This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN Client ain't connecting

Guys,

I am getting the following error message while try connecting via Sophos SSL VPN client. HTML VPN is working fine. The error log is:

Thu Jan 28 08:47:51 2016 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Mar 23 2015
Enter Management Password:
Thu Jan 28 08:47:51 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Thu Jan 28 08:47:51 2016 Need hold release from management interface, waiting...
Thu Jan 28 08:47:52 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Thu Jan 28 08:47:52 2016 MANAGEMENT: CMD 'state on'
Thu Jan 28 08:47:52 2016 MANAGEMENT: CMD 'log all on'
Thu Jan 28 08:47:52 2016 MANAGEMENT: CMD 'hold off'
Thu Jan 28 08:47:52 2016 MANAGEMENT: CMD 'hold release'
Thu Jan 28 08:48:04 2016 MANAGEMENT: CMD 'username "Auth" "ipsec"'
Thu Jan 28 08:48:04 2016 MANAGEMENT: CMD 'password [...]'
Thu Jan 28 08:48:04 2016 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Jan 28 08:48:04 2016 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jan 28 08:48:04 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 28 08:48:04 2016 Attempting to establish TCP connection with [AF_INET]203.6.245.1:443 [nonblock]
Thu Jan 28 08:48:04 2016 MANAGEMENT: >STATE:1453931284,TCP_CONNECT,,,
Thu Jan 28 08:48:05 2016 TCP connection established with [AF_INET]203.6.245.1:443
Thu Jan 28 08:48:05 2016 TCPv4_CLIENT link local: [undef]
Thu Jan 28 08:48:05 2016 TCPv4_CLIENT link remote: [AF_INET]203.6.245.1:443
Thu Jan 28 08:48:05 2016 MANAGEMENT: >STATE:1453931285,WAIT,,,
Thu Jan 28 08:48:05 2016 MANAGEMENT: >STATE:1453931285,AUTH,,,
Thu Jan 28 08:48:05 2016 TLS: Initial packet from [AF_INET]203.6.245.1:443, sid=8ae1c2ea 1683caa3
Thu Jan 28 08:48:05 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jan 28 08:48:05 2016 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=au, L=Clayton, O=Kent Relocation Group, CN=kent-utm-1.kentmoving.com, emailAddress=CraigP@KentRelocationGroup.com
Thu Jan 28 08:48:05 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Jan 28 08:48:05 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Jan 28 08:48:05 2016 TLS Error: TLS handshake failed
Thu Jan 28 08:48:05 2016 Fatal TLS error (check_tls_errors_co), restarting
Thu Jan 28 08:48:05 2016 SIGUSR1[soft,tls-error] received, process restarting
Thu Jan 28 08:48:05 2016 MANAGEMENT: >STATE:1453931285,RECONNECTING,tls-error,,
Thu Jan 28 08:48:05 2016 Restart pause, 5 second(s)

Appreciate your help in cracking this issue out.

This thread was automatically locked due to age.

Parents

0 BAlfson over 9 years ago

Hi, and welcome to the UTM Community!

"SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" might mean that the CA used in the UTM to generate the user's cert is not the same CA used to generate the cert in use by the UTM for SSL VPN.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago

Hi, and welcome to the UTM Community!

"SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" might mean that the CA used in the UTM to generate the user's cert is not the same CA used to generate the cert in use by the UTM for SSL VPN.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data