SSL VPN Network list bug for same subnet as server

PeterUK

This bug happens for when “Force all client traffic to enter SSL VPN tunnel” is disabled and using network list the bug disconnects the client in under 2mins.

If SSL VPN server is 192.168.255.202 and client at 192.168.255.193 and you add network list LAN1_subnet 192.168.255.192/26 the client disconnects within 2mins of connecting.

If you remove LAN1_subnet and add LAN2_subnet 192.168.138.0/28 the client stays connected.

If you add in the network list a host address 192.168.255.202 the client disconnects within 2mins of connecting.

This is with SecuExtender 4.0.3.0 with Zywall 110 firmware V4.33(AAAA.0)ITS-WK19-r88384

Zyxel_Cooldia

Hi @PeterUK

Do you mean when your connect the ssl VPN,

In status tab, the client ip is 192.168.255.193, the Sever IP is 192.168.255.202, and the LAN1_subnet is 192.168.255.192/26.

LAN1 subnet is same as client ip, and server IP?

PeterUK

The SSL VPN range is 192.168.139.1-192.168.139.14.

The client IP before connecting to the SSL VPN is 192.168.255.193 in subnet 192.168.255.192/26 with the SSL VPN at 192.168.255.202 if network list has LAN1_subnet 192.168.255.192/26 the SSL VPN disconnects within 2mins and also with host address 192.168.255.202

Zyxel_Cooldia

Hi @PeterUK

I did the same scenario as you mentioned. The tunnel uptime is more than 9 minutes.

Can you send me your configuration via private message. 

Let me test the scenario with your configuration.

Screenshot on the right is my lab test result, the connected time is more than 9 minutes.

PeterUK

Was the client IP before connecting to the SSL VPN 192.168.255.193? the client was XP so that might have something to do with it?

PeterUK

Found the problem its because the client is running XP the issue does not happen with win 7 as XP is EOL its not that important to fix this bug really. The problem can be worked around by single host addresses within same subnet as server.

Zyxel_Cooldia

Hi @PeterUK

Thanks for sharing your test result.😄