Skip to content

General troubleshooting

You can troubleshoot issues that don't appear on the events page.

The following topics show issues, possible causes, and information on what to do next.

If you need further assistance, contact Sophos Support.

Failed to write to pipe

If you can't connect, follow these instructions.

Cause

Failed to write to pipe

Remedy

  1. Re-establish the connection. If this doesn't work, restart your device and try again.
  2. If you restart your device and you still can't connect, contact your firewall administrator.
Sophos Connect dashboard will not open

If the Sophos Connect dashboard won't open, follow these instructions.

Cause

If the Sophos Connect dashboard doesn't open, or it doesn't respond when you click the tray icon, the Sophos Connect GUI is stuck in an infinite loop and can't respond to external input.

Remedy

Open Activity Monitor and find the Sophos Connect process. Open this process and select Force Quit. Restart the application from LaunchPad.

Open Task Manager and select the Details tab. Find scgui.exe and then right-click and select End task. Restart the application from the desktop shortcut.

Web browsing stops working when tunnel is disconnected

This error is more common on macOS.

Cause

When a tunnel all connection is disconnected, the DNS servers aren't restored from the physical network adapters. This means the internal DNS servers used when you were connected through the VPN are still used. As the tunnel no longer exists, the name resolution won't work.

Remedy

Disconnect from your local network then reconnect.

Traffic stops going through the VPN tunnel

This error applies to IPsec VPN connections only.

Cause

If you're running a firmware version earlier than 17.5, it's possible that the client received a new virtual IP after the phase 1 rekey.

Remedy

You must disconnect then reconnect. The permanent solution is to upgrade to version 17.5 or later.

Sophos Connect GUI displays Service Unavailable

This error is more common on macOS. This error applies to IPsec VPN connections only.

Cause

When a tunnel disconnect is initiated, the strongSwan IPsec daemon gets stuck in an infinite loop. This results in the GUI not getting a response for disconnect, then time out and show the error as "Service Unavailable."

Remedy

  1. Open the Activity Monitor and quit the Sophos Connect GUI process.
  2. Open the Terminal and run the following commands: sudo /bin/launchctl unload -w /Library/LaunchDaemons/com.sophos.connect.scvpn.plist then sudo /bin/launchctl load -w /Library/LaunchDaemons/com.sophos.connect.scvpn.plist
  3. Open Sophos Connect and check that the "Service unavailable" error is resolved.
  1. Open cmd as administrator then run the following commands: net stop scvpn net start scvpn
  2. Open Sophos Connect and check that the "Service unavailable" error is now resolved
Received connection reset from gateway: <gateway name>

This error applies to SSL VPN connections only. This message is logged in the scvpn.log file (in the install folder).

Cause

SSL VPN settings are changed on Sophos Firewall, a user is manually disconnected or Sophos Firewall restarts. If the connection uses SSL VPN over TCP, Sophos Firewall sends a connection reset request. If the connection uses SSL VPN over UDP, the connection may reconnect automatically depending on the idle time-out period.

Remedy

Import a new configuration file into the Sophos Connect client and then reconnect.

  1. If your firewall administrator hasn't sent you the file, go to the user portal and download it.
  2. Otherwise, go to the user portal to download the ovpn file.
SSL VPN connection has auto-connect and update policy menu items grayed out.

This error applies to SSL VPN connections only.

Cause

If the SSL VPN connection is created by importing an ovpn file, these options aren't available.

Remedy

To turn on these options, you must create a connection using a provisioning file and add them to the provisioning file.

Update policy is available after you connect for the first time. To turn on auto-connect, you must define an auto_connect_host that can only be accessed on the internal network.

Example of a provisioning file with minimum requirements for enabling auto-connect:

[
    {
        "display_name": "<Enter connection name>",
        "gateway": "<Enter your gateway hostname or IP>",
        "auto_connect_host":" <Enter hostname or IP of internal network resource>"
    }
]
SSL VPN error

This error applies to SSL VPN connections only.

Cause

An error generated by the OpenVPN service.

Remedy

Re-establish the connection. If this doesn't work, restart your device and try again.

Sophos Connect can't establish a tunnel

This error applies to SSL VPN connections only.

Cause

You probably installed the Sophos Connect client first and then installed the Sophos SSL VPN client.

Remedy

Uninstall both clients, then re-install the Sophos SSL VPN client, then the Sophos Connect client.

Management port is unavailable

This error applies to SSL VPN connections only.

Cause

Sophos Connect fails to claim TCP port 25340, which is required to communicate with OpenVPN.

Remedy

  1. Check if another application is running on the device using this port.

  2. Exit the application, if possible.

    If you don't fix this issue, Sophos Connect 2.0 can't run on your device. If no other application is using this port, this may be a temporary condition.

  3. Reconnect to the Sophos Connect client.

Failed to create temporary file

This error applies to SSL VPN connections only.

Cause

Sophos Connect uses a temporary file to pass the connection attributes to the OpenVPN service. Sophos Connect failed to create the file on this device.

Remedy

Restart your device.

OpenVPN service is unavailable

This error applies to SSL VPN connections only.

Cause

The OpenVPN service may not have started.

Remedy

If the OpenVPN service start-up type is set to disabled, change it to manual, and restart the Sophos Connect service.