VPN50 Firmware Upgrade
Antonio1976
Posts: 7 
Freshman Member
Freshman Member
in Security
I've upgraded my Zyxel vpn to Firmware 5.01. Now any user cannot connect to SSL VPN.
How can i do?
How can i do?
0
All Replies
-
Hi @Antonio1976
I upgraded my VPN50 from v5.00 to v5.01, and the SSL VPN works fine. Since there is security check with v5.01, can you have a look if the SSL VPN users add the port after the IP address?
If it still does not work, please provide me your configuration via private message. I will have a look for it.
Joslyn
0 -
Sorry but i cannot view popup "Security check for web interface".
I only saw it the first time. How can i reopen ?
0 -
I upgraded 4.64 to my USG60 at home.
The security check will pop out on dashboard after disabling policy control function.
Maybe your configuration already passed check condition which working in the background, so it doesn't display on dashboard after logging on to management UI(dashboard).
0 -
Then,
whit previous firmware SSL VPN works well.
I've upgraded to new firmware 5.01.
In "Security check for web interface" popup i've set VPN port 18443 and in
Configuration-> VPN -> SSL VPN -> Global Setting compare "SSL VPN Server Port" : 18443
From Quick Setup i've set "Remote Access VPN" allowing all users.
In SecurExtender set
address:18433
username
password
SSL VPN doesn't work and i don't know what can i do.
This is the SecurExtender log:################################################################################################[ 2021/06/30 08:57:29 ][SecuExtender Agent][DETAIL] Build Datetime: Jan 25 2021/13:07:58[ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG] SecuExtender.log: C:\Users\Antonio Magnalardo\SecuExtender.log[ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG] osvi.dwPlatformId = 2, osvi.dwMajorVersion = 6, osvi.dwMinorVersion = 2[ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG] interface guid: {B3923D89-5A9F-452A-B3A9-183B8D236ED4}, idx: 2[ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG] tBuf : (\DEVICE\TCPIP_{B3923D89-5A9F-452A-B3A9-183B8D236ED4})[ 2021/06/30 08:57:29 ][SecuExtender Agent][DEBUG] network name got, idx: 21[ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL] Checking service (first) ...[ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL] SecuExtender Helper is running[ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL] Try to connect to SecuExtender Helper[ 2021/06/30 08:57:39 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected[ 2021/06/30 08:57:39 ][SecuExtender Agent][INFO] [antonio.magnalardo] try to login 79.9.199.211:18443[ 2021/06/30 08:57:39 ][SecuExtender Agent][INFO] Connect to 1326041043:18443[ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR] Cannot connect to device. 10061 (0x274d)[ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR] Connect socket failed. (0x0)[ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR] Failed to connect to device(1) (0x0)[ 2021/06/30 08:57:41 ][SecuExtender Agent][ERROR] user login device failed (0x0)[ 2021/06/30 08:57:41 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2021/06/30 08:57:41 ][SecuExtender Agent][DETAIL] Connection ends.[ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL] Checking service (first) ...[ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL] SecuExtender Helper is running[ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL] Try to connect to SecuExtender Helper[ 2021/06/30 08:58:12 ][SecuExtender Agent][DETAIL] SecuExtender Helper is connected[ 2021/06/30 08:58:12 ][SecuExtender Agent][INFO] [antonio.magnalardo] try to login 79.9.199.211:18443[ 2021/06/30 08:58:12 ][SecuExtender Agent][INFO] Connect to 1326041043:18443[ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR] Cannot connect to device. 10061 (0x274d)[ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR] Connect socket failed. (0x0)[ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR] Failed to connect to device(1) (0x0)[ 2021/06/30 08:58:15 ][SecuExtender Agent][ERROR] user login device failed (0x0)[ 2021/06/30 08:58:15 ][SecuExtender Agent][DEBUG] SSL Connection is going to be closed[ 2021/06/30 08:58:15 ][SecuExtender Agent][DETAIL] Connection ends.
0 -
Hi @Antonio1976
Our security check will ask you to choose a country as the source address for the SSLVPN. This will be added into the firewall rule.
Please have a look if all the VPN users are in the country. I guess your SSLVPN request has been blocked by the firewall rule. Just modify the Souce as any and have a test. If the tunnel can be established successfully, please add all the user country into the source address.
Joslyn0 -
These are settings.
But how can i check if all VPN users are in the country ?
I don't know how "add all of the user's country in the source address."
0 -
Please Joslyn,SSL VPN doesn't work,could you connect to our system with AnyDesc to verify our configuration?0
-
Hi @Antonio1976
Can you provide me the remote access and credential to your USG and create an SSL VPN user account for me to test?
Please send it via private message. I will have a test for it.
Joslyn0 -
Hi @Antonio1976
As discussing via private message, SSL VPN works fine after adding an NAT rule on the router and adjusting the auth method. Thanks for your sharing.
Joslyn0 -
Hi Joslyn, can you please share the NAT rule and adjusting auth method parameters ? Thanks
0
Zyxel Employee
Master Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
