Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 3664 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG SSL not working as expected

Mathias Mühlbacher
Hello everyone,

I have migrated to the newest version of XG -> SFOS 17.1.1 MR-1

Unfortunately the SSL VPN is not working as expected.

1) At the remote user screen it shows me user twice, three, four times with different IP addresses while there is only one existing connection.
2) I can ping/connect only for a couple of minutes from my local network to the VPN clients.
E.g.: Ping to a remote machine is not working (time out) while vice versa I can ping from the remote machine to my computer which is inside my LAN.

Another example: SSH connection from my computer to a remote server works if the OpenVPN connection was established. After some minutes my connection gets lost without any further information. Ping which worked in the beginning is now also no longer possible.
Pinging from the remote server to my computer works without any problems.

Any suggestions why the SSL VPN is having such issues?

Kind regards,
mathias
 


This thread was automatically locked due to age.
  • 0

    Hey  

    • Did this issue occur on your previous firmware?
    • Are all of your SSL VPN users affected?
    • Have you already attempted re-installing the SSL VPN configuration from the User Portal, to see if this resolves the issue?
    • Did you have Idle Timeout configured for your SSL VPN configuration?

    Regards,

  • 0 in reply to FloSupport

    Good morning Flo,

     

    Did this issue occur on your previous firmware?

    No, this issues did not occured on the previous version - I was able to connect from LAN to VPN devices.

     

    Are all of your SSL VPN users affected?

    Yes.

     

    Have you already attempted re-installing the SSL VPN configuration from the User Portal, to see if this resolves the issue?

    I am using both: One device is using the old SSL VPN config file while the newest VPN member is using the newest SSL VPN configuration.

    Both are having issues.

     

    Did you have Idle Timeout configured for your SSL VPN configuration?

    No, I have not set an idle time out for SSL VPN.

     

    Kind regards,

    Mathias

  • 0 in reply to Mathias Mühlbacher

    Hey Mathias,

    On the CLI of the XG, if you perform an ifconfig, are you able to observe any dropped or packet errors for your Tun0 interface?

    If there are dropped packets, this could indicate a possible MTU MSS issue. Check out #4 on this troubleshooting guide for info regarding this.

    Regards,