USG FLEH 100H SSL VPN doesn't work

Hello everyone,

I need your help, please.

I've got a big problem. I've set up an SSL VPN. I did everything as it should be. The configuration is fine, but when I try to connect from the client machine using the OpenVPN Connect client, I always get the same message: connection timeout.

So, I have no idea what to do next. I just spent so much time finding the solution.

Thank you in advance.

Greg


All Replies

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Try using a DNS name in SSL VPN settings as the interface put the IP of the interface in config that might be wrong

  • gregwl
    gregwl Posts: 4
    First Comment

    Hi Peter,

    Do you mean this one, I tried I put somethink like www.domainname.com and stil no connection.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited May 24

    Does WAN1 have a WAN IP or is FLEX behind another NAT router?

    DNS name need to point to your WAN IP like a DDNS

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @gregwl,

    Please kindly check you have allowed port 10443 on Secure-policy if the message is connection timeout.

    And did you have any logs regarding the attempted ?

    Thank you

  • gregwl
    gregwl Posts: 4
    First Comment

    PeterUK,

    Yes WAN1 have WAN STATIC IP, no additional router, DNS is fine, pointing to my WAN IP.

    I tried everything.

    Although i downloaded from firewall ovpn profile and import in the openvpn connect still no connection.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    can you do a port scan to 10443 ?

    https://www.grc.com/x/ne.dll?bh0bkyd2

  • gregwl
    gregwl Posts: 4
    First Comment

    Hi Kevin,

    Which one exactly do you mean? Do I need to add an extra policy, or should I edit one of the existing secure policies? I tried allowing port 10443 on a secure policy, but I couldn't find the right one where I can allow port 10443.

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    You have to make service for port 10443 then its

    from WAN

    to Zywall

    service TCP10443 you make

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 885  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments

    Hi @gregwl ,

    If you already have allowed rule , may we have remote session to check issue ?

    I send you avaiallbe time by Private message.

    Thank you