VPN50 Firmware Upgrade

I've upgraded my Zyxel vpn to Firmware 5.01. Now any user cannot connect to SSL VPN.
How can i do?
«1

All Replies

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @Antonio1976

    I upgraded my VPN50 from v5.00 to v5.01, and the SSL VPN works fine. Since there is security check with v5.01, can you have a look if the SSL VPN users add the port after the IP address?


    If it still does not work, please provide me your configuration via private message. I will have a look for it.

    Joslyn

  • Sorry but i cannot view popup "Security check for web interface".
    I only saw it the first time. How can i reopen ?
  • CHS
    CHS Posts: 177  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    I upgraded 4.64 to my USG60 at home.
    The security check will pop out on dashboard after disabling policy control function.
    Maybe your configuration already passed check condition which working in the background, so it doesn't display on dashboard after logging on to management UI(dashboard).

  • Then,
    whit previous firmware SSL VPN works well.
    I've upgraded to new firmware 5.01.

    In "Security check for web interface" popup i've set VPN port 18443 and in
    Configuration-> VPN -> SSL VPN -> Global Setting compare "SSL VPN Server Port" : 18443

    From Quick Setup i've set "Remote Access VPN" allowing all users.

    In SecurExtender set

    address:18433 
    username
    password

    SSL VPN doesn't work and i don't know what can i do.

    This is the SecurExtender log:

    ################################################################################################
    [ 2021/06/30 08:57:29 ][SecuExtender Agent][DETAIL]  Build Datetime: Jan 25 2021/13:07:58
    [ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG]   SecuExtender.log: C:\Users\Antonio Magnalardo\SecuExtender.log
    [ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG]   osvi.dwPlatformId = 2, osvi.dwMajorVersion = 6, osvi.dwMinorVersion = 2
    [ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG]   interface guid: {B3923D89-5A9F-452A-B3A9-183B8D236ED4}, idx: 2
    [ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG]   tBuf : (\DEVICE\TCPIP_{B3923D89-5A9F-452A-B3A9-183B8D236ED4})
    [ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG]   network name got, idx: 21
    [ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL]  Checking service (first) ...
    [ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL]  SecuExtender Helper is running
    [ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL]  Try to connect to SecuExtender Helper
    [ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL]  SecuExtender Helper is connected
    [ 2021/06/30 08:57:39 ][SecuExtender Agent][INFO]    [antonio.magnalardo] try to login 79.9.199.211:18443
    [ 2021/06/30 08:57:39 ][SecuExtender Agent][INFO]    Connect to 1326041043:18443
    [ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR]   Cannot connect to device. 10061 (0x274d)
    [ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR]   Connect socket failed. (0x0)
    [ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR]   Failed to connect to device(1) (0x0)
    [ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR]   user login device failed (0x0)
    [ 2021/06/30 08:57:41 ][SecuExtender Agent][DEBUG]   SSL Connection is going to be closed
    [ 2021/06/30 08:57:41 ][SecuExtender Agent][DETAIL]  Connection ends.
    [ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL]  Checking service (first) ...
    [ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL]  SecuExtender Helper is running
    [ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL]  Try to connect to SecuExtender Helper
    [ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL]  SecuExtender Helper is connected
    [ 2021/06/30 08:58:12 ][SecuExtender Agent][INFO]    [antonio.magnalardo] try to login 79.9.199.211:18443
    [ 2021/06/30 08:58:12 ][SecuExtender Agent][INFO]    Connect to 1326041043:18443
    [ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR]   Cannot connect to device. 10061 (0x274d)
    [ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR]   Connect socket failed. (0x0)
    [ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR]   Failed to connect to device(1) (0x0)
    [ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR]   user login device failed (0x0)
    [ 2021/06/30 08:58:15 ][SecuExtender Agent][DEBUG]   SSL Connection is going to be closed
    [ 2021/06/30 08:58:15 ][SecuExtender Agent][DETAIL]  Connection ends.

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @Antonio1976

    Our security check will ask you to choose a country as the source address for the SSLVPN. This will be added into the firewall rule. 

    Please have a look if all the VPN users are in the country. I guess your SSLVPN request has been blocked by the firewall rule. Just modify the Souce as any and have a test. If the tunnel can be established successfully, please add all the user country into the source address.

    Joslyn


  • These are settings.

    But how can i check if all VPN users are in the country ?

    I don't know how "add all of the user's country in the source address."

  • Please Joslyn,
    SSL VPN  doesn't work,
    could you connect to our system with AnyDesc to verify our configuration?
  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @Antonio1976

    Can you provide me the remote access and credential to your USG and create an SSL VPN user account for me to test?
    Please send it via private message. I will have a test for it.

    Joslyn
  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 360  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hi @Antonio1976

    As discussing via private message, SSL VPN works fine after adding an NAT rule on the router and adjusting the auth method. Thanks for your sharing.

    Joslyn
  • Hi Joslyn, can you please share the NAT rule and adjusting auth method parameters ? Thanks

Security Highlight