mobile ssl vpn immediate disconnects

Dudley_BattersDudley_Batters
in Firebox - Upgrade, Downgrade, Backup

I have an odd problem with some installs of Mobile SSL vpn. The client authenticates, connects, adds routes and then immediately disconnects. This happens on only 3 of our clients so far, different machines, different operating systems. Client uninstall and re-install does not resolve the issue. Can anybody shed any light?

Comments

  • Bruce_BriggsBruce_Briggs

    What firewall model & XTM version do you have?
    What are the OSes of the problem devices?
    Anything obvious in Traffic Monitor for these problem connections?

    You can turn on diagnostic logging for SSLVPN which may show something to help:
    In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> SSL
    In the Web UI: System -> Diagnostic Log
    Set the slider to Information or higher

  • Bruce_BriggsBruce_Briggs

    Also, anything obvious in the SSLVPN client logs?
    Right click on the icon in the Windows System tray, select View Logs

  • UnpanmanUnpanman

    Check that you have the TAP driver installed. We had this issue and it was due to installing the software silently which did not automatically install the TAP driver like is requested when installed manually.

  • greggmh123greggmh123

    If you use Windows 10, run the installer as Administrator or else the TAP driver may not install correctly.

    Gregg Hill

  • JaumeJaume

    Did you resolve the problem? I have exactly the same problem. I discovered that it happens with some internet home connections (FTTH connections, Movistar, Vodaphone...). The same client (laptop) connected from a FTTH connection (does not works) and then connected througt 4G (with his smartphone) works, or connected from a professional office (FTTO connection) works. Thanks

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Jaume
    That type of disconnect would suggest that you're getting a reset sent to you when you try to connect.

    -Make sure that you're using the standard port (443/tcp)
    -If you're using a mobile router, make sure that any options that look like "allow VPN pass-thru" are enabled.

    If you continue to run into that issue, I'd suggest opening a support case.

    -James Carson
    WatchGuard Customer Support

  • Bill_FBill_F

    I ran into an issue connecting after installing a SOPHOs VPN client. Ended up reinstall the Watchguard SSL VPN client and it started to work again. SOPHOS must have tweaked the TAP client.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Bill_F

    Looking at Sophos' SSLVPN client, theirs appears to be based on OpenVPN (lots of vendors do this for compatibility.) -- Your assessment is likely correct.

    I can't speak to Sophos' implementation, but our SSLVPN installer does have an option to not install (and ergo, use the existing installed) TAP driver. Reinstalling our client would have also registered it with the correct one.

    If both clients are working, they should be registered with the correct driver they're using.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.