VPN User login disconnected 'PUSH_REQUEST' (status=1)
Hello everyone,
recently, we’ve been experiencing authentication failures for both new and existing users on our firewall. Existing users receive a "disconnected" message when trying to log in to the VPN client, but they can log in normally after changing their passwords. However, new users are unable to log in even after changing their passwords. The error recorded on the client for new users is the same as the "disconnected" error for existing users.
On the same laptop, new users account always fail to log in, while other existing user accounts can log in successfully.
Below are the client logs and device logs:
2025-01-03T15:08:10.753 OVPN:>LOG:1735913290,,C:\WINDOWS\system32\route.exe DELETE 10.201.0.0 MASK 255.255.0.0 10.201.63.1
2025-01-03T15:08:10.754 OVPN:>LOG:1735913290,,Route deletion via IPAPI succeeded [adaptive]
2025-01-03T15:08:10.754 OVPN:>LOG:1735913290,,C:\WINDOWS\system32\route.exe DELETE 10.88.0.0 MASK 255.255.0.0 10.201.63.1
2025-01-03T15:08:10.754 OVPN:>LOG:1735913290,,Route deletion via IPAPI succeeded [adaptive]
2025-01-03T15:08:10.755 OVPN:>LOG:1735913290,,C:\WINDOWS\system32\route.exe DELETE 10.80.0.0 MASK 255.255.0.0 10.201.63.1
2025-01-03T15:08:10.755 OVPN:>LOG:1735913290,,Route deletion via IPAPI succeeded [adaptive]
2025-01-03T15:08:10.755 OVPN:>LOG:1735913290,,C:\WINDOWS\system32\route.exe DELETE 10.10.0.0 MASK 255.255.0.0 10.201.63.1
2025-01-03T15:08:10.756 OVPN:>LOG:1735913290,,Route deletion via IPAPI succeeded [adaptive]
2025-01-03T15:08:10.756 OVPN:>LOG:1735913290,,C:\WINDOWS\system32\route.exe DELETE 172.16.0.0 MASK 255.240.0.0 10.201.63.1
2025-01-03T15:08:10.757 OVPN:>LOG:1735913290,,Route deletion via IPAPI succeeded [adaptive]
2025-01-03T15:08:10.757 OVPN:>LOG:1735913290,,Closing TUN/TAP interface
2025-01-03T15:08:21.957 Requesting client configuration from xxxxx:443
2025-01-03T15:08:23.719 VERSION file is 5.35, client version is 5.37
2025-01-03T15:08:24.216 LaunchOpenVPN: openvpn full command-line(first 8 chars): --verb 3, length: 73
2025-01-03T15:08:24.216 LaunchOpenVPN: vpn config full path(first 8 chars): C:\Users, length: 52
2025-01-03T15:08:24.742 OVPN:>HOLD:Waiting for hold release:0
2025-01-03T15:08:24.824 OVPN:>LOG:1735913304,D,MANAGEMENT: CMD ''
2025-01-03T15:08:24.825 OVPN:>LOG:1735913304,D,MANAGEMENT: CMD 'hold release'
2025-01-03T15:08:24.825 OVPN:SUCCESS: hold release succeeded
2025-01-03T15:08:24.825 OVPN:>PASSWORD:Need 'Auth' username/password
2025-01-03T15:08:24.906 OVPN:>LOG:1735913304,D,MANAGEMENT: CMD 'username "Auth" "xx.xx"'
2025-01-03T15:08:24.906 OVPN:SUCCESS: 'Auth' username entered, but not yet verified
2025-01-03T15:08:24.907 OVPN:>LOG:1735913304,D,MANAGEMENT: CMD 'password [...]'
2025-01-03T15:08:24.907 OVPN:SUCCESS: 'Auth' password entered, but not yet verified
2025-01-03T15:08:24.907 OVPN:>LOG:1735913304,I,TCP/UDP: Preserving recently used remote address: [AF_INET]xxx:443
2025-01-03T15:08:24.907 OVPN:>LOG:1735913304,,Socket Buffers: R=[65536->65536] S=[65536->65536]
2025-01-03T15:08:24.908 OVPN:>LOG:1735913304,I,Attempting to establish TCP connection with [AF_INET]xxx:443 [nonblock]
2025-01-03T15:08:24.909 OVPN:>LOG:1735913304,,MANAGEMENT: >STATE:1735913304,TCP_CONNECT,,,,,,
2025-01-03T15:08:24.909 OVPN:>STATE:1735913304,TCP_CONNECT,,,,,,
2025-01-03T15:08:25.907 OVPN:>LOG:1735913305,I,TCP connection established with [AF_INET]xxx:443
2025-01-03T15:08:25.908 OVPN:>LOG:1735913305,I,TCP_CLIENT link local: (not bound)
2025-01-03T15:08:25.909 OVPN:>LOG:1735913305,I,TCP_CLIENT link remote: [AF_INET]xxx:443
2025-01-03T15:08:25.909 OVPN:>LOG:1735913305,,MANAGEMENT: >STATE:1735913305,WAIT,,,,,,
2025-01-03T15:08:25.910 OVPN:>STATE:1735913305,WAIT,,,,,,
2025-01-03T15:08:26.141 OVPN:>LOG:1735913306,,MANAGEMENT: >STATE:1735913306,AUTH,,,,,,
2025-01-03T15:08:26.142 OVPN:>STATE:1735913306,AUTH,,,,,,
2025-01-03T15:08:26.144 OVPN:>LOG:1735913306,,TLS: Initial packet from [AF_INET]xxx:443, sid=91882db6 03afcbb9
2025-01-03T15:08:26.222 OVPN:>LOG:1735913306,,VERIFY OK: depth=1, O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN
2025-01-03T15:08:26.225 OVPN:>LOG:1735913306,,Validating certificate extended key usage
2025-01-03T15:08:26.227 OVPN:>LOG:1735913306,,++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-01-03T15:08:26.228 OVPN:>LOG:1735913306,,VERIFY EKU OK
2025-01-03T15:08:26.229 OVPN:>LOG:1735913306,,VERIFY X509NAME OK: O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN Server
2025-01-03T15:08:26.230 OVPN:>LOG:1735913306,,VERIFY OK: depth=0, O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN Server
2025-01-03T15:08:26.376 OVPN:>LOG:1735913306,,Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2025-01-03T15:08:26.377 OVPN:>LOG:1735913306,I,[Fireware SSLVPN Server] Peer Connection Initiated with [AF_INET]xxx:443
2025-01-03T15:08:27.470 OVPN:>LOG:1735913307,,MANAGEMENT: >STATE:1735913307,GET_CONFIG,,,,,,
2025-01-03T15:08:27.470 OVPN:>STATE:1735913307,GET_CONFIG,,,,,,
2025-01-03T15:08:27.471 OVPN:>LOG:1735913307,,SENT CONTROL [Fireware SSLVPN Server]: 'PUSH_REQUEST' (status=1)
2025-01-03T15:08:27.527 Connection Closed.
Device log:
2025-01-03 15:41:56 WGM300B admd Authentication of Firewall user [xxx@Firebox-DB] from xxx was accepted msg_id="1100-0004" Event
2025-01-03 15:41:56 WGM300B sslvpn Mobile VPN with SSL user xxx logged in. Virtual IP address is 0.0.0.0. Real IP address is xxx. msg_id="2500-0000" Debug
2025-01-03 15:41:59 WGM300B admd Authentication of Firewall user [xxx@Firebox-DB] from xxx was accepted msg_id="1100-0004" Event
2025-01-03 15:41:59 WGM300B sslvpn Mobile VPN with SSL user xxx logged in. Virtual IP address is 0.0.0.0. Real IP address is xxx. msg_id="2500-0000" Debug
2025-01-03 15:42:00 WGM300B admd Authentication of Firewall user [xxx@Firebox-DB] from xxx was accepted msg_id="1100-0004" Event
Comments
Hi @ecopeng
If the users are Firebox-DB users, are they getting locked out?
See: https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/authentication/config_firebox_account_lockout_c.html
I would suggest opening a support case for this issue. You can do so via the support center link at the top right of this page.
-James Carson
WatchGuard Customer Support