SSL issues after 12.10.4

MattPMattP
in Firebox - VPN Mobile User

Hi, Has anyone had issues connecting to SSL VPN after updating to 12.10.4? We updated one of our customer's Firewall and it triggered an SSL client update and after this the VPN client accepts the user and password starts the connection and then jumps back to the connection screen. I removed the SSL client and installed the previous version but cannot connect to any WatchGuard now running any version.

Comments

  • Bruce_BriggsBruce_Briggs

    The latest SSLVPN client works for me.

    The TAP driver requires Administrator privileges for installation.
    If it isn't installed, then the SSLVPN client will not connect.

    If it is installed, you should see TAP-Windows Adapter V9 in the Device Manager -> Network adapters list.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @MattP

    Like Bruce mentioned, problems with SSLVPN are usually related to the TAP adapter. Without seeing any logs, that's what I'd suspect.

    -Check your network devices for a TAP adapter (easiest way to do this is Win+R, type "ncpa.cpl" and click OK. Note any TAP adapters in your config.

    -Next. uninstall any SSLVPN clients you have on the system.

    -Reboot. Even if the system doesn't tell you it's needed.

    -Go back to network devices (ncpa.cpl) and see if your TAP adapters are gone. If they're not, something else may have installed one.

    (Often the TAP adapter will say somewhere in the details what installed it. Other SSLVPN clients. Browser VPN toolbars, Password Managers that come with VPN options, and other similar things will sometimes install them.)

    -Install the SSLVPN client. Check that you again have one TAP adapter. If so, try running it and connecting.

    If you get stuck, I'd suggest opening a support case. One of our reps can take a look at your logs and help. You can open a support case via the support center link at the top right of the page.

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Edit to the above, the client will notify on minor versions:

    -In Fireware v12.5.3 or higher, if the client automatically detects that an upgrade is available, but you do not have administrator privileges, a message opens that tells you to contact your system administrator for assistance. If a minor version update is available, you can select the Don't show this message again check box. This check box does not show if a major version update is available.

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_tshoot_c.html

    -James Carson
    WatchGuard Customer Support

  • JohnLJohnL

    Have seen multiple users with this issue at different clients. Normally removing and reinstalling the 12.10.4 SSL Client seems to fix the issue but it has been needed to be done sometimes after only a week or two. Both clients are using DUO for MFA. Even using the password,passcode is not working until the reinstall so it doesn't seem to be a response lag from DUO causing the issue.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @JohnL

    I'd suggest creating a case -- our team can help determine if RADIUS traffic is going out from the firewall and if a response is coming back.

    -James Carson
    WatchGuard Customer Support

  • JohnLJohnL

    Thanks for the quick response. I opened a case as but have to gather some logs if it stopped working again for any of the users.

Sign In to comment.