SSLVPN disconnects and oddness with zone “LAN”

PeterUK
PeterUK Posts: 1,343  Guru Member
edited May 16 in Security

VPN300 V5.30

This is a odd I have SSLVPN on port 443

Ge3 zone LAN1 192.168.255.247/255.255.255.192

Ge5 zone LAN 192.168.255.49/255.255.255.240

Two firewall rule from LAN to Zywall and from LAN1 to Zywall HTTPS

In this setup I connect to SSLVPN to 192.168.255.247 get disconnected within xxmins if idle.

And if I do a SSLVPN to 192.168.255.49 it disconnects right away but if I change the Ge5 zone to LAN1 it connects and then disconnected within xxmins if idle.

«1

All Replies

  • Omnia
    Omnia Posts: 20  Freshman Member
    we have the same problems with various ATP 5.30 firmware. 
  • PeterUK
    PeterUK Posts: 1,343  Guru Member
    edited May 16

    Update workaround it seems after many years of Zyxel doing SSL VPN on port 443 with logon on the same port is now a problem and the SSL VPN is stable on a given set port other then 443 in config > VP >SSL VPN global setting

    As for uptime workaround oddly if the DHCP server lease is set 2mins for a client the connecting SSL VPN stays up guess it acks as a keep alive? 


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 138  Zyxel Employee
    Hi @PeterUK,
    Did you mean you solved it after change SSL Port to others?
    If the issue still persist, Kindly feel free to contact us.Thank you
    Kevin
  • PeterUK
    PeterUK Posts: 1,343  Guru Member

    No not solved by changing the port for the main issue disconnected within xxmins if idle.

    Changing the port fixes the zone problem like zone “LAN” where the SSL VPN will not connect at all but zone “LAN1” does even if firewall rule is correct for zone “LAN”.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 138  Zyxel Employee
    Hi @PeterUK,
    Our team are investigating  VPN disconnection event recently.
    I will update it if there is any news.
    Thanks
    Kevin

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 138  Zyxel Employee
    We have found the cause. We will release weekly firmware next week to fix the issue
    Thank for your patience.
    Kevin
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 138  Zyxel Employee
  • PeterUK
    PeterUK Posts: 1,343  Guru Member

    Thanks need to do more testing but the VPN disconnection looks fixed on a different port then 443

    But if WWW is port 443 and VPN is port 443 with zone LAN it disconnects right away log show.

    User sslvpn1 has been denied access from HTTPS

    Failed login attempt to SSLVPN from http/https (incorrect password or inexistent username)

    yet login is correct and if I change zone to LAN1 it works


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 138  Zyxel Employee
    edited May 24
    Hi @PeterUK,
    Could you check the issue after upgrade the weekly ?
    And please share the configuration via Private Messages if the issue persist.
    I will try to reproduce it . 
    Kevin
  • PeterUK
    PeterUK Posts: 1,343  Guru Member

    Yes the issue happens after the upgrade will send you the config


Security Highlight