Error 0x800b0109 connecting to VPNSSL

Options
Zulgrib
Zulgrib Posts: 27  Freshman Member
First Anniversary 10 Comments Friend Collector

Hello,

I get an error 0x800b0109 when connecting to the VPNSSL using client version 4.0.5.0 from Windows 10.

The USG Flex 200 is up to date running 5.37(ABUI.1) and not showing me newer versions when checking.

vcredist 2015 are installed for both x86 and x64, the helper service is running, no AV software are installed at all, Windows firewall is disabled, SecuExtender local root cert (which is a security flaw) is present. I even exported the default cert from the USG to import it to Windows' trusted authorities store which didn't help.

On the USG side, no errors are logged, the USG confirms the credentials were correct.

Copy of logs available in #417177

The logs are not useful to resolve the issue as it claims an issue related to the root certificate while the USG self signed cert was added as root in the certificate store.

Local Zyxel support office were not able to reproduce the issue, but I was able to reproduce it on multiple computers, including computers belonging to different organizations. I'm open to using a version with more verbose logging to pinpoint the issue. OpenVPN on the same computer works correctly, which means the problem isn't upstream to OpenVPN but specific to Zyxel's implementation.

All Replies

  • WJS
    WJS Posts: 155  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    lookup the error code is from cert issue.

    Do you remember if any cerfificate checking window pop-up when you connected

  • Zulgrib
    Zulgrib Posts: 27  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edited February 9
    Options

    I understand it is a certificate issue, this is why I insisted on adding the cert to the system store.

    Yes there is a popup asking me to verify if the certificate is correct; the certificate shown is the one expected, so I click on «yes».

  • CHS
    CHS Posts: 181  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Is the VPN connection able to establish successfully? You might consider setting up an IKEv2 VPN tunnel using the native Windows client for potentially improved performance.

    Moreover, deploying the IKEv2 VPN tunnel to each client is significantly easier.

  • Zulgrib
    Zulgrib Posts: 27  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    We can't run ike on port 443

Security Highlight