SSL VPN stopped working
Hi,
We use the WG SSL VPN tool to connect into our office. One of my colleagues has reported that it's suddenly stopped working. I asked him to uninstall, and download afresh and reinstall, but it won't make a VPN connection.
He's running Win 10.
Everyone else can still VPN in.
Here's the log file... anyone got any ideas please?
2021-08-23T15:53:04.195 OVPN:>LOG:1629730384,,TLS: Initial packet from [AF_INET]-removed-, sid=f0804422 ad6a6955
2021-08-23T15:53:04.197 OVPN:>LOG:1629730384,W,WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-08-23T15:53:04.268 OVPN:>LOG:1629730384,N,VERIFY ERROR: depth=0, error=unable to get local issuer certificate: O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN Server
2021-08-23T15:53:04.271 OVPN:>LOG:1629730384,N,OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-08-23T15:53:04.272 OVPN:>LOG:1629730384,N,TLS_ERROR: BIO read tls_read_plaintext error
2021-08-23T15:53:04.274 OVPN:>LOG:1629730384,N,TLS Error: TLS object -> incoming plaintext read error
2021-08-23T15:53:04.276 OVPN:>LOG:1629730384,N,TLS Error: TLS handshake failed
2021-08-23T15:53:04.278 OVPN:>LOG:1629730384,N,Fatal TLS error (check_tls_errors_co), restarting
2021-08-23T15:53:04.280 OVPN:>LOG:1629730384,I,SIGUSR1[soft,tls-error] received, process restarting
2021-08-23T15:53:04.282 OVPN:>LOG:1629730384,,MANAGEMENT: >STATE:1629730384,RECONNECTING,tls-error,,,,,
2021-08-23T15:53:04.284 TLS error or config mismatch occurred again with re-downloaded profile, stop reconnecting
*removed public IP from logs
Comments
Check your internet settings for the TLS version your system is configured to use:
-Press WIN+R
-Type in "inetcpl.cpl"
-Go to the advanced tab.
-Scroll to the bottom of the settings list. Look for "Use TLS 1.2" -- this must be on. Many websites still require TLS 1.1 as well.
It also may be worth seeing if they can get to the SSLVPN landing page on the firewall, which is usually https://IP of firewall/sslvpn.html
-James Carson
WatchGuard Customer Support
Hi James,
Thanks for your response - checked both those things, TLS 1.2 is already selected and the user can reach the Firewall sslvpn page.
What's odd is that he has 2 PCs at home, and one can connect on SSLVPN and the other can't, so sounds more like a local corruption on that PC.
Hi @Fred2K
If they're able to get to the page then there's likely something on that PC blocking the SSLVPN application from talking out. The SSLVPN app uses a TAP (Tunnel AdaPter) to make its network connection.
The easiest way to make sure that's in place is to uninstall/reinstall the SSLVPN Application.
You can find a direct link to the windows version here:
https://cdn.watchguard.com/SoftwareCenter/Files/MUVPN_SSL/12_7/WG-MVPN-SSL_12_7.exe
If your issue persists, I'd suggest opening a support ticket (using the support center link on the top right of this page.)
-James Carson
WatchGuard Customer Support
"The easiest way to make sure that's in place is to uninstall/reinstall the SSLVPN Application."
I always had to run it as administrator or it would not install the TAP driver properly.
Gregg Hill
Apologies for the late update - can confirm the reinstall worked. I'm sure I'd tried that already, but anyway - thanks again for the assistance.
Did you reinstall by running it as administrator? That is what always works for me.
Gregg Hill