{"id":540,"date":"2013-12-25T10:35:30","date_gmt":"2013-12-25T08:35:30","guid":{"rendered":"http:\/\/www.klehr.de\/michael\/?p=540"},"modified":"2014-01-12T18:49:51","modified_gmt":"2014-01-12T16:49:51","slug":"sophos-utm-red-server-neu-starten-nach-update-kein-red-tunnel","status":"publish","type":"post","link":"https:\/\/www.klehr.de\/michael\/sophos-utm-red-server-neu-starten-nach-update-kein-red-tunnel\/","title":{"rendered":"Sophos UTM RED Server neu starten (nach Update kein RED Tunnel)"},"content":{"rendered":"

Nach dem Update auf 9.107-33 eines Sophos UTM 320 und eines UTM 220 HA Clusters hat sich der RED Tunnel (UTM-2-UTM) nicht mehr aufgebaut. Reboot der UTM kommt nicht in Frage… Das muss auch anders gehen \ud83d\ude42 Also per SSH auf beiden UTM eingeloggen und die Dienste neu starten – wie bei jedem anderen Linuxsystem auch.
\nDies ist zum einem der „red_server.plc<\/span>“ und auf der Gegenseite der „red_client.plc<\/span>„. Mit „ps fax<\/span>“ kann man herausfinden welche PID (Prozess-ID) der Service hat:<\/p>\n

<M> mfs-fw:\/root #<\/span> ps fax<\/span><\/p>\n

25970 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Ss\u00a0\u00a0\u00a0\u00a0 0:00 red_server.plc<\/span>
\n26001 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 S\u00a0\u00a0\u00a0\u00a0\u00a0 0:00\u00a0 \\_ UPLOAD [idle]
\n26010 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 S\u00a0\u00a0\u00a0\u00a0\u00a0 0:00\u00a0 \\_ Socket-Listener<\/span>
\n26753 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 S\u00a0\u00a0\u00a0\u00a0\u00a0 0:00\u00a0\u00a0\u00a0\u00a0\u00a0 \\_ 3ca217239ab6d5c (1) [217.6.37.234]<\/p>\n

Nun den Serverdienst anhalten (killen!):<\/p>\n

<M> mfs-fw:\/root #<\/span> kill -9 25970<\/span><\/p>\n

Danach blieb der Socket-Listener „h\u00e4ngen“:<\/p>\n

2013:12:25-09:02:42 mfs-fw-1 red_server[22797]: Can't open SSL listening socket, re-trying in 10 seconds<\/span>\r\n 2013:12:25-09:02:52 mfs-fw-1 red_server[22797]: Can't open SSL listening socket, re-trying in 10 seconds<\/span>\r\n 2013:12:25-09:02:55 mfs-fw-1 red_server[22756]: SELF: shutdown requested, killing clients\r\n 2013:12:25-09:02:55 mfs-fw-1 red_server[22756]: SELF: killing client 3ca217239ab6d5c<\/pre>\n
Diesen mu\u00df man auch mit der Brutalomethode killen:
\n<\/span>
\n<M> mfs-fw:\/root #<\/span> kill -9 26010<\/span><\/p>\n
Jetzt wieder den Dienst neu starten:<\/p>\n
<M> mfs-fw:\/root #<\/span> red_server.plc<\/span><\/p>\n
2013:12:25-09:03:44 mfs-fw-1 red_server[25970]: SELF: RED10rev1 version set to 14\r\n 2013:12:25-09:03:44 mfs-fw-1 red_server[25970]: SELF: RED10rev2 version set to 2005R2\r\n 2013:12:25-09:03:44 mfs-fw-1 red_server[25970]: SELF: RED10rev2 local version set to 2026R2\r\n 2013:12:25-09:03:44 mfs-fw-1 red_server[25970]: SELF: RED50 fw version set to 2005\r\n 2013:12:25-09:03:44 mfs-fw-1 red_server[25970]: SELF: RED50 local fw version set to 2026\r\n 2013:12:25-09:03:44 mfs-fw-1 red_server[25970]: SELF: IO::Socket::SSL Version: 1.953\r\n 2013:12:25-09:03:44 mfs-fw-1 red_server[25970]: SELF: Startup - waiting 15 seconds ...\r\n 2013:12:25-09:03:59 mfs-fw-1 red_server[26001]: UPLOAD: Uploader process starting\r\n 2013:12:25-09:04:00 mfs-fw-1 red_server[25970]: SELF: (Re-)loading device configurations\r\n 2013:12:25-09:04:00 mfs-fw-1 red_server[25970]: 3ca217239ab6d5c: New device\r\n 2013:12:25-09:06:35 mfs-fw-1 red_server[26753]: SELF: New connection from X.X.X.X with ID 3ca217239ab6d5c (cipher RC4-SHA), rev1<\/span>\r\n 2013:12:25-09:06:35 mfs-fw-1 redctl[26755]: key length: 32\r\n 2013:12:25-09:06:35 mfs-fw-1 redctl[26756]: key length: 32\r\n 2013:12:25-09:06:35 mfs-fw-1 red_server[26753]: 3ca2c7219ab6d5c: connected OK, pushing config<\/span>\r\n 2013:12:25-09:06:35 mfs-fw-1 red_server[26753]: 3ca2c7219ab6d5c: command 'PING 0'\r\n 2013:12:25-09:06:35 mfs-fw-1 red_server[26753]: id=\"4201\" severity=\"info\" sys=\"System\" sub=\"RED\" name=\"RED Tunnel Up\" red_id=\"3ca2c7219ab6d5c\" forced=\"0\"\r\n 2013:12:25-09:06:35 mfs-fw-1 red_server[26753]: 3ca2c7219ab6d5c: PING remote_tx=0 local_rx=1 diff=-1\r\n 2013:12:25-09:06:35 mfs-fw-1 red_server[26753]: 3ca2c7219ab6d5c: PONG local_tx=0\r\n 2013:12:25-09:06:50 mfs-fw-1 red_server[26753]: 3ca2c7219ab6d5c: command 'PING 10'<\/pre>\n
Auf der Gegenseite den „red_client.plc<\/span>“ neu starten. Ebenfalls mit „ps fax<\/span>“ herausfinden welche PID der Service hat:<\/p>\n
<M> as-fw:\/root #<\/span> ps fax<\/span><\/p>\n
17067 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Ss\u00a0\u00a0\u00a0\u00a0 0:00 red_client.plc<\/span>
\n17122 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 S\u00a0\u00a0\u00a0\u00a0\u00a0 0:00\u00a0 \\_ red_client.plc<\/p>\n
<M> as-fw:\/root # red_client.plc<\/span><\/p>\n
Logfile sichten:<\/p>\n
<M> as-fw:\/root # tail -f \/var\/log\/red.log<\/span><\/p>\n
2013:12:25-09:06:34 as-fw-1 red_client[17067]: SELF: (Re-)loading client configurations\r\n 2013:12:25-09:06:35 as-fw-1 red_client[17067]: Tunnel 1: New client\r\n 2013:12:25-09:06:35 as-fw-1 red_client[17067]: Tunnel 1: Forking client handler\r\n 2013:12:25-09:06:35 as-fw-1 red_client[17122]: CHILD Tunnel 1: performing initial keying.\r\n 2013:12:25-09:06:35 as-fw-1 redctl[17123]: key length: 32\r\n 2013:12:25-09:06:35 as-fw-1 redctl[17124]: key length: 32\r\n 2013:12:25-09:06:35 as-fw-1 redctl[17126]: 21X.125.11.11 =\r\n 2013:12:25-09:06:35 as-fw-1 redctl[17126]:\u00a0\u00a0 21X.125.11.11<\/pre>\n
Nun sollte der Tunnel wieder aufgebaut sein und Traffic dar\u00fcber laufen:<\/p>\n
\"red-1\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Nach dem Update auf 9.107-33 eines Sophos UTM 320 und eines UTM 220 HA Clusters hat sich der RED Tunnel (UTM-2-UTM) nicht mehr aufgebaut. Reboot der UTM kommt nicht in Frage… Das muss auch anders gehen \ud83d\ude42 Also per SSH auf beiden UTM eingeloggen und die Dienste neu starten – wie bei jedem anderen Linuxsystem […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"aside","meta":{"footnotes":""},"categories":[12,25],"tags":[21],"class_list":["post-540","post","type-post","status-publish","format-aside","hentry","category-firewall","category-sophos-utm","tag-sophos-utm-red-tunnel-service-restart-neu-starten","post_format-post-format-aside"],"_links":{"self":[{"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/posts\/540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/comments?post=540"}],"version-history":[{"count":14,"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/posts\/540\/revisions"}],"predecessor-version":[{"id":575,"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/posts\/540\/revisions\/575"}],"wp:attachment":[{"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/media?parent=540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/categories?post=540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.klehr.de\/michael\/wp-json\/wp\/v2\/tags?post=540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}