SSLVPN 12.11.4 Internet connection issues
I updated about 20 clients to the new version and I am getting complaints that once they connect their Internet no longer works. Our VPN is setup to only route certain networks so their Internet goes out their network. The fix is to disconnect then reconnect. Not too big a deal but was wondering if others were seeing that same behavior?
0
Sign In to comment.
Comments
Hi @kcarpenter
We've run into a few customers who have experienced Windows changing the route metric on their TAP driver interface.
When the issue happens, open Windows PowerShell and run the following command:
Get-NetIPInterface | sort-object -Property "InterfaceMetric"
(The | is a pipe; it is on the same keyboard key as your backslash.)
-Note your interface metrics. If your TAP-Windows Adapter is lower than your normal NIC, Windows may have auto-assigned the TAP adapter as a lower metric.
If this is the case:
-Open the Start menu and type NCPA.CPL. This will open the network connections panel from the control panel.
-Locate the network adapter for TAP-Windows Adapter V9, and right-click it. Go to properties.
-Highlight "Internet Protocol Version 4 (TCP/IPv4) and click properties.
-Click the advanced button on the lower right of the window that pops up.
-In the IP Settings tab, uncheck "Automatic Metric" and set the metric to something higher than what your normal network adapter(s) are. Mine is currently set to 4226, for example.
Click OK, OK, OK to return to the control panel (the change will not be committed until you close all of those windows).
Does this correct the problem?
-James Carson
WatchGuard Customer Support
Same problem here since version 12.11.4 (Build 722607)
Yes same issues here.
I have several clients, which experience similiar issue, after upgrading to 12.11.4 - but at a very random basis.. The Metric is not set to Automatic.. Sometimes it is working fine, and sometimes it is failing when I log off and on seven times in row... Seems like downgrading to 12.11.3 is working
Yep, same issue hear after 12.11.4, also on random basis. Does it not every time, but if it happens it works again mostly after disconnect and reconnect again.
We cannot downgrade to 12.11.3 because of the WebView2 Problem.
same here !
Same here. Waiting for a fixed version.
Same problem here. Some client can connect and have internet with metric configurations like 10 for ethernet and 11 for wifi. Other clients only manage to connect and have internet after downgrading to v12.11.3. This was tested on a fresh windows 11 installation and also on some older windows 11. Waiting for a final solution from watchguard.
WatchGuard is working on getting a collection of SSLVPN related bugs into a build that will be available shortly. Please stay tuned for an update.
Mark Boscolo
WatchGuard Support Manager.
@mboscolo
Is there already a known issue for this problem?
When can we expect a stable version of the SSL-VPN client?
We have exactly the same problem since the new SSLVPN 12.11.4 client. It occurs completely sporadically and without us being able to identify any connection, affecting various clients. The issue can be temporarily resolved by reconnecting, but then it reappears after a few hours, days, or even a week. Support from WatchGuard is very inconsistent, and you often get the impression that they are just stalling us and randomly requesting things like restarting the firewall, etc.
There is even a Knowledge Base article about this issue at: https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000E96fKAC&lang=en_US.
The above article title:
. When split tunnel VPN is configured, Mobile VPN with SSL Client v12.11.4 users cannot get access to Internet
Other SSLVPN V12.4 Known Issues:
. After upgrade to Mobile VPN with SSL v12.10.4, authentication to a Firebox from Windows fails
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr0000004fPZKAY&lang=en_US
. Firebox uses Mobile VPN with SSL tun0 IP address instead of Trusted to connect to AuthPoint Gateway
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3SbSAI&lang=en_US
. Mobile VPN with SSL connection fails for client accounts with Roaming User Profiles
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3U6SAI&lang=en_US
. Mobile VPN with SSL user does not get IP address
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g6CTSAY&lang=en_US
. SAML login to SSL VPN fails if Carrier-Grade NAT uses multiple public IPs
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000DLLBKA4&lang=en_US
. Mobile VPN with SSL incorrectly sends an OTP prompt as a password when it authenticates users with AuthPoint
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA16S000000gDS0SAM&lang=en_US
. Mobile VPN with SSL client unexpectedly uses Windows LAN interface defined DNS servers over DNS servers defined by the VPN
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3csSAA&lang=en_US
. SSL VPN connections fail after the client requests the configuration from the Firebox
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000BxeHKAS&lang=en_US
. Non-HTTPS traffic over port 443 denied by cloud-managed Firebox
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA16S000000Bc3kSAC&lang=en_US
Plus some Mac specific ones.