SSLVPN disconnects and oddness with zone “LAN”

Options
PeterUK
PeterUK Posts: 2,878  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited May 2022 in Security

VPN300 V5.30

This is a odd I have SSLVPN on port 443

Ge3 zone LAN1 192.168.255.247/255.255.255.192

Ge5 zone LAN 192.168.255.49/255.255.255.240

Two firewall rule from LAN to Zywall and from LAN1 to Zywall HTTPS

In this setup I connect to SSLVPN to 192.168.255.247 get disconnected within xxmins if idle.

And if I do a SSLVPN to 192.168.255.49 it disconnects right away but if I change the Ge5 zone to LAN1 it connects and then disconnected within xxmins if idle.

«1

All Replies

  • Omnia
    Omnia Posts: 40  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    we have the same problems with various ATP 5.30 firmware. 
  • PeterUK
    PeterUK Posts: 2,878  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022
    Options

    Update workaround it seems after many years of Zyxel doing SSL VPN on port 443 with logon on the same port is now a problem and the SSL VPN is stable on a given set port other then 443 in config > VP >SSL VPN global setting

    As for uptime workaround oddly if the DHCP server lease is set 2mins for a client the connecting SSL VPN stays up guess it acks as a keep alive? 


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 803  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @PeterUK,
    Did you mean you solved it after change SSL Port to others?
    If the issue still persist, Kindly feel free to contact us.Thank you
    Kevin
  • PeterUK
    PeterUK Posts: 2,878  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    No not solved by changing the port for the main issue disconnected within xxmins if idle.

    Changing the port fixes the zone problem like zone “LAN” where the SSL VPN will not connect at all but zone “LAN1” does even if firewall rule is correct for zone “LAN”.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 803  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hi @PeterUK,
    Our team are investigating  VPN disconnection event recently.
    I will update it if there is any news.
    Thanks
    Kevin

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 803  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    We have found the cause. We will release weekly firmware next week to fix the issue
    Thank for your patience.
    Kevin
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 803  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
  • PeterUK
    PeterUK Posts: 2,878  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Thanks need to do more testing but the VPN disconnection looks fixed on a different port then 443

    But if WWW is port 443 and VPN is port 443 with zone LAN it disconnects right away log show.

    User sslvpn1 has been denied access from HTTPS

    Failed login attempt to SSLVPN from http/https (incorrect password or inexistent username)

    yet login is correct and if I change zone to LAN1 it works


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 803  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022
    Options
    Hi @PeterUK,
    Could you check the issue after upgrade the weekly ?
    And please share the configuration via Private Messages if the issue persist.
    I will try to reproduce it . 
    Kevin
  • PeterUK
    PeterUK Posts: 2,878  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Yes the issue happens after the upgrade will send you the config


Security Highlight