SecuExtender IPSec Windows VPN client suddently will not connect

Options
OWB
OWB Posts: 26 image  Freshman Member
First Comment Friend Collector Fifth Anniversary
in Security

Hi,

For remote access, we use the SecuExtender IPSec client, running on a Win11 PC. It's connecting to a VPN100 at the main office, and it has been running without troubles for a long time, but suddently after at Windows restart, propbably in connection with Windows Updates, the client is not able to connect anymore.

I have tried to do a reprovisioning, and aquring the configuration from the VPN100 still possible.

When hitting [Open tunnel], it seems from the log, that it retry something 3 times before connection is aborted (logfile attached)

Any idea what could be wrong?

Best regards Ole.

SecuExtenderIPSEC.log

All Replies

  • smb_corp_user
    smb_corp_user Posts: 172 image  Master Member
    5 Answers First Comment Friend Collector Third Anniversary
    edited December 11

    Well, I am not an expert when it comes to VPN and IKE, but I can suggest what would be the 3 things repeated before connection is aborted:

    SEND IKE_SA_INIT request MID=0000 (rest of line intentionally omitted)

    SEND IKE_SA_INIT repeat MID=0000 (rest of line intentionally omitted)

    SEND IKE_SA_INIT repeat MID=0000 (rest of line intentionally omitted)

    3 attempts with no response. Aborting connection.

    By the way: those lines saying "No SSL configuration", do you know if they were present before, when it worked? Or for that matter, do you have any logs saved from before when it worked?

    Best regards,
    Trond

  • PeterUK
    PeterUK Posts: 4,264 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited December 11

    The way I read it is your not using SSL by IKEv2 and from the looks of it the client can't get to the VPN100?

    Has the IP changed? is the self signed cert in date if using?

  • OWB
    OWB Posts: 26 image  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    Hi,

    Thank you for the replies.

    @smb_corp_user unfortunately I do not have a log from when it worked. The PC is doing an auto reboot every morning 6:00, and from what I can find out, the log is cleared when the IPSec client is restarted. I noticed the mention of "No SSL configuration" and wondered what that means, since it's an IPSec connection.

    @PeterUK The static WAN IP of the VPN100 have not changed, configuration provisioning is still possible, and you are acquiring the configuration from the VPN100 by WAN IP and SSL. Certificate is self-signed and renewed back in august and last for 2 years.

    BR O

  • Zyxel_Tina
    Zyxel_Tina Posts: 447 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers First Comment

    Hi @OWB,

    To narrow down the cause, please check the following:

    1. Verify connectivity to the VPN gateway
      1. Ensure the client can reach the VPN100's IP address (perform a ping test to confirm the target IP is valid).
    2. Confirm UDP ports 500 and 4500 are not blocked
      1. These ports must be reachable end-to-end for IKEv2/IPSec. Please ensure UDP ports 500 and 4500 are open.
      2. Additionally, please check the Event Log to identify which segment of the connection is experiencing the issue.
    3. Check Windows Firewall or security software
      1. Windows updates can sometimes modify local firewall rules. Temporarily disable it to test if it's affecting the VPN connection.
    4. Validate certificate settings
      1. Ensure the client is using the correct and valid certificate after the update.

    In addition, please provide the Windows 11 build number and details of recent Windows Updates (KBs) installed, as certain updates may affect VPN components.

    Zyxel Tina

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)