Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Junior Member
Join Date: Feb 2012
Posts: 2
#1 (permalink)  
Old 02-11-2012, 07:34 PM
Default what's problem in SSL Remote Access config ?

I Config SSL Remote Access very well, but now It didn't work for my XP Client

I Put The Log Status of SSL Application client on XP , here.

so please help me to find problem.

thank you.

my Internal Connection of ASG is = 172.16.22.254/24

my XP client Get IP from DHCP Service of ASG and so on.

this is my log :

Quote:
Sat Feb 11 23:56:56 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.242.2.6/255.255.255.252 on interface {7DA6914F-7B97-43A7-B930-8527A99C5DAC} [DHCP-serv: 10.242.2.5, lease-time: 31536000]
Sat Feb 11 23:56:56 2012 Successful ARP Flush on interface [327684] {7DA6914F-7B97-43A7-B930-8527A99C5DAC}
Sat Feb 11 23:57:00 2012 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Sat Feb 11 23:57:00 2012 Route: Waiting for TUN/TAP interface to come up...
Sat Feb 11 23:57:04 2012 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sat Feb 11 23:57:04 2012 C:\WINDOWS\system32\route.exe ADD 172.16.22.0 MASK 255.255.255.0 10.242.2.5
Sat Feb 11 23:57:04 2012 Route addition via IPAPI succeeded [adaptive]
Sat Feb 11 23:57:04 2012 C:\WINDOWS\system32\route.exe ADD 10.242.2.1 MASK 255.255.255.255 10.242.2.5
Sat Feb 11 23:57:04 2012 Route addition via IPAPI succeeded [adaptive]
Sat Feb 11 23:57:04 2012 Initialization Sequence Completed
Sat Feb 11 23:57:06 2012 Bad LZO decompression header byte: 42
Sat Feb 11 23:57:25 2012 Connection reset, restarting [-1]
Sat Feb 11 23:57:25 2012 TCP/UDP: Closing socket
Sat Feb 11 23:57:25 2012 SIGUSR1[soft,connection-reset] received, process restarting
Sat Feb 11 23:57:25 2012 Restart pause, 5 second(s)
Sat Feb 11 23:57:30 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Sat Feb 11 23:57:30 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Feb 11 23:57:30 2012 Re-using SSL/TLS context
Sat Feb 11 23:57:30 2012 LZO compression initialized
Sat Feb 11 23:57:30 2012 Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Feb 11 23:57:30 2012 Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Feb 11 23:57:30 2012 Local Options hash (VER=V4): '619088b2'
Sat Feb 11 23:57:30 2012 Expected Remote Options hash (VER=V4): 'a4f12474'
Sat Feb 11 23:57:30 2012 Attempting to establish TCP connection with 172.16.22.254:443
Sat Feb 11 23:57:51 2012 TCP: connect to 172.16.22.254:443 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,663
#2 (permalink)  
Old 02-12-2012, 12:53 PM
Default

You can't establish an SSL VPN connection from inside your network.

The other, possible issue is that, in XP, the SSL VPN adapter must be first, ahead of all other network interfaces.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 11:06 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.