SSL VPN stopped working

Hi,

We use the WG SSL VPN tool to connect into our office. One of my colleagues has reported that it's suddenly stopped working. I asked him to uninstall, and download afresh and reinstall, but it won't make a VPN connection.

He's running Win 10.

Everyone else can still VPN in.

Here's the log file... anyone got any ideas please?

2021-08-23T15:53:04.195 OVPN:>LOG:1629730384,,TLS: Initial packet from [AF_INET]-removed-, sid=f0804422 ad6a6955

2021-08-23T15:53:04.197 OVPN:>LOG:1629730384,W,WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2021-08-23T15:53:04.268 OVPN:>LOG:1629730384,N,VERIFY ERROR: depth=0, error=unable to get local issuer certificate: O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN Server

2021-08-23T15:53:04.271 OVPN:>LOG:1629730384,N,OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

2021-08-23T15:53:04.272 OVPN:>LOG:1629730384,N,TLS_ERROR: BIO read tls_read_plaintext error

2021-08-23T15:53:04.274 OVPN:>LOG:1629730384,N,TLS Error: TLS object -> incoming plaintext read error

2021-08-23T15:53:04.276 OVPN:>LOG:1629730384,N,TLS Error: TLS handshake failed

2021-08-23T15:53:04.278 OVPN:>LOG:1629730384,N,Fatal TLS error (check_tls_errors_co), restarting

2021-08-23T15:53:04.280 OVPN:>LOG:1629730384,I,SIGUSR1[soft,tls-error] received, process restarting

2021-08-23T15:53:04.282 OVPN:>LOG:1629730384,,MANAGEMENT: >STATE:1629730384,RECONNECTING,tls-error,,,,,

2021-08-23T15:53:04.284 TLS error or config mismatch occurred again with re-downloaded profile, stop reconnecting

*removed public IP from logs

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Check your internet settings for the TLS version your system is configured to use:

    -Press WIN+R
    -Type in "inetcpl.cpl"
    -Go to the advanced tab.
    -Scroll to the bottom of the settings list. Look for "Use TLS 1.2" -- this must be on. Many websites still require TLS 1.1 as well.

    It also may be worth seeing if they can get to the SSLVPN landing page on the firewall, which is usually https://IP of firewall/sslvpn.html

    -James Carson
    WatchGuard Customer Support

  • Hi James,

    Thanks for your response - checked both those things, TLS 1.2 is already selected and the user can reach the Firewall sslvpn page.

    What's odd is that he has 2 PCs at home, and one can connect on SSLVPN and the other can't, so sounds more like a local corruption on that PC.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Fred2K

    If they're able to get to the page then there's likely something on that PC blocking the SSLVPN application from talking out. The SSLVPN app uses a TAP (Tunnel AdaPter) to make its network connection.

    The easiest way to make sure that's in place is to uninstall/reinstall the SSLVPN Application.

    You can find a direct link to the windows version here:
    https://cdn.watchguard.com/SoftwareCenter/Files/MUVPN_SSL/12_7/WG-MVPN-SSL_12_7.exe

    If your issue persists, I'd suggest opening a support ticket (using the support center link on the top right of this page.)

    -James Carson
    WatchGuard Customer Support

  • "The easiest way to make sure that's in place is to uninstall/reinstall the SSLVPN Application."

    I always had to run it as administrator or it would not install the TAP driver properly.

    Gregg Hill

Sign In to comment.