Pixel 7 Authenticates but immediately disconnects
User previously used a Pixel 2 as a hot spot and was able to connect with no issues to our SSL VPN from her laptop.
User has upgraded to a Pixel 7 and tried to use it as a hot spot unsuccessfully. I see she authenticates fine to our SSL VPN in the logs. But she gets immediately disconnected. Enabling/disabling Google's new free VPN in Google One has no effect on the ability to connect to our SSL VPN.
Running the latest version of Fireware. 12.9.2.B675817
Cell provider is AT&T. I have an AT&T cell plan as well with no problem connecting to the VPN from an iPhone 8.
Anyone have any ideas?
0
Sign In to comment.
Comments
What public IP does the user see, or what IP do you see in your logs?
I'm suspicious that it's an IPv6 address, which the SSLVPN doesn't support.
If your user isn't getting an IPv4 public address via the phone, they'll need to contact their carrier and find out how to also get an IPv4 address.
You can see a list of what is and is not supported for IPv6 here:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/ipv6_supported_features.html
*edit: grammar.
-James Carson
WatchGuard Customer Support
I see an IPv4 address for them during the authentication process. My iPhone 8 on the AT&T network logs on to the SSL VPN with an IPv4 address and stays connected no problem. I'm on it now. So I don't think it's an issue with the AT&T network.
Would think the Pixel would continue to use the IPv4 address it used to authenticate with. But I could see where authentication could be the first step and then the VPN tunnel is setup after that and perhaps changes to a IPv6 address. I know my laptop has an IPv6 address when I'm hot spotting off the iPhone.
I'll Google android options for VPN settings and see if anything shows up about using an IPv4 address for a VPN.
Anyone else have suggestions please let me know.
@PeteWashburn Depends quite a bit on the carrier and where you are in the world. (I was suspicious of IPV6 as the forums reported that you were accessing via IPv6.)
If you haven't done so already, I'd suggest opening a support case. You can do so via the support center link at the top right of this page.
That would allow our support reps to take a look at your logs, and help determine what might be going on.
If you'd prefer to go it yourself, I'd suggest taking a look at the logs on the client PC. You can see them by right clicking on the SSLVPN tray icon in the windows system tray, and going to view logs. (If you want to attach those to a case, you can select the logs via dragging over them and using CTRL+C to copy them to your clipboard, and paste them into the case or save them to a file.)
-James Carson
WatchGuard Customer Support
So.......
This ended up not being an issue with the Pixel 7.
Turns out the SSL VPN client on the user's laptop wasn't the latest version. The user was on 12.7.0. Removing that version and downloading the latest version from the Firebox solved the issue.
I had thought that the client would be automatically updated when newer versions were available. Guessing the option to update wasn't mandatory and this user hadn't selected to update.
Didn't see anything either in the Firebox logs or the client logs to suggest there was an issue.
Thanks to all that offered assistance.
Pete
Hi @PeteWashburn The SSLVPN only prompts to upgrade if there is a new version available on the firewall it's connecting to for the first time -and- the user must have administrative privilege's. If the upgrade prompt is clicked off, or if they don't have admin on that machine, it will stay silent.
-James Carson
WatchGuard Customer Support
Well, that would explain it!! I obviously would see the update as an administrator along with a couple of other users on their personal computers. I can imagine that this user wasn't an administrator on their personal laptop.
Note to self: When you see an update to the SSL VPN client, reach out to users with update instructions.
Thanks James
Pete