ZyXEL SecuExtender on Windows doesn't work time to time

pista
pista Posts: 22  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hi Forum,

we are facing issue with ZyXEL SecuExtender on Windows 10 (v 4.0.2.0).

The SecuExtender is working once and suddenly is not working next time. This happens several users in random time (we can say once per 4 days).

What does it mean? 

Once you write your credentials and try to login to SSL VPN via SecuExtender, everything is fine, necessary networks are obtained and you can work. But time by time, the login is successful, you are connected, GUI shows that you have obtained all necessary networks, but you can't reach them (for example web page, etc.). 

After a while (hours), nothing changes, we tried to connect again and device was able to connect.

I am going thru SecureExtender logs and SecuExtender Helper logs, but nothing suspicious. 

I also tried to disable and enable the 'TAP-Windows Adapter V9 for Zyxel SecuExtender' or kill the session via ZyXEL Admin, once it helped, but another times, it didn't.

Now I am waiting for the issue, to extract the logs for you.

Are you familiar with this issue? Do you have some workaround? 

Current Version: V4.31(AAPK.0)

Thanks a lot! 
Stefan

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @pista

    Welcome to Zyxel community. :)

     

    After installed SecuExtender, it will installed a virtual interface named “PAT-Windows adapter”.

    And after established SSL VPN tunnel, it will add a additional routing in your routing table.

    First, you can check the IP address you received.


    And you can show the routing table on your windows by “route print” by CLI command.

    In this example it has forwarded all of traffic into SSL VPN tunnel. So there is a route like:

    Destination 0.0.0.0, Gateway(TAP gateway): 192.168.200.1, Interface: 11.11.11.1.


    You can make sure if the routing table has added after SSL VPN tunnel is established.

  • pista
    pista Posts: 22  Freshman Member
    First Anniversary Friend Collector First Comment
    edited July 2018
    Hi @Zyxel_Stanley @Zyxel_Charlie

    I am sending you screenshots of device where it works (left) and device where it suddenly doesn't work (right). I can't see difference between your/ours OK and NOK :/ can you help?

    Only think what I can see, you have in Network connection details IPv4 Default Gateway and IPv4 DNS Server the same.

    Can you please give some advice? Where the issue can be?

    All devices are working (100), but time to time (maybe 1-2 per day are unable to connect to our AWS servers/tunnels)

    Thanks!

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @pista

    The SSLVPN routing table still exist on the PC, so SecuExtender still working.

    10.0.0.0/16  Gateway:192.168.200.1, interface:192.168.5.3

    10.100.0.0/16 Gateway:192.168.200.1, interface:192.168.5.3

     

    But in screen shot(right), there are 2 interfaces are working in the same time.(should be Ether and WiFi)

    If IP has changed or shutdown/bring up interface may caused your PC routing table has abnormal behavior.

    But this situation will gone if you disconnect/connect SSL VPN tunnel again. Because it will rewrite routing to this PC again.

  • pista
    pista Posts: 22  Freshman Member
    First Anniversary Friend Collector First Comment
    Hi @Zyxel_Stanley

    Even the restart of the interface didn't help in this case. 

    Do you have some evidence, that Windows SecuExtender has issues with stability?
    Because it happens quite often for several users. 

    Just reboot (sometimes twice) of their own device helps and sometimes don't.

    Thanks! 
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,361  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @pista
    Per our discussion in private message, please update your test result by private message
  • pista
    pista Posts: 22  Freshman Member
    First Anniversary Friend Collector First Comment
    For others, who will face this (not sure if we are safe now, but looks that it helped a bit):

    Looks like upgrade of the firmware helped.

    - previous version of firmware: V4.31(AAPK.0)
    - current version: V4.31(AAPK.1)ITS-WK27-r84664

Security Highlight