Zyxel USG 110
Options
Hi,
I have USG 110. We use Zyxel SSL VPN with SecuExtender version 4.0.2 for some users and few versions 4.0.3. Yesterday service was working. Today we have problem that it don't work.
I have checked configuration, nothing has been changed.
We have version V4.32(AAPH.0).
Under service group Default_Allow_WAN_To_ZyWALL there is service HTTPS.
In SecuExtender log file I see this information:
[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Checking service (first) ...[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SecuExtender Helper is running[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Try to connect to SecuExtender Helper[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] [raitism] try to login ssl.domain.org:442[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Connect to 1111111111:442[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Local address is 1111111111[ 2018/10/23 11:56:42 ][SecuExtender Agent][DEBUG] Connect success.[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] 2140 bytes of handshake data received[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SSL Handshake is successful[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Protocol: TLS1.2[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Cipher: AES256[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Cipher strength: 256[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Hash: SHA384[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Hash strength: 0[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Key exchange: 0xae06[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Key exchange strength: 256[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Server subject: OU=Domain Control Validated, CN=*.domain.org[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Server issuer: C=US, [ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SSL session is created[ 2018/10/23 11:56:43 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] user login device success[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] Creating secure tunnel to ssl.domain.org:442[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] Connect to 1111111111:442[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] Local address is 1111111111[ 2018/10/23 11:56:43 ][SecuExtender Agent][DEBUG] Connect success.[ 2018/10/23 11:56:43 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] 2140 bytes of handshake data received[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] SSL Handshake is successful[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Secure session is created[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Secure session negotiation begin[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] stage 1...done[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] stage 2...done[ 2018/10/23 11:56:54 ][SecuExtender Agent][ERROR] timeout (0x0)[ 2018/10/23 11:56:54 ][SecuExtender Agent][ERROR] Failed to create security tunnel (0x0)[ 2018/10/23 11:56:54 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2018/10/23 11:56:54 ][SecuExtender Agent][INFO] Connect to 1111111111:442[ 2018/10/23 11:56:54 ][SecuExtender Agent][INFO] Local address is 1111111111[ 2018/10/23 11:56:54 ][SecuExtender Agent][DEBUG] Connect success.[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] 2140 bytes of handshake data received[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] SSL Handshake is successful[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384[ 2018/10/23 11:56:54 ][SecuExtender Agent][INFO] logout message has sent[ 2018/10/23 11:56:54 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Connection ends.
Could somebody help me, because this service is very crucial for companies users.
I have USG 110. We use Zyxel SSL VPN with SecuExtender version 4.0.2 for some users and few versions 4.0.3. Yesterday service was working. Today we have problem that it don't work.
I have checked configuration, nothing has been changed.
We have version V4.32(AAPH.0).
Under service group Default_Allow_WAN_To_ZyWALL there is service HTTPS.
In SecuExtender log file I see this information:
[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Checking service (first) ...[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SecuExtender Helper is running[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Try to connect to SecuExtender Helper[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] [raitism] try to login ssl.domain.org:442[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Connect to 1111111111:442[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Local address is 1111111111[ 2018/10/23 11:56:42 ][SecuExtender Agent][DEBUG] Connect success.[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] 2140 bytes of handshake data received[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SSL Handshake is successful[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Protocol: TLS1.2[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Cipher: AES256[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Cipher strength: 256[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Hash: SHA384[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Hash strength: 0[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Key exchange: 0xae06[ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] Key exchange strength: 256[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Server subject: OU=Domain Control Validated, CN=*.domain.org[ 2018/10/23 11:56:42 ][SecuExtender Agent][INFO] Server issuer: C=US, [ 2018/10/23 11:56:42 ][SecuExtender Agent][DETAIL] SSL session is created[ 2018/10/23 11:56:43 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] user login device success[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] Creating secure tunnel to ssl.domain.org:442[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] Connect to 1111111111:442[ 2018/10/23 11:56:43 ][SecuExtender Agent][INFO] Local address is 1111111111[ 2018/10/23 11:56:43 ][SecuExtender Agent][DEBUG] Connect success.[ 2018/10/23 11:56:43 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] 2140 bytes of handshake data received[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] SSL Handshake is successful[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Secure session is created[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] Secure session negotiation begin[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] stage 1...done[ 2018/10/23 11:56:44 ][SecuExtender Agent][DETAIL] stage 2...done[ 2018/10/23 11:56:54 ][SecuExtender Agent][ERROR] timeout (0x0)[ 2018/10/23 11:56:54 ][SecuExtender Agent][ERROR] Failed to create security tunnel (0x0)[ 2018/10/23 11:56:54 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2018/10/23 11:56:54 ][SecuExtender Agent][INFO] Connect to 1111111111:442[ 2018/10/23 11:56:54 ][SecuExtender Agent][INFO] Local address is 1111111111[ 2018/10/23 11:56:54 ][SecuExtender Agent][DEBUG] Connect success.[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 0[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] 2140 bytes of handshake data received[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x90312[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Send 126 bytes of handshake data[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Handshake LoopCounter: 1[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] 274 bytes of handshake data received[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] InitializeSecurityContext returns 0x0[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] SSL Handshake is successful[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] STREAM_SIZE: Header: 13 Trailer: 16, MaxMessage: 16384[ 2018/10/23 11:56:54 ][SecuExtender Agent][INFO] logout message has sent[ 2018/10/23 11:56:54 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2018/10/23 11:56:54 ][SecuExtender Agent][DETAIL] Connection ends.
Could somebody help me, because this service is very crucial for companies users.
0
All Replies
-
Hi @Raitis,If it is related to SecuExtender software, here is FAQ for your reference.Some users on the forum also reported the issue as follows. After ZyWALL is upgraded to the latest firmware, the issue is resolved. I will send you the firmware in the private message later.If the issue at your site is none of above symptoms, we need more information for troubleshooting.The required information will be sent in the private message along with the latest firmware.0
-
Hi @Raitis,
Goal:
Allow SecuExtender clients to access servers in the remote site/company through VPN tunnel.
Here is the topology and example for your reference.
(lan: 192.168.1.0/24)USG60------IPSec VPN------USG210(lan: 192.168.11.0/24)----PC(192.168.11.33)
SSL VPN client is connected to USG60. SSL VPN pool is 192.168.99.0/24.
Site to site VPN tunnel is established between USG60 and USG210.
On USG60, create a policy route.
Source: SSL VPN pool. In this example, SSL VPN pool is 192.168.99.0/24.
Destination: Remote Subnet. In this example, Remote Subnet is 192.168.11.0/24.
Next-Hop: site to site VPN tunnel.
Add 192.168.11.0/24 into Network List.
On USG210, create a policy route.
Source: LAN subnet. In this example, USG210's LAN subnet is 192.168.11.0/24.
Destination: USG60's SSL VPN pool. In this example, USG60's SSL VPN pool is 192.168.99.0/24.
Next-Hop: site to site VPN tunnel.
Test result
SSL VPN client is connected to USG60 and gets IP 192.168.99.1.
Ping USG60's LAN successfully.
Ping 8.8.8.8 successfully.
Ping USG210's LAN PC 192.168.11.33 successfully.
0
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 87 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 913 Nebula FAQ
- 421 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
