SecuExtender 4.0.3.0 for Windows fails to obtain IP address from USG-20
USG-20
firmware 4.32
Windows 10 1803
Just got a new HP Spectre x360 15 laptop a few days ago, with all available Windows Updates installed, except unclear why it hasn't updated to 1809.
L2TP/IPSec VPN connection to my office functions normally after changing security on the adapter to PAP from CHAP-2 as per a post I found from Zyxel.
SecuExtender 4.0.3.0 installs without problems, also connects, but the VPN tunnel is unusable, as the TAP adapter used by SecuExtender doesn't receive an IP from the USG-20. The IP listed for the TAP connector is an autoconfiguration IP.
I had successfully configured both types of VPN connections last year with a MacBook Pro 15, but stopped using the Mac OS SSL client, which was not free like the Windows client. I still have the Mac at home, but haven't retested it with the Mac SSL client, as the trial period has expired.
No changes to either VPN configuration have been made since the initial configuration.
One of my employees will need VPN access as well, using a Windows 10 laptop, and I want them to use the SSL VPN.
I saw a similar post from 11-29-2018, where you sent them newer firmware by private message. They haven't yet responded whether the problem was resolved with the new firmware.
No new firmware comes up with Check Now under Firmware Management on the USG-20.
Thanks
firmware 4.32
Windows 10 1803
Just got a new HP Spectre x360 15 laptop a few days ago, with all available Windows Updates installed, except unclear why it hasn't updated to 1809.
L2TP/IPSec VPN connection to my office functions normally after changing security on the adapter to PAP from CHAP-2 as per a post I found from Zyxel.
SecuExtender 4.0.3.0 installs without problems, also connects, but the VPN tunnel is unusable, as the TAP adapter used by SecuExtender doesn't receive an IP from the USG-20. The IP listed for the TAP connector is an autoconfiguration IP.
I had successfully configured both types of VPN connections last year with a MacBook Pro 15, but stopped using the Mac OS SSL client, which was not free like the Windows client. I still have the Mac at home, but haven't retested it with the Mac SSL client, as the trial period has expired.
No changes to either VPN configuration have been made since the initial configuration.
One of my employees will need VPN access as well, using a Windows 10 laptop, and I want them to use the SSL VPN.
I saw a similar post from 11-29-2018, where you sent them newer firmware by private message. They haven't yet responded whether the problem was resolved with the new firmware.
No new firmware comes up with Check Now under Firmware Management on the USG-20.
Thanks
0
Accepted Solution
-
If you use a range instead of a subnet this problem happens with 4.0.3.0. I did not use any date code but changes everything to subnets.
edit: typos5
All Replies
-
If you use a range instead of a subnet this problem happens with 4.0.3.0. I did not use any date code but changes everything to subnets.
edit: typos5 -
Thanks!
Worked first try.
The SSL VPN was configured for a range rather than subnet.
Created a subnet consisting of the previous range, changed the Selected Address Objects to the subnet object from the prior range object, and everything seems to work.
The TAP adapter has an IP address on the VPN subnet, with the USG-20 as the DNS server. I can log on to the USG-20 as an admin using its local IP address, ping the USG-20 and our main server, RDP into our server (still have to use its IP address rather than NETBIOS name).
Am also embarassed, as the last paragraph in the Release Notes didn't register when I RTFM, but now makes sense:
Known Issue If user set IP Range for SSL VPN on USG/ATP, PC cannot get IP. Please use with ZLD4.32P1. [Workaround] Used Host or Subnet.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight