VPN via MacOSX Secu extender

Sagemal
Sagemal Posts: 1  Freshman Member
edited April 2021 in Security

I got 2 external offices to which id like to use User VPN-Access through Secuexteneder.


Im using this allready for the Office #1 (USG 110 V4.33(AAAA.0) )

And this is working without any problems.


Now i added the Office #2 (USG40 V4.35(AALA.0) )

to my Secu extender and i copied the Settings form above USG 110.


Now the Problem is: the 2nd Connection (to USG 40) never gets past the token request.


Im allways gettin:

2019-11-05 16:16:21: SSL handshake failed: Error Domain=NSOSStatusErrorDomain Code=-9806 "errSSLClosedAbort: connection closed via error "



Here the 2 logs from secu exetender:


Working from unupdated USG 110:

2019-11-05 16:15:48: Viscosity Mac 1.1.9 (1293)

2019-11-05 16:15:48: Viscosity ZyXEL SSL Engine Started

2019-11-05 16:15:48: Running on Mac OS X 10.15.1

2019-11-05 16:15:48: ---------

2019-11-05 16:15:48: State changed to Connecting

2019-11-05 16:15:48: Checking reachability status of connection...

2019-11-05 16:15:48: Connection is reachable. Starting connection attempt.

2019-11-05 16:15:48: Attempting to resolve server address xxx.xx.xxx.xxx:443

2019-11-05 16:15:48: Server address resolved to IPv4 address xxx.xx.xxx.xxx:443

2019-11-05 16:15:48: Requesting authentication token from client

2019-11-05 16:15:48: No authentication token present, requesting authentication details

2019-11-05 16:15:48: Requesting authentication token from server

2019-11-05 16:15:48: Requesting token from xxx.xx.xxx.xxx

2019-11-05 16:15:48: Attempting to establish a connection to the remote server xxx.xx.xxx.xxx:443

2019-11-05 16:15:48: Waiting for reply from remote authentication server

2019-11-05 16:15:50: Authentication token present

2019-11-05 16:15:50: Starting connection negotiation with server

2019-11-05 16:15:50: Attempting to establish a connection to the remote server xxx.xx.xxx.xxx:443

2019-11-05 16:15:50: Setting socket flag: TCP_NODELAY

2019-11-05 16:15:50: Remote connection established xxx.xx.xxx.xxx:443

2019-11-05 16:15:50: Starting SSL/TLS negotiation

2019-11-05 16:15:50: Cipher: TLSv1.2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

2019-11-05 16:15:50: Requesting configuration

2019-11-05 16:15:50: Connection negotiation completed

2019-11-05 16:15:50: Local IPv4 Address: 192.168.2.2

2019-11-05 16:15:50: Local IPv4 Mask: 255.255.255.0

2019-11-05 16:15:50: Server IPv4 Address: 192.168.200.1

2019-11-05 16:15:50: DNS Server sent by server: 192.168.200.1

2019-11-05 16:15:50: Bringing up VPN interface

2019-11-05 16:15:51: Interface up

2019-11-05 16:15:51: VPN Interface: utun10

2019-11-05 16:15:51: DNS mode set to Full

2019-11-05 16:15:51: State changed to Connected

2019-11-05 16:15:59: State changed to Disconnecting

2019-11-05 16:15:59: Logging out from xxx.xx.xxx.xxx

2019-11-05 16:15:59: Attempting to establish a connection to the remote server xxx.xx.xxx.xxx:443

2019-11-05 16:16:01: VPN connection disconnected

2019-11-05 16:16:01: State changed to Disconnected


The Log from the USG 40 (updated latest release)

2019-11-05 16:16:05: Viscosity Mac 1.1.9 (1293)

2019-11-05 16:16:05: Viscosity ZyXEL SSL Engine Started

2019-11-05 16:16:05: Running on Mac OS X 10.15.1

2019-11-05 16:16:05: ---------

2019-11-05 16:16:05: State changed to Connecting

2019-11-05 16:16:05: Checking reachability status of connection...

2019-11-05 16:16:05: Connection is reachable. Starting connection attempt.

2019-11-05 16:16:05: Attempting to resolve server address xxx.xx.xxx.xxx:443

2019-11-05 16:16:05: Server address resolved to IPv4 address xxx.xx.xxx.xxx

2019-11-05 16:16:05: Requesting authentication token from client

2019-11-05 16:16:05: No authentication token present, requesting authentication details

2019-11-05 16:16:11: Requesting authentication token from server

2019-11-05 16:16:11: Requesting token fromxxx.xx.xxx.xxx:443

2019-11-05 16:16:11: Attempting to establish a connection to the remote server xxx.xx.xxx.xxx:443

2019-11-05 16:16:21: SSL handshake failed: Error Domain=NSOSStatusErrorDomain Code=-9806 "errSSLClosedAbort: connection closed via error "

2019-11-05 16:16:21: Sending login details to the remote authentication server failed

2019-11-05 16:16:21: Authentication attempt aborted

2019-11-05 16:16:21: State changed to Disconnected


Am i missing something?

Could it be the new Version that is broken?

Any help would be highly appreciated.


cheers Sagemal

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,385  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Sagemal,

    Mac OS 10.15 with Mac SecuExtender 1.1.9 is able to build SSL VPN to USG40 with firmware 4.35(AALA.0) successfully in our lab.

    We need the configuration file of your USG40 to check the symptom. I'll contacted you in private message for more information.  

Security Highlight