SSL VPN disconnects for some remote users
I have a firebox T55w running version 12.8 firmware. I have to reboot my firewall occasionally when some SSL VPN users are randomly being disconnected. I was wondering if it could be related to the MTU setting. I have it set on the firewall to be 1500 but i notice in the client logs it shows connecting at 1624 as seen below.
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: timers and/or timeouts modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: --ifconfig/up options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: route options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: route-related options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: peer-id set
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: adjusting link_mtu to 1624
Part of log file when client is reconnecting below......
2023-03-02T07:38:18.856 OVPN:>LOG:1677760698,I,[Fireware SSLVPN Server] Inactivity timeout (--ping-restart), restarting
2023-03-02T07:38:18.856 OVPN:>LOG:1677760698,I,SIGUSR1[soft,ping-restart] received, process restarting
2023-03-02T07:38:18.857 OVPN:>LOG:1677760698,,MANAGEMENT: >STATE:1677760698,RECONNECTING,ping-restart,,,,,
2023-03-02T07:38:18.857 Stop repeated reconnecting due to TDR check failure or other abnormal situation
Any ideas would be appreciated....
Comments
Hi @GARYMN
If the MTU were set to high, it would likely just cause tunnel traffic to fragment.
The log here suggests that TDR license enforcement is on -- if the client isn't able to check for that, and it is enabled, that may be the issue:
2023-03-02T07:38:18.857 Stop repeated reconnecting due to TDR check failure or other abnormal situation
If you're unsure, I'd suggest opening a support case so one of our team can assist.
-James Carson
WatchGuard Customer Support