Options

Mobile VPN with SSL: Could not read configuration & Failed to get domain name from China

crm_informaticacrm_informatica
in Firebox - VPN Mobile User

Hello to everybody,
I have some problems connetting to my LAN with VPN by XTM330 from China.
Is there a way to get VON connection?
I get a 1st window message of Watchguard Firebox SSL when connecting to XTM: "Retrieving policies from aaa.bbb.ccc.ddd Could not read configuration" and after "(Failed to get domain name) Could not download the configuration from the server. Do you want to try to connect using the most recent configuration?"
I usually don't have any problems with the same client if I'm connecting from EU Countries; I have these problems only when I'm connecting from China. So I think there are some restrictions but I don't know which one. Is there other way to connect to my company's LAN using VPN of Watchguard?
Thanks to all
Michele

Comments

  • Options
    Bruce_BriggsBruce_Briggs

    Looks like the China's firewall is blocking this connection.
    I have no idea if any WG VPN will work

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @crm_informatica
    The error you're seeing is suggesting that the SSLVPN simply can't connect - it's asking if you want to use a cached version of the profile for the firewall from the last time you successfully connected.

    The country your firebox resides in is well known for restricting VPNs. If you're unable to access the VPN suddenly with no configuration changes, I would suggest contacting the ISP on that remote side to find out if they can open the port that you're using.

    -James Carson
    WatchGuard Customer Support

  • Options
    crm_informaticacrm_informatica
    edited April 19

    Hi @james.carson. Thanks for your reply. The FW is in EU (Italy), the client with "Mobile VPN with SSL Client" app is in China.

  • Options
    PhilT_VITPhilT_VIT

    As Bruce_Briggs mentioned, it is likely - and I would agree - the outgoing firewall on the Chinese government side is the issue (the one dubbed the Great Firewall of China).

    It might work if a different port number is used (ie. not 443) - you'd have to specify this when establishing the connection and make sure it matches the config on the Firebox that is in Italy.
    Word of caution - sometimes it will work once, then stops working after that (this is less likely with private VPN endpoints, but the government firewall could block the connection the second time round).

Sign In to comment.