SSL VPN disconnect due to invalid packet size
In offices where SSL VPN is deployed, everything works fine with SSL VPN but some specific computers have the disconnection issue. SSL VPN tunnel may be disconnected immediately or disconnected after a period of use. This article will explain the possible reasons for this issue.
Symptom
When the issue happens, the message “SSL tunnel receives a packet with invalid packet size” appears in the log.
Capture packets of the SSLVPN network card at the same time. You will find “IP Fragmentation” message.
Cause
The default MTU size for VPN client network card is “1370”. When the transfer size exceeds the MTU, VPN will be disconnected.
Solution
1) Open “Device Manager”, click “TAP-Windows Adapter V9 for Zyxel SecuExtender”. In advanced tab, set the MTU value as “1370”.
2) Enter the following command to verify if the MTU size is correctly changed. The MTU size must be 1370.
netsh interface ipv4 show subinterface
3) It may not be applied successfully due to system problem even if you have change in “Device Manager”. Enter the following command to force the change.
netsh interface ipv4 set subinterface “Network Card Name” mtu=1370 store=persistent
Note: You can find network card name in “Control Panel\Network and Internet\Network Connections”
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight