Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 35494 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN: remotely authenticated (ADDS) but VPN fails

Bembel

Hi,

one of our recently created users cannot use SSL VPN. We use Microsoft ADDS, users are imported & created through the console manually ("Prefetch Directory Users").

On dial-up authentication services return success...

2017:03:10-10:47:27 <firewall name> aua[18096]: id="3004" severity="info" sys="System" sub="auth" name="Authentication successful" srcip="<IP address>" host="" user="<ADDS user name>" caller="openvpn" engine="adirectory"

...but the SSL VPN client & live log say otherwise:

2017:03:10-10:47:28 <firewall name> openvpn[7324]: <IP address>:54521 TLS Auth Error: --client-config-dir authentication failed for common name '<ADDS user name>' file='/etc/openvpn/conf.d/<ADDS user name>'

There have been users created before and after this user was created which run perfectly.

We are running an SG230 (9.411-3).

Does anyone have an idea how to approach this issue?

Thanks so much in advance!



This thread was automatically locked due to age.
Parents
  • 0

    Hello all, this appears to be some kind of corruption of the user in the UTM and the (temporary until Sophos fixes the underlying issue) fix is to delete the user object and resync them.

     

    These steps worked for me for fixing the VPN of one of our users who was affected by this issue:

    1. Delete the user in the UTM.
    2. Recreate the user account by choosing "Prefetch Now" in Definitions & Users > Authentication Services > Advanced > Prefetch Now. It may take a few minutes for this process to complete before the user account is recreated.
    3. Download the SSL VPN configuration files. You can choose the option for just the configuration files if the VPN client is already installed on the client computer.
    4. The VPN configuration files are stored in the client computer at "C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config". Delete the folder that matches the user and replace it with the extracted config files from step 3.
    5. The user should now be able to connect to the VPN.
Reply
  • 0

    Hello all, this appears to be some kind of corruption of the user in the UTM and the (temporary until Sophos fixes the underlying issue) fix is to delete the user object and resync them.

     

    These steps worked for me for fixing the VPN of one of our users who was affected by this issue:

    1. Delete the user in the UTM.
    2. Recreate the user account by choosing "Prefetch Now" in Definitions & Users > Authentication Services > Advanced > Prefetch Now. It may take a few minutes for this process to complete before the user account is recreated.
    3. Download the SSL VPN configuration files. You can choose the option for just the configuration files if the VPN client is already installed on the client computer.
    4. The VPN configuration files are stored in the client computer at "C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config". Delete the folder that matches the user and replace it with the extracted config files from step 3.
    5. The user should now be able to connect to the VPN.
Children
Unfiltered HTML