SecuExtender Agent: VPN drops when user attempts to login with RDP

RSaull
RSaull Posts: 32  Freshman Member
First Answer First Comment Friend Collector First Anniversary
edited February 2023 in Security
As the title states above, the VPN drops when the user launches RDP and attempts to login remotely. User's home workstation is Windows 10.

This part of the log file stands out, but I don't know what to make of it:
[ 2023/02/13 19:30:03 ][SecuExtender Agent][INFO]    security tunnel is created!
[ 2023/02/13 19:30:03 ][SecuExtender Agent][DEBUG]   Entering main loop
[ 2023/02/13 19:30:03 ][SecuExtender Agent][INFO]    GetOverlappedResult success, agentState.aState = 2,  agentState.aError = 0, dwReadBytes = 8
[ 2023/02/13 19:30:03 ][SecuExtender Agent][INFO]    GetOverlappedResult success, agentState.aState = 3,  agentState.aError = 0, dwReadBytes = 8
[ 2023/02/13 19:30:48 ][SecuExtender Agent][WARN]    The device is going to close the connection.
[ 2023/02/13 19:30:48 ][SecuExtender Agent][ERROR]   Failed to recv from SSL socket :-66 (0x0)
[ 2023/02/13 19:30:48 ][SecuExtender Agent][DEBUG]   SSL Connection is going to be closed

Edit: Some pertinent details...
  • ATP800 running firmware version 5.32.
  • SecuExtender version 4.0.4.0.
  • User's home workstation is running Windows 10.
  • Remote workstation being connected to is running Windows 11.

Accepted Solution

«1

All Replies

  • smb_corp_user
    smb_corp_user Posts: 168  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    Sorry for not having a solution or knowing the cause, but I would hazard a guess at incompatibility between the VPN target (office) and the version of RDP running on Windows 10. (MS Remote Desktop?) Could the office device be in need of a firmware upgrade? Which model is the office device?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,286  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Hi @RSaull

    As smb_corp_user mentioned that what is your device and its firmware? What is your SecuExtender software version? While VPN is dropped, are there any dropped messages that can be watched on the Monitor log page?  Thanks.


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • RSaull
    RSaull Posts: 32  Freshman Member
    First Answer First Comment Friend Collector First Anniversary
    edited February 2023
    Zyxel_Jeff said:
    Hi @RSaull

    As smb_corp_user mentioned that what is your device and its firmware? What is your SecuExtender software version? While VPN is dropped, are there any dropped messages that can be watched on the Monitor log page?  Thanks.
    Good morning @Zyxel_Jeff. I suppose that info would be useful :p.

    ATP800 running firmware version 5.32.

    SecuExtender version 4.0.4.0.

    User's home workstation is running Windows 10.

    Remote workstation being connected to is running Windows 11.
  • PeterUK
    PeterUK Posts: 3,577  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    try firmware 5.35
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,286  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Hi @RSaull

    Thanks for your update. While the SSL VPN is dropping can you see any blocked or drop messages on the Monitor > Log > View Log ?  Not sure if it dropped by "match the default rule" or security services? It belongs to  "match the default rule drop", please add a security policy to allow the traffic which is from SSL VPN to LAN direction. If it is dropped by the security service, please disable the service. Thanks :) .


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • RSaull
    RSaull Posts: 32  Freshman Member
    First Answer First Comment Friend Collector First Anniversary
    @Zyxel_Jeff,

    From the monitor log: 
    SSL tunnel receives a packet with invalid packet size
SSL tunnel has been disconnected

    We have several users who routinely use the VPN & Remote Desktop without issues. The security policies are correctly configured. 


  • PeterUK
    PeterUK Posts: 3,577  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Is MTU before going VPN 1500?

    Do you use PPP for WAN?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,286  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓
    Hi @RSaull

    Please refer to this FAQ article SSL VPN disconnect due to invalid packet size to fix your problem. Please check if the MTU size of "TAP-Windows Adapter V9 for Zyxel SecuExtender " of Network adapter is 1370 in your PC.


    Thanks :) .


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • RSaull
    RSaull Posts: 32  Freshman Member
    First Answer First Comment Friend Collector First Anniversary
    edited February 2023
    Zyxel_Jeff said:
    Hi @RSaull

    Please refer to this FAQ article SSL VPN disconnect due to invalid packet size to fix your problem. Please check if the MTU size of "TAP-Windows Adapter V9 for Zyxel SecuExtender " of Network adapter is 1370 in your PC.


    Thanks :) .

    Yes! I just got into the office, and this was the first thing my co-worker brought up. He found the article by Zyxel_Kevin last night. MTU size was 1500. Changing it to 1370 fixed the issue. 

    A question remains . . . We have 50 +/- users who use remote desktop over the VPN with no problems. One would assume that the MTU size of their network adapters are the default value. We don't recall ever changing the MTU sizes. Why would we only see issues with this one user?
  • PeterUK
    PeterUK Posts: 3,577  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    By default its 1370 so someone changed it... 

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)