VPN gets disconnected right after connecting

Apolovin
Apolovin Posts: 1
edited April 2021 in Security
As soon as I try to connect after entering my credentials the VPN client connects and disconnects right away.

I'm getting the error below from secu extender client log:

[ 2020/09/03 15:43:58 ][SecuExtender Agent][ERROR]   **** Error 0x800b0109 authenticating server credentials! (0x0)

Please see attached document for full log





All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 880  Zyxel Employee

    Hi @Apolovin,

    It shows "SSL handshake fail" in the log.

    We need to check the SSL VPN settings on your USG/ZyWALL.

    I'll contact you in private message for remote access information.

  • inchica
    inchica Posts: 10
    edited September 2020
    Hello,

    I am having a similar problem. I updated our ZyWALL 110 to firmware V4.39(AAAA.0) and since then have not been able to login via VPN. SecuExtender sends a notification immediately that says it's disconnected. We are use ZyWALL SecuExtender Version 1.1.9 for macOS Catalina Version 10.15.6 (19G2021).

    This was in the log: 
    Category: 
    SSL VPN
    Message:
    "User type Administrator is not allowed, and SSL tunnel has been disconnected." 
    Note: 
    X���


    I tried to log into the VPN again this morning, and this was in the firewall log (screenshot). At the same time, the firewall log completely cleared all previous entries (this has never happened before). The only time the firewall clears all logs is when it is restarted or shut down, which did not happen when I attempted to log into the VPN. 

    I will send you the Details log from SecuExtender. What other information can I send you? 
  • Zyxel_Emily
    Zyxel_Emily Posts: 880  Zyxel Employee
    We need to check the SSL VPN settings on your USG/ZyWALL.
    I'll contact you in private message for remote access information.
  • Zyxel_Emily
    Zyxel_Emily Posts: 880  Zyxel Employee
    Message:
    "User type Administrator is not allowed, and SSL tunnel has been disconnected." 

    The message appears because SSL VPN can only be connected by “User” type since firmware 4.39.
    The SSL VPN is mainly designed for remote users to access the LAN subnets of ZyWALL, not for administrator to manage the ZyWALL. 
    Here is the release note of 4.39 for your reference.
    Only "user" type account is able to build up SSL VPN to ZyWALL.

    If you'd like to access the web GUI to manage the ZyWALL, just access the WAN IP address of ZyWALL directly with administrator level account. You can also limit the source IP address of the administrator account for better security protection.
    Hence, we suggest you use "user type" account to build up SSL VPN.

Security Highlight