!Please, HELP NEEDED! SSL VPN Very unstable (issues with SecuExtender) for Mac and Windows

pista
pista Posts: 22  Freshman Member
First Comment Friend Collector First Anniversary
edited April 2021 in Security
Hi guys! 

We are facing very strange behaviour of our VPN solution via SSL (via SecuExtender).

For some users (randomly) SSL VPN via SecuExtender is not working properly, it means they sign into VPN, they are connected and have obtained certain (wanted) IP ranges/subnets, but they can't connect them.

Example:

User connects to SSL VPN via SecuExtender, VPN is established properly, user is connected and has obtained all wanted subnets in his/her 'netstat' table.

Unfortunately, user is unable to make http/https request and connect to webpage behind VPN (tunnel to AWS) in browser, other pages are available. More crazy thing is that user is able to perform telnet to those sources (ssh, 443, 3306) - sometimes it went thru during this issue, sometimes doesn't.

All works properly for 95% users during the day. This issue appears once, twice per day (sometimes more). 

After 1 or 2 reboot of the client's device, all works fine, but sometimes even this doesn't help and we are just waiting, after some time, everything starts to work :-/ I tried flush dns, I tried to clear/flush DNS cache in browser (Google Chrome), even sockets, nothing helped. 

- I suppose I have properly setup all necessary things, because it works fine in case this issue doesn't appear

- I am very suspicious that it is client side issue, but it is ridiculously often and running production devices on it, is very very risky and frustrating

Does anybody facing same issue? Does anybody has please some workaround/idea?

Thanks a lot! 

All Replies

  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    Hello, we have maybe "similar" problem with few clients... VPN Connects, VPN monitor show Connected client, SecuExtender connected.

    Remote Desktop sometime running on second/third attempt (before this RDP searching and searching ... correct  IP adress).

    Vaclav

Security Highlight