Update 9.405 breaks VPN

Hey Bob,

How do you restore from backup from before?  Is that from Management / Backup/Restore and click on restore from the available backup 9.405-5?

Thanks

That's it, Patrick.  Doing so kicks you out of WebAdmin - just log back in a few seconds later.

Cheers - Bob

Tried all of Bob suggestions, but to no avail.  Even re-create all VPN profile.  Anyone figure it out on how to get VPN working again.  In my case is SSL, L2TP, and Cisco VPN Client all breaks.

Thanks

If you watch the SSL VPN Live Log, do you see the client trying to login?  If not, then mayybe your public IP has changed.  If you do see activity, show us the result of one connection attempt.

Cheers - Bob

Thanks Bob,

You're right the WAN IP did changed.  Now I'm able to get SSL and Cisco VPN Client to work except L2TP.  On the L2TP live log, I'm getting this

What is the 172.56.x.151 IP?  Are you sure you have the correct Pre-Shared Key?

Cheers - Bob

BAlfson said:

What is the 172.56.x.151 IP?  Are you sure you have the correct Pre-Shared Key?

Cheers - Bob

 

The 172.56.x.x IP is the iPhone I'm connecting from.  Re-typing the Pre-Shared Key seems to nudge a bit.  I'm now able to connect L2TP via internal network only, but when connecting from external still getting the same msg "sending encrypted notification INVALID_MESSAGE_ID"

Thanks

i have tried your suggestions.

This issue is how the the VPN handles traffic since 9.405. I can connect to my security cameras over the VPN using SSL over the browser, but when i use the iphone app (which connects via the same IP and port #) the authentication fails. when i watch a TCPdump and the live log i can see the connection established, but auth fails. I do not know what logs or debugging options will allow me to see deeper in the weeds on this to identify a work around or pinpoint how the update(s) are causing the issue.

Start the SSL VPN Live Log.  After it has displayed 10 lines, it's ready.  Make a single connection attempt and show us the log lines from that.   Also, tell us whether the user is Locally Authenticated or by which authentication server.

Cheers - Bob

I posted this issue last year and I stumbled upon the solution today. As many of you know, the MTU size can wreak havoc on a VPN! Since the 9.405 update, the MTU size has been broke on the external interface and is stuck at 576. Sophos has stated they would fix this, but almost year later, no such luck. The manual fix below will let you set the MTU back to 1500. And this FIXED my vpn issue from my original post!!!

Also, the suggested answer by BAlfson, was not a solution...