SSL VPN Network list bug for same subnet as server

Options
PeterUK
PeterUK Posts: 2,709  Guru Member
First Anniversary 10 Comments Friend Collector First Answer
edited April 2021 in Security

This bug happens for when “Force all client traffic to enter SSL VPN tunnel” is disabled and using network list the bug disconnects the client in under 2mins.

If SSL VPN server is 192.168.255.202 and client at 192.168.255.193 and you add network list LAN1_subnet 192.168.255.192/26 the client disconnects within 2mins of connecting.

If you remove LAN1_subnet and add LAN2_subnet 192.168.138.0/28 the client stays connected.

If you add in the network list a host address 192.168.255.202 the client disconnects within 2mins of connecting.

This is with SecuExtender 4.0.3.0 with Zywall 110 firmware V4.33(AAAA.0)ITS-WK19-r88384

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @PeterUK

    Do you mean when your connect the ssl VPN,

    In status tab, the client ip is 192.168.255.193, the Sever IP is 192.168.255.202, and the LAN1_subnet is 192.168.255.192/26.

    LAN1 subnet is same as client ip, and server IP?


  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    The SSL VPN range is 192.168.139.1-192.168.139.14.

    The client IP before connecting to the SSL VPN is 192.168.255.193 in subnet 192.168.255.192/26 with the SSL VPN at 192.168.255.202 if network list has LAN1_subnet 192.168.255.192/26 the SSL VPN disconnects within 2mins and also with host address 192.168.255.202


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @PeterUK

    I did the same scenario as you mentioned. The tunnel uptime is more than 9 minutes.

    Can you send me your configuration via private message. 

    Let me test the scenario with your configuration.

    Screenshot on the right is my lab test result, the connected time is more than 9 minutes.


  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Was the client IP before connecting to the SSL VPN 192.168.255.193? the client was XP so that might have something to do with it?

  • PeterUK
    PeterUK Posts: 2,709  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2019
    Options

    Found the problem its because the client is running XP the issue does not happen with win 7 as XP is EOL its not that important to fix this bug really. The problem can be worked around by single host addresses within same subnet as server.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @PeterUK

    Thanks for sharing your test result.😄

Security Highlight