Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 14752 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM does not allow Windows OpenVPN client to connect, even with all ports open

GrigorisTzokatziou

Hi Guys,

I am new here and have made a switch from iPfire. I am having a few troubles with Open VPN. I need to connect to my work open vpn server now and then, before with ipfire this worked out of the box. I have created many rules in the firewall to allow udp/tcp 1194 993 443 etc from internal to external or any to any and still i cannot make a connection.

I am running the openvpn client as admin btw so this isn't the issue, below is the log, i have removed the actual ip from it. Is there something i'm missing here? I have looked everywhere and cannot find a solution.

Sun Jul 24 22:27:16 2016 NOTE: --group option is not implemented on Windows
Sun Jul 24 22:27:16 2016 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Jul 24 22:27:16 2016 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Sun Jul 24 22:27:16 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 24 22:27:16 2016 Need hold release from management interface, waiting...
Sun Jul 24 22:27:17 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'state on'
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'log all on'
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'hold off'
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'hold release'
Sun Jul 24 22:27:20 2016 MANAGEMENT: CMD 'password [...]'
Sun Jul 24 22:27:20 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jul 24 22:27:20 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jul 24 22:27:20 2016 UDPv4 link local: [undef]
Sun Jul 24 22:27:20 2016 UDPv4 link remote: [AF_INET]83.x.x.x.:1194
Sun Jul 24 22:27:20 2016 MANAGEMENT: >STATE:1469395640,WAIT,,,

I look forward to any replies.

Thanks,

Greg



This thread was automatically locked due to age.
Parents
  • 0

    I would make sure you disable tcp/udp flood detection on your UTM for testing.  You may just need to create an exception or something, but running a client behind the UTM can cause flood prevention to kick in.

  • 0 in reply to darrellr

    Hi Darrell,

    Both of these are not enabled, i have confirmed this and they are both un-ticked.

  • 0 in reply to GrigorisTzokatziou

    Darrell and I have seen this situation a lotta times, Greg - if it's the UTM causing the problem, you will see a block in either the Intrusion Prevention log or the Firewall log.  If there's nothing in either file, your problem isn't in the UTM.  Start those two Live Logs and then try to connect just to prove that it's not the UTM.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    I am made to believe that it is the UTM for the simple fact that if i turn the UTM off and turn ipfire one i can connect straight away. Nevertheless i will take an output of the logs and post shortly.

  • 0 in reply to BAlfson

    Hi Bob,

    Nothing in the IPs log, the below output is the only output i get on the firewall (greping my own ip):

    2016:07:28-00:01:27 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x307f" app="127" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="207" tos="0x00" prec="0x00" ttl="128" srcport="17500" dstport="17500"
    2016:07:28-00:01:38 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:38 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:40 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:49 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:49 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:50 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:57 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x307f" app="127" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="207" tos="0x00" prec="0x00" ttl="128" srcport="17500" dstport="17500"

  • 0 in reply to GrigorisTzokatziou

    You're right, that looks clean.  There's one other log listed in #1 in Rulz - if it's not there and you're convinced it's the UTM, I think we're down to packet captures.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to GrigorisTzokatziou

    You're right, that looks clean.  There's one other log listed in #1 in Rulz - if it's not there and you're convinced it's the UTM, I think we're down to packet captures.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML