VPN100 : SSL VPN connection with Secuextender makes me crazy
Hi guys !
I used many Zywall Firewalls since a few years for my customers, most of them are USG series, but one of my customers had a VPN100 model. I need to set up a SSL VPN with this one, so I thought "ok no problem, I've done this many times with Zywall Firewall", but no luck this time...
I set up the SSL VPN in the "configuration/SSL VPN" menu, I named it, I created a "SSL_SUBNET", and a new user allowed to access the SSL VPN.
I add "https" in the "Default_Allow_WAN_To_Zywall" service, and I add the name of my SSL VPN I just created in the "SSL_VPN" zone (weird it was not automatically added, I don't remember I had to modify this on my others Zywall's stuff.
On my computer I use Zywall Secuextender 4.0.3.0, it works well with all the SSL VPN I need to access, but not this time : I type the IP address, the login and password I created for the SSL VPN user and clic "connect". I have to confirm "connection untrusted", it seems to do nothing a few seconds, then I come back to the screen with my login information...
time + 0s : User *me* from http/https has logged in SSLVPN
time + 2s : User *me* from http/https is connecting SSL tunnel.
time + 12s : *me* has logged out SSLVPN.
time + 12s : *me* from http/https has logged out SSLVPN
On my computer, the SecuExtenderHelper.log said :
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Request(102): REMOVE 1426172096/449122128 9 4294967295 4294967295
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Remove Routing
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Remove prioritize routing
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Get netsh path = powershell
[ 2021/03/05 11:30:10 ][SecuExtender Helper] ia is null
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Failed to read from client(2): 109, 0
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Start to Disconnect pipe...
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Shutting down a pipe connection instance...
[ 2021/03/05 11:30:10 ][SecuExtender Helper] ==============================
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Remove Routing
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Remove prioritize routing
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Get netsh path = powershell
[ 2021/03/05 11:30:10 ][SecuExtender Helper] ia is null
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Failed to read from client(2): 109, 0
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Start to Disconnect pipe...
[ 2021/03/05 11:30:10 ][SecuExtender Helper] Shutting down a pipe connection instance...
[ 2021/03/05 11:30:10 ][SecuExtender Helper] ==============================
I checked and rechecked my setup, I created another user, I tried on 2 computers, I updated with the last firmware (V4.62(ABFV.0) - 2021-01-19 11:00:33), but no luck.
Do you have any guess about my problem ?
Thanks !
0
Comments
-
HI @LDC
try using rev 4.0.4.0, I had a few problems with rev 4.0.3.0
You can get it at:
https://www.zyxel.com/support/download_landing/product/secuextender_software_19.shtml?c=gb&l=en&pid=20140714181106&tab=Software&pname=SecuExtender Software
Best regards0 -
Thanks for the idea, I just tried, but the problem's still the same :-(
0 -
What is the "Assign IP Pool" for SSL VPN clients?The SSL_Pool cannot conflict with any existing subnet LAN/DMZ even if they are not in use.Besides, the default network extension local IP for SSL VPN is 192.168.200.1. SSL_Pool cannot be the same subnet as 192.168.200.1.0
-
Are you sure of that ? I set up many SSL VPN on Zywall firewalls, and it's seems that if I create a "192.168.XXX.0/24" subnet for the SSL pool and I assign it to the SSL VPN, the network extension local IP change itself for "192.168.XXX.1" ?
0 -
VPN100 uses default configuration.lan1- 192.168.1.1lan2- 192.168.2.1dmz- 192.168.3.1ssl vpn settingAssign ip pool- 192.168.60.0/24default network extension local ip- 192.168.200.1
secuextender 4.0.4.0
ssl vpn is connected successfully!0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight