SSL VPN disconnects for some remote users
I have a firebox T55w running version 12.8 firmware. I have to reboot my firewall occasionally when some SSL VPN users are randomly being disconnected. I was wondering if it could be related to the MTU setting. I have it set on the firewall to be 1500 but i notice in the client logs it shows connecting at 1624 as seen below.
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: timers and/or timeouts modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: --ifconfig/up options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: route options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: route-related options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: peer-id set
2023-03-02T14:38:27.224 OVPN:>LOG:1677785903,,OPTIONS IMPORT: adjusting link_mtu to 1624
Part of log file when client is reconnecting below......
2023-03-02T07:38:18.856 OVPN:>LOG:1677760698,I,[Fireware SSLVPN Server] Inactivity timeout (--ping-restart), restarting
2023-03-02T07:38:18.856 OVPN:>LOG:1677760698,I,SIGUSR1[soft,ping-restart] received, process restarting
2023-03-02T07:38:18.857 OVPN:>LOG:1677760698,,MANAGEMENT: >STATE:1677760698,RECONNECTING,ping-restart,,,,,
2023-03-02T07:38:18.857 Stop repeated reconnecting due to TDR check failure or other abnormal situation
Any ideas would be appreciated....
Comments
Hi @GARYMN
If the MTU were set to high, it would likely just cause tunnel traffic to fragment.
The log here suggests that TDR license enforcement is on -- if the client isn't able to check for that, and it is enabled, that may be the issue:
2023-03-02T07:38:18.857 Stop repeated reconnecting due to TDR check failure or other abnormal situation
If you're unsure, I'd suggest opening a support case so one of our team can assist.
-James Carson
WatchGuard Customer Support
Hi.. Thanks for the info... I have updated our firmware to latest 12.9.2 and disconnections seem to be not happening so far. We have basic security not total security so my understanding is TDR is part of Endpoint security which we do not have so not sure why we are getting this message sometimes... Monitoring VPN connections to see if problem is fixed