SSL VPN connected but IP address not assigned to TAP-device

Steve
Steve Posts: 5  Freshman Member
First Comment
edited April 2021 in Security
Hello everyone

So, I have a strange one:
Two years ago I deployed an USG40W which worked flawlessly. To access this client remotely I have been using SecuExtender without a problem. But now the VPN stopped working - well kind off.
SecuExtender connects without a problem but the IP address from the SSL VPN pool is not assigned to the TAP network device. The route gets added but with no IP address.

Strangely enough: The VPN works from my laptop with the very same settings. Only difference is that on my laptop I'm running Windows 10 Ver. 1803 and on my desktop Ver. 1809. The rest is the very same - including the SecuExtender version.

To make matters even more complicated: on my desktop (which has problems to establish the connection) I can connect to another USG40 just fine. The difference there is that on the working USG I have firmware 4.25 and on the non working USG I have firmware 4.32.


You guys have any idea?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,376  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Steve,

     

    We fix some SSL VPN related issues in the latest firmware.

    I sent the firmware to you via private message.

    Please upgrade to this version to check if SSL VPN is working fine.



  • Steve
    Steve Posts: 5  Freshman Member
    First Comment
    Hi Emily

    Thank you for your feedback. I did get your message.
    Unfortunately I had no time to update the firmware yet as this is a productive system and I have to schedule the downtime with my client.
    I will update this thread once I have further informations.

    I'd still like to ask: why is the vpn working with an older firmware?
  • Steve
    Steve Posts: 5  Freshman Member
    First Comment
    edited December 2018
    Hi Emily
    I was able to install the new firmware that you sent me.
    Sadly this did not fix my problem. I still don't get an IP address for the TAP network device. Further ideas?
    Steve
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @Steve
    I want to analyze the SSL VPN connection from my PC to your device, so please private message  the details of remote session.(The USG's Wan IP and username/password)
    Charlie
  • rootmin
    rootmin Posts: 4  Freshman Member
    First Comment Friend Collector
    edited January 2019
    I do have the exact same issue. We use the USG20 on the latest firmware (checked today) and secuextender is working without any problems on 3 win10 machines. then i have two other clients, also win10, the connection works flawlessly, the routes are set but the TAP Interface gets no IPs and says "no network connectivity", both on ipv4 and ipv6 i get no IP.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @rootmin
    I tested locally without any issue. The firmware is 3.30(BDQ.9).

    Can you private message your configuration to me.
    Charlie
  • rootmin
    rootmin Posts: 4  Freshman Member
    First Comment Friend Collector
    @Steve did you get the problem fixed? I am still struggling.
  • Steve
    Steve Posts: 5  Freshman Member
    First Comment
    edited February 2019
    Hello
    No actually not. I could not get this to work - even with the firmware from Emily.
    But I setup a new Windows 10 virtual machine with version 1809 and this machine is connecting flawlessly and even getting an IP. So I guess something with my OS is fu**ed up. But I won't reinstall - I'll use the VM for now.
  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Does the Assign IP pool not conflict with your LAN?

    Try a range 192.168.139.1-192.168.139.14 and in global settings for network extension local IP to 192.168.139.1


  • Steve
    Steve Posts: 5  Freshman Member
    First Comment
    PeterUK said:

    Does the Assign IP pool not conflict with your LAN?

    Try a range 192.168.139.1-192.168.139.14 and in global settings for network extension local IP to 192.168.139.1


    No, not at all. I already verified this.

Security Highlight