VPN SSL - Slow unstable connection
All Replies
-
Hi, having the same issues... Using the latest version of SecurExtender 4.0.3
SSL VPN setup with AD LDAP configured for authentication.. everything worked fine until u upgraded the router to version 4.33 and our SSL VPN has been unstable ever since..
Slow connection, random disconnects, connected sessions won't last 10 minutes at times... Really frustrating..
Both Mac and windows users impacted
Thanks
Richard
0 -
Hi @Zywak
We have fixed SSL VPN issue in firmware. You can download USG40W firmware by this link:
ftp://ftp.zyxel.com/USG40W/firmware/433AALB0ITS-WK19-r88384.zip
0 -
Thanks, but I'm using zywall 310.. I have also applied the latest WK19 patch without resolving...
Thanks,
Richard
0 -
Hi @Zywak
Can you send me the SecuExtenderHelper.log via private message. The file is located at C:\.
0 -
0
-
Hi @Zywak
From the log we can see that the IP you get from the USG is 192.168.200.20, it is overlap with SSL VPN Network Extension Local IP 192.168.200.1.
It may have problem when SecuExtender add routing to windows routing table. Please change the SSL VPN to other subnet and try it again.
p.s. Don’t overlap with other USG interface subnet.
~~~~ SecuExtenderHelper.log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ 2019/05/15 14:48:59 ][SecuExtender Helper] Adding an IP/netmask ip = 192.168.200.20/255.255.255.255 to interface 21 using the Win32 IP Helper API, uNTEContext = 348694720, status = 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0 -
Same problem here for months. USG110, fw 4.33(AAPH.0), latest SecuExtender. No IP range overlaping. Problem: VPN connected, but internal routing lost after some time (from minutes after connection to hours) - no ping to internal ip, no RDP. Disconnect and reconnect with SecuExtender sometimes help, sometimes not. We have the same problem all the time, we own USG (13 months). Every time the same support reply - try the new firmware.. What to do? Anybody cares? Is anybody on Zyxel side able to solve this issue? If not, release the firmware as open source, we will solve it.
1 -
You can rule that out... I change the VPN pool to 192.168.100.20 - 50 with network extension local IP stays at 192.168.200.1
After just 10 mins, VPN disconnected... Retry connection again, it stays up for a minute and dropped...
This is really frustrating..
Log:
==============================
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Request(110): INITIAL 21 342141120 4294967295 353675456 370452672 0 0
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Get netsh path = C:\WINDOWS\system32\netsh.exe
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Get ipconfig path = C:\WINDOWS\system32\ipconfig.exe
[ 2019/07/02 10:12:18 ][SecuExtender Helper] FlushIpNetTable on interface = 21, error code = 0
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Adding an IP/netmask ip = 192.168.100.20/255.255.255.255 to interface 21 using the Win32 IP Helper API, uNTEContext = 10110332, status = 5010
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Trying to flush previous address
[ 2019/07/02 10:12:18 ][SecuExtender Helper] delete_temp_addresses context = 342141120
[ 2019/07/02 10:12:18 ][SecuExtender Helper] delete_temp_addresses status = 0
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Adding an IP/netmask ip = 192.168.100.20/255.255.255.255 to interface 21 using the Win32 IP Helper API, uNTEContext = 342141120, status = 0
[ 2019/07/02 10:12:18 ][SecuExtender Helper] WriteFile hPipe success agentState.aState = 2, agentState.aError = 0, dwWrite = 8
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Request(130): CREATE 3403446282/2857277247 21 342141120 4294967295 29927616 0 0
[ 2019/07/02 10:12:18 ][SecuExtender Helper] ACTION_CREATE pNetCfg->myip = 3403446282, pNetCfg->gwip = 2857277247, pNetCfg->dwIfIndex = 21, pNetCfg->nodeip = 342141120, pNetCfg->localip = 29927616
[ 2019/07/02 10:12:18 ][SecuExtender Helper] argc = 8
[ 2019/07/02 10:12:18 ][SecuExtender Helper] areacounter = 1
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Remove prioritize routing
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Fail to prioritize route to 63.161.54.150, 255.255.255.255, error = 5010
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Fail to prioritize route to 63.161.54.150, 255.255.255.255, error = 160
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Success to change default route
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Failed to add route 0.0.0.0/0.0.0.0 (160) metric=50
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Succeed to add route 0.0.0.0/0.0.0.0 (0) metirc=500
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Succeed to add route 192.168.200.1/255.255.255.255 (0) metirc=500
[ 2019/07/02 10:12:18 ][SecuExtender Helper] Get netsh path = C:\WINDOWS\system32\netsh.exe
0 -
Sorry to hear that, Can you send me your configuration file via private message .
Let me test it at my lab.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight