    2014:11:14-14:12:59 subway openvpn[10026]: TCP connection established with [AF_INET]198.20.69.98:34817 (via [AF_INET]:443)

    2014:11:14-14:12:59 subway openvpn[10026]: 198.20.69.98:34817 Non-OpenVPN client protocol detected

    2014:11:14-14:12:59 subway openvpn[10026]: 198.20.69.98:34817 SIGTERM[soft,port-share-redirect] received, client-instance exiting

    2014:11:14-14:13:02 subway openvpn[10026]: TCP connection established with [AF_INET]198.20.69.98:35016 (via [AF_INET]:443)

    2014:11:14-14:13:02 subway openvpn[10026]: 198.20.69.98:35016 Non-OpenVPN client protocol detected

    2014:11:14-14:13:02 subway openvpn[10026]: 198.20.69.98:35016 SIGTERM[soft,port-share-redirect] received, client-instance exiting

    2014:11:15-07:27:56 subway openvpn[10026]: TCP connection established with [AF_INET]74.82.47.3:39478 (via [AF_INET]:443)

    2014:11:15-07:27:58 subway openvpn[10026]: 74.82.47.3:39478 Non-OpenVPN client protocol detected

    2014:11:15-07:27:58 subway openvpn[10026]: 74.82.47.3:39478 SIGTERM[soft,port-share-redirect] received, client-instance exiting

    2014:11:15-07:31:52 subway openvpn[10026]: TCP connection established with [AF_INET]74.82.47.3:55629 (via [AF_INET]:443)

    2014:11:15-07:31:53 subway openvpn[10026]: 74.82.47.3:55629 Non-OpenVPN client protocol detected

    2014:11:15-07:31:53 subway openvpn[10026]: 74.82.47.3:55629 SIGTERM[soft,port-share-redirect] received, client-instance exiting

    2014:11:16-02:19:43 subway openvpn[10026]: TCP connection established with [AF_INET]216.218.206.66:43124 (via [AF_INET]:443)

    2014:11:16-02:19:44 subway openvpn[10026]: 216.218.206.66:43124 Non-OpenVPN client protocol detected

    2014:11:16-02:19:44 subway openvpn[10026]: 216.218.206.66:43124 SIGTERM[soft,port-share-redirect] received, client-instance exiting

    2014:11:16-02:24:01 subway openvpn[10026]: TCP connection established with [AF_INET]216.218.206.66:40165 (via [AF_INET]:443)

    2014:11:16-02:24:01 subway openvpn[10026]: 216.218.206.66:40165 Non-OpenVPN client protocol detected

    2014:11:16-02:24:01 subway openvpn[10026]: 216.218.206.66:40165 SIGTERM[soft,port-share-redirect] received, client-instance exiting

    2014:11:16-07:02:27 subway openvpn[10026]: TCP connection established with [AF_INET]141.212.121.10:29136 (via [AF_INET]:443)

    2014:11:16-07:02:27 subway openvpn[10026]: 141.212.121.10:29136 Non-OpenVPN client protocol detected

    2014:11:16-07:02:27 subway openvpn[10026]: 141.212.121.10:29136 SIGTERM[soft,port-share-redirect] received, client-instance exiting
Unfiltered HTML