08-31-2022 09:03 AM
Greetings, curious if anyone has some suggestions for us.
We have an RV345P Dual Wan
FW: 1.0.03.28 (Latest and greatest as of today 2022-08-30)
For weeks we were getting persistent SSL VPN connection attempt errors in our logs which was causing the router to periodically lose internet connectivity (EXAMPLE 1 BELOW). At the time we DID NOT have any users attempting to VPN in (this was malicious traffic)
Given we do not have frequent SSL Anyconnect VPN sessions we turned off the SSL VPN functionality. (around Aug 17th).
Now we are getting what looks to be repeated SSLVPN attempts (EXAMPLE 2 BELOW).
Only issue we have noticed is come SIP calls across the WAN (we have Site-to-Site VPN configured to another office running an RV345 as well) are being dropped when these attempts appear to be happening.
Questions:
Q1: Are there any other steps we can take to block the SSL VPN attempts with the SSLVPN Server off?
Q2: If we wanted to enable SSLVPN what other steps can we take to block what we would assume are malicious SSLVPN attempts and allow users to SSL VPN with the Any connect client? (can we change ports? limit SSL to certain MAC addys etc)
Q3: Is there a reference guide to some of these errors? Quick google search did not produce explanations.
Any Suggestions would be greatly appreciated.
LOGS:
Example 1: (When SSLVPN Server was Running)
2022-08-17T22:42:06-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[6FCB7470] connection_thread: Error accepting SSL connection;
2022-08-17T22:42:06-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3162[6FCB7470] nonblocking_ssl_accept: Unexpected error during SSL handshake,status:-1;
2022-08-17T22:41:53-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-17T22:41:53-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3162[704B7470] nonblocking_ssl_accept: Unexpected error during SSL handshake,status:-1;
2022-08-17T22:41:52-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-17T22:41:52-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3162[704B7470] nonblocking_ssl_accept: Unexpected error during SSL handshake,status:-1;
2022-08-17T22:41:51-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-17T22:41:51-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3162[704B7470] nonblocking_ssl_accept: Unexpected error during SSL handshake,status:-1;
2022-08-17T22:41:50-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-17T22:41:50-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3162[704B7470] nonblocking_ssl_accept: Unexpected error during SSL handshake,status:-1;
2022-08-17T22:41:49-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-17T22:41:49-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3158[704B7470] nonblocking_ssl_accept: Peer closed connection during SSL handshake,status:0;
2022-08-17T21:55:14-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-17T21:55:14-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3158[704B7470] nonblocking_ssl_accept: Peer closed connection during SSL handshake,status:0;
2022-08-17T21:55:14-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[6FCB7470] connection_thread: Error accepting SSL connection;
2022-08-17T21:55:14-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3162[6FCB7470] nonblocking_ssl_accept: Unexpected error during SSL handshake,status:-1;
2022-08-17T11:06:44-06:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-17T11:06:44-06:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3162[704B7470] nonblocking_ssl_accept: Unexpected error during SSL handshake,status:-1;
2022-08-16T19:48:01-06:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2505[76FC4350] SSLVPN server (pid=11443)already running, only one instance allowed;
2022-08-16T19:47:48-06:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2752[76FDE350] sslserver_init: Error setting SO_REUSEADDR socket option;
EXAMPLE 2:(AFTER WE DISABLED SSLVPN SERVER ON RV345)
2022-08-30T08:37:26-04:00 <error>Webfilter: SSL connect failed: error:140D1044:lib(20):func(209):reason(68)
2022-08-28T10:47:44-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76FAD350] Could not find a running instance of SSLVPN server;
2022-08-28T10:47:05-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76F79350] Could not find a running instance of SSLVPN server;
2022-08-28T10:46:47-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76F7B350] Could not find a running instance of SSLVPN server;
2022-08-28T10:33:06-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76F39350] Could not find a running instance of SSLVPN server;
2022-08-28T10:32:37-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76F11350] Could not find a running instance of SSLVPN server;
2022-08-27T19:31:26-04:00 <error>Webfilter: SSL connect failed: error:140D1044:lib(20):func(209):reason(68)
2022-08-26T18:17:43-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76F59350] Could not find a running instance of SSLVPN server;
2022-08-25T05:19:26-04:00 <error>Webfilter: SSL connect failed: error:140D1044:lib(20):func(209):reason(68)
2022-08-23T02:19:26-04:00 <error>Webfilter: SSL connect failed: error:140D1044:lib(20):func(209):reason(68)
2022-08-21T03:49:26-04:00 <error>Webfilter: SSL connect failed: error:140D1044:lib(20):func(209):reason(68)
2022-08-20T11:53:00-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76FD0350] Could not find a running instance of SSLVPN server;
2022-08-20T11:51:11-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_main.c.2946[76FC6350] Could not find a running instance of SSLVPN server;
2022-08-20T01:14:43-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_http_parser.c.413[745FF470] Unsupported HTTP request method !;
2022-08-20T01:14:43-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_http_parser.c.319[745FF470] Unsupported HTTP request method !;
2022-08-20T01:13:41-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.2382[704B7470] connection_thread: Error accepting SSL connection;
2022-08-20T01:13:41-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslserver.c.3158[704B7470] nonblocking_ssl_accept: Peer closed connection during SSL handshake,status:-1;
2022-08-18T21:32:47-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_http_parser.c.413[745FF470] Unsupported HTTP request method !;
2022-08-18T21:32:47-04:00 <error>log_sslvpnac: facility=SslVpn;msg=ERROR sslvpn_http_parser.c.319[745FF470] Unsupported HTTP request method !;
2022-08-18T09:37:26-04:00 <error>Webfilter: SSL connect failed: error:140D1044:lib(20):func(209):reason(68)
08-31-2022 09:59 AM
since you running latest firmware check below thread or contact SMB TAC for assitance :
08-31-2022 02:03 PM
Thanks Balaji, and appreciate your previous advice.
This is a different issue, we no long see a WAN drop.
12-14-2022 01:15 PM
Hello, I've some similar errors in my log, moreover a couple of days ago I've recieved some allert, somebody was tryng to connect to my vpn using wrong usr and password. Acually I don't understand from the following logs if this time they couldn't violate the vpn password. Could somebody help me? Following the log... sorry but is is a bit long.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide