Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 3 subscribers
  • Views 14753 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM does not allow Windows OpenVPN client to connect, even with all ports open

GrigorisTzokatziou

Hi Guys,

I am new here and have made a switch from iPfire. I am having a few troubles with Open VPN. I need to connect to my work open vpn server now and then, before with ipfire this worked out of the box. I have created many rules in the firewall to allow udp/tcp 1194 993 443 etc from internal to external or any to any and still i cannot make a connection.

I am running the openvpn client as admin btw so this isn't the issue, below is the log, i have removed the actual ip from it. Is there something i'm missing here? I have looked everywhere and cannot find a solution.

Sun Jul 24 22:27:16 2016 NOTE: --group option is not implemented on Windows
Sun Jul 24 22:27:16 2016 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Jul 24 22:27:16 2016 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Sun Jul 24 22:27:16 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 24 22:27:16 2016 Need hold release from management interface, waiting...
Sun Jul 24 22:27:17 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'state on'
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'log all on'
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'hold off'
Sun Jul 24 22:27:17 2016 MANAGEMENT: CMD 'hold release'
Sun Jul 24 22:27:20 2016 MANAGEMENT: CMD 'password [...]'
Sun Jul 24 22:27:20 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jul 24 22:27:20 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jul 24 22:27:20 2016 UDPv4 link local: [undef]
Sun Jul 24 22:27:20 2016 UDPv4 link remote: [AF_INET]83.x.x.x.:1194
Sun Jul 24 22:27:20 2016 MANAGEMENT: >STATE:1469395640,WAIT,,,

I look forward to any replies.

Thanks,

Greg



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    Hi Bob,

    I am made to believe that it is the UTM for the simple fact that if i turn the UTM off and turn ipfire one i can connect straight away. Nevertheless i will take an output of the logs and post shortly.

  • 0 in reply to BAlfson

    Hi Bob,

    Nothing in the IPs log, the below output is the only output i get on the firewall (greping my own ip):

    2016:07:28-00:01:27 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x307f" app="127" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="207" tos="0x00" prec="0x00" ttl="128" srcport="17500" dstport="17500"
    2016:07:28-00:01:38 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:38 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:40 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:49 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:49 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:50 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"
    2016:07:28-00:01:57 titan ulogd[6871]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x307f" app="127" srcmac="30:3a:64:e8:d2:fd" dstmac="00:0c:29:35:05:02" srcip="10.0.0.193" dstip="10.0.0.255" proto="17" length="207" tos="0x00" prec="0x00" ttl="128" srcport="17500" dstport="17500"

  • 0 in reply to GrigorisTzokatziou

    You're right, that looks clean.  There's one other log listed in #1 in Rulz - if it's not there and you're convinced it's the UTM, I think we're down to packet captures.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML