SSL VPN not working
Hello everyone,
we recently switched to the Zywall 110. Everything is working fine (great product!) but the SSL VPN. Whenever I try to connect using the SecuExtender, it asks me if I want to trust the Zywall certificate, then thinks for some seconds and tells me I got disconnected.
I've upgraded to the latest Firmware and latest version of SecuExtender. The TAPI device is to be found in the device manager and is running.
The SecuExtendedHelper reads like this:
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Request(106): REMOVE 1119660224/3291670110 20 4294967295 4294967295
I of course replaced username and password, the log shows proper value for these.
Any help is appreciated!
Thanks,
Patrick
we recently switched to the Zywall 110. Everything is working fine (great product!) but the SSL VPN. Whenever I try to connect using the SecuExtender, it asks me if I want to trust the Zywall certificate, then thinks for some seconds and tells me I got disconnected.
I've upgraded to the latest Firmware and latest version of SecuExtender. The TAPI device is to be found in the device manager and is running.
The SecuExtendedHelper reads like this:
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Request(106): REMOVE 1119660224/3291670110 20 4294967295 4294967295
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Remove Routing
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Remove prioritize routing
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Get netsh path = powershell
[ 2018/06/08 17:55:15 ][SecuExtender Helper] ia is null
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Failed to read from client(2): 109, 0
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Start to Disconnect pipe...
[ 2018/06/08 17:55:15 ][SecuExtender Helper] Shutting down a pipe connection instance...
The SecuExteneder log shows this:
The SecuExteneder log shows this:
################################################################################################
[ 2018/06/08 18:16:12 ][SecuExtender Agent][DETAIL] Build Datetime: Dec 22 2016/15:25:36
[ 2018/06/08 18:16:12 ][SecuExtender Agent][DEBUG] SecuExtender.log: C:\Users\patri\SecuExtender.log
[ 2018/06/08 18:16:12 ][SecuExtender Agent][DEBUG] osvi.dwPlatformId = 2, osvi.dwMajorVersion = 6, osvi.dwMinorVersion = 2
[ 2018/06/08 18:16:12 ][SecuExtender Agent][DEBUG] interface guid: {6F34EA99-F57D-4BCD-8039-B93A14779161}, idx: 2
[ 2018/06/08 18:16:12 ][SecuExtender Agent][DEBUG] tBuf : (\DEVICE\TCPIP_{6F34EA99-F57D-4BCD-8039-B93A14779161})
[ 2018/06/08 18:16:12 ][SecuExtender Agent][DEBUG] network name got, idx: 8
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Checking service (first) ...
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] SecuExtender Helper is running
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Try to connect to SecuExtender Helper
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected
[ 2018/06/08 18:16:56 ][SecuExtender Agent][INFO] [MYUSERNAME] try to login THISISOURSSLHOST:443
[ 2018/06/08 18:16:56 ][SecuExtender Agent][INFO] Connect to 1592144580:443
[ 2018/06/08 18:16:56 ][SecuExtender Agent][INFO] Local address is 3232283714
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DEBUG] Connect success.
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] 1291 bytes of handshake data received
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] SSL Handshake is successful
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Protocol: TLS1.2
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Cipher: AES256
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Cipher strength: 256
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Hash: SHA384
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Hash strength: 0
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Key exchange: 0xae06
[ 2018/06/08 18:16:56 ][SecuExtender Agent][DETAIL] Key exchange strength: 256
[ 2018/06/08 18:16:56 ][SecuExtender Agent][INFO] Server subject: CN=zywall_110_5CE28C5E7F9C
[ 2018/06/08 18:16:56 ][SecuExtender Agent][INFO] Server issuer: CN=zywall_110_5CE28C5E7F9C
[ 2018/06/08 18:16:56 ][SecuExtender Agent][ERROR] **** Error 0x800b0109 authenticating server credentials! (0x0)
[ 2018/06/08 18:16:58 ][SecuExtender Agent][DETAIL] SSL session is created
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed
[ 2018/06/08 18:16:59 ][SecuExtender Agent][INFO] user login device success
[ 2018/06/08 18:16:59 ][SecuExtender Agent][INFO] Creating secure tunnel to OURVPNADDRESS:443
[ 2018/06/08 18:16:59 ][SecuExtender Agent][INFO] Connect to 1592144580:443
[ 2018/06/08 18:16:59 ][SecuExtender Agent][INFO] Local address is 3232283714
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DEBUG] Connect success.
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] 1291 bytes of handshake data received
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] SSL Handshake is successful
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] Secure session is created
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] Secure session negotiation begin
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] stage 1...done
[ 2018/06/08 18:16:59 ][SecuExtender Agent][DETAIL] stage 2...done
[ 2018/06/08 18:17:09 ][SecuExtender Agent][ERROR] timeout (0x0)
[ 2018/06/08 18:17:09 ][SecuExtender Agent][ERROR] Failed to create security tunnel (0x0)
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed
[ 2018/06/08 18:17:09 ][SecuExtender Agent][INFO] Connect to 1592144580:443
[ 2018/06/08 18:17:09 ][SecuExtender Agent][INFO] Local address is 3232283714
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DEBUG] Connect success.
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] 1291 bytes of handshake data received
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] SSL Handshake is successful
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384
[ 2018/06/08 18:17:09 ][SecuExtender Agent][INFO] logout message has sent
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed
[ 2018/06/08 18:17:09 ][SecuExtender Agent][DETAIL] Connection ends.
I of course replaced username and password, the log shows proper value for these.
Any help is appreciated!
Thanks,
Patrick
0
Comments
-
Hi @Patrick,
From SecuExtender Helper log, it indicated that time out on stage 3, this stage is getting the configuration from USG. not sure why It is unable to get configuration from USG, then time out.
Can you send me your configuration file via private for checking.
0 -
You see in: Object--->Services---->Service Group---->Default_Allow_WAN_To_ZyWALL.
If there isn't HTTPS as a member, VPN SSL don't work.Do you have changed the default port?Bye
1 -
1
-
if the default port has been changed, you need to create and add the service.Hi @Patrickif you need help I'll write you step by step.Bye
1 -
Hello,
*** I post this message here, because it was the first result in Google for this problem (there are anothers like this one without solution) and i think i have one ***
Just had the same problem with an ATP-500 and an AD authentication
Firwmare is V5.10(ABFU.0)
I think i found something interesting (a bug ?) :
If you want to add an authentification AD method (Object>Auth method) and you selected it in System>Authentication server in place to "default" it blocks the connection with this error : [SecuExtender Agent][ERROR] **** Error 0x800b0109 authenticating server credentials! (0x0)
Workaround : Edit "default" and add your AD directly in (objet>Authentication method) instead of using a secondary method.
Notes : Not tested with more than one SSL VPN
Hopes it helps.
Best regards,
Arnaud W.0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight