SSL VPN problem
Hi, I have the SSL VPN that does not work well. It works 1 time out of 10. The firewall is the latest version (4.31) as well as the client secuextender (4.0.2). Access is via an AD account. I tried however also with local accounts with the same result, so I would exclude a problem of access to active directory. This is the LOG: [ 2018/06/30 09:59:38 ][SecuExtender Agent][DETAIL] Checking service (first) ... [ 2018/06/30 09:59:38 ][SecuExtender Agent][DETAIL] SecuExtender Helper is running [ 2018/06/30 09:59:38 ][SecuExtender Agent][DETAIL] Try to connect to SecuExtender Helper [ 2018/06/30 09:59:38 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected [ 2018/06/30 09:59:38 ][SecuExtender Agent][INFO] [ascii] try to login ssl.polgroup.it:443 [ 2018/06/30 09:59:38 ][SecuExtender Agent][INFO] Connect to 3167836914:443 [ 2018/06/30 09:59:38 ][SecuExtender Agent][INFO] Local address is 3231842421 [ 2018/06/30 09:59:38 ][SecuExtender Agent][DEBUG] Connect success. [ 2018/06/30 09:59:38 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] 1791 bytes of handshake data received [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] SSL Handshake is successful [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Protocol: TLS1.2 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Cipher: AES256 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Cipher strength: 256 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Hash: SHA384 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Hash strength: 0 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Key exchange: 0xae06 [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] Key exchange strength: 256 [ 2018/06/30 09:59:39 ][SecuExtender Agent][INFO] Server subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.polgroup.it [ 2018/06/30 09:59:39 ][SecuExtender Agent][INFO] Server issuer: C=GB, S=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA [ 2018/06/30 09:59:39 ][SecuExtender Agent][DETAIL] SSL session is created [ 2018/06/30 10:00:40 ][SecuExtender Agent][WARN] The device is going to close the connection. [ 2018/06/30 10:00:40 ][SecuExtender Agent][DETAIL] Can't get authentication token(1) [ 2018/06/30 10:00:40 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed [ 2018/06/30 10:00:40 ][SecuExtender Agent][ERROR] user login device failed (0x0) [ 2018/06/30 10:00:40 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed [ 2018/06/30 10:00:40 ][SecuExtender Agent][DETAIL] Connection ends. the account Ascii log successful but at 10:00:40 I received the errore "Can't get authentication token" ! What's is authentication token ? the strange thing is that maybe after one day everything works regularly, tested even for 10 consecutive hours of open and working tunnel. Then just close the ssl vpn and retentive, I constantly receive this error.
0
Comments
-
Hi @StefanoP,
We fixed this issue at latest firmware. What is your device model?
I will send you the firmware via private message.
0 -
Hi, three model in the same situation : USG 310, USG 210 and USG 110
Thank !!!0 -
0
-
Hi,I'm experiencing the same issue on a ZyWall USG 20 firmware 3.30 BDQ8.Will the upgrade to 3.30(BDQ9)C0 solve this problem?Thanks in advance.Enrico
0 -
Hi @Enrico
Can you describe more detail about what issue had you met? Also SSL VPN establish problem?
0 -
The behavior is the same as the one mentioned above by StefanoP; I'll attach a log for you to check, just in case.The newest firmware available didn't solve the issue.
################################################################################################<br>[ 2018/08/28 09:02:51 ][SecuExtender Agent][DETAIL] Build Datetime: Dec 22 2016/15:25:36<br>[ 2018/08/28 09:02:51 ][SecuExtender Agent][DEBUG] SecuExtender.log: C:\Users\enric\SecuExtender.log<br>[ 2018/08/28 09:02:51 ][SecuExtender Agent][DEBUG] osvi.dwPlatformId = 2, osvi.dwMajorVersion = 6, osvi.dwMinorVersion = 2<br>[ 2018/08/28 09:02:51 ][SecuExtender Agent][DEBUG] interface guid: {38E0BB58-BF16-4717-B151-B75FE0818F7B}, idx: 19<br>[ 2018/08/28 09:02:51 ][SecuExtender Agent][DEBUG] tBuf : (\DEVICE\TCPIP_{38E0BB58-BF16-4717-B151-B75FE0818F7B})<br>[ 2018/08/28 09:02:51 ][SecuExtender Agent][DEBUG] network name got, idx: 4<br>[ 2018/08/28 09:04:02 ][SecuExtender Agent][DETAIL] Checking service (first) ...<br>[ 2018/08/28 09:04:02 ][SecuExtender Agent][DETAIL] SecuExtender Helper is running<br>[ 2018/08/28 09:04:02 ][SecuExtender Agent][DETAIL] Try to connect to SecuExtender Helper<br>[ 2018/08/28 09:04:02 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected<br>[ 2018/08/28 09:04:02 ][SecuExtender Agent][INFO] [***********] try to login ************<br>[ 2018/08/28 09:04:03 ][SecuExtender Agent][INFO] Connect to *****************<br>[ 2018/08/28 09:04:03 ][SecuExtender Agent][INFO] Local address is 2886755499<br>[ 2018/08/28 09:04:03 ][SecuExtender Agent][DEBUG] Connect success.<br>[ 2018/08/28 09:04:03 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] 994 bytes of handshake data received<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] Send 190 bytes of handshake data<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] 258 bytes of handshake data received<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] SSL Handshake is successful<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384<br>[ 2018/08/28 09:04:04 ][SecuExtender Agent][DETAIL] Protocol: TLS1.2<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][DETAIL] Cipher: AES256<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][DETAIL] Cipher strength: 256<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][DETAIL] Hash: SHA384<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][DETAIL] Hash strength: 0<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][DETAIL] Key exchange: DH Ephemeral<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][DETAIL] Key exchange strength: 1024<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][INFO] Server subject: CN=usg20_107BEF32BCF1<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][INFO] Server issuer: CN=usg20_107BEF32BCF1<br>[ 2018/08/28 09:04:05 ][SecuExtender Agent][ERROR] **** Error 0x800b0109 authenticating server credentials! (0x0)<br>[ 2018/08/28 09:04:07 ][SecuExtender Agent][DETAIL] SSL session is created<br>[ 2018/08/28 09:04:07 ][SecuExtender Agent][DETAIL] Can't get authentication token(1)<br>[ 2018/08/28 09:04:07 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed<br>[ 2018/08/28 09:04:07 ][SecuExtender Agent][ERROR] user login device failed (0x0)<br>[ 2018/08/28 09:04:07 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed<br>[ 2018/08/28 09:04:07 ][SecuExtender Agent][DETAIL] Connection ends.
0 -
I am having a very similar problem. I can connect when I'm on the same network, but not from an external network. Zyxel USG20W-VPN Firmware V4.32(ABAR.0)
0 -
2018-10-23 18:08:20: Viscosity Mac 1.1.7 (1291)2018-10-23 18:08:20: Viscosity ZyXEL SSL Engine Started2018-10-23 18:08:20: Running on Mac OS X 10.11.62018-10-23 18:08:20: ---------2018-10-23 18:08:20: State changed to Connecting2018-10-23 18:08:20: Checking reachability status of connection...2018-10-23 18:08:20: Connection is reachable. Starting connection attempt.2018-10-23 18:08:21: Attempting to resolve server address XX.XXX.XX.XXX2018-10-23 18:08:21: Server address resolved to IPv4 address XX.XXX.XX.XXX2018-10-23 18:08:21: Requesting authentication token from client2018-10-23 18:08:21: No authentication token present, requesting authentication details2018-10-23 18:08:21: Requesting authentication token from server2018-10-23 18:08:21: Requesting token from XX.XXX.XX.XXX2018-10-23 18:08:21: Attempting to establish a connection to the remote server XX.XXX.XX.XXX:4432018-10-23 18:08:51: Connection timed out. Remote server did not respond.2018-10-23 18:08:51: Authentication attempt aborted2018-10-23 18:08:51: State changed to Disconnected0
-
0
-
Well, the new Thread seems to cover a different issue.
I have the "Can't get authentication token" problem an my USG210 running on 4.32(AAPI.0)ITS-WK48-r86397 .
It there anything newer which fixes this?0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight