Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot connect over SSL VPN when remote (not connected to local WLAN); cannot connect to admin portal (https://xxxxx:4444) from remote

Shteki

Hello,

We received a new XG 135w in the office and are now trying to make the SSL VPN function. I tried it localy (I'm connected to the WLAN from the office, on which the FW is also connected) and it works (I can login). But when I try to do it outside of the office (from home), it won't work.

Here is the log file (192.168.10.8 is the WAN/port on the router:

Wed Jul 29 15:21:11 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Wed Jul 29 15:21:11 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Wed Jul 29 15:21:11 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Jul 29 15:21:11 2020 Need hold release from management interface, waiting...
Wed Jul 29 15:21:12 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'state on'
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'log all on'
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'hold off'
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'hold release'
Wed Jul 29 15:21:23 2020 MANAGEMENT: CMD 'username "Auth" "xxxxx"'
Wed Jul 29 15:21:23 2020 MANAGEMENT: CMD 'password [...]'
Wed Jul 29 15:21:23 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 15:21:23 2020 Attempting to establish TCP connection with [AF_INET]192.168.10.8:8443 [nonblock]
Wed Jul 29 15:21:23 2020 MANAGEMENT: >STATE:1596028883,TCP_CONNECT,,,,,,
Wed Jul 29 15:21:24 2020 TCP connection established with [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:24 2020 TCPv4_CLIENT link local: [undef]
Wed Jul 29 15:21:24 2020 TCPv4_CLIENT link remote: [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:24 2020 MANAGEMENT: >STATE:1596028884,WAIT,,,,,,
Wed Jul 29 15:21:24 2020 Connection reset, restarting [-1]
Wed Jul 29 15:21:24 2020 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jul 29 15:21:24 2020 MANAGEMENT: >STATE:1596028884,RECONNECTING,connection-reset,,,,,
Wed Jul 29 15:21:24 2020 Restart pause, 5 second(s)
Wed Jul 29 15:21:29 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 15:21:29 2020 Attempting to establish TCP connection with [AF_INET]192.168.10.8:8443 [nonblock]
Wed Jul 29 15:21:29 2020 MANAGEMENT: >STATE:1596028889,TCP_CONNECT,,,,,,
Wed Jul 29 15:21:30 2020 TCP connection established with [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:30 2020 TCPv4_CLIENT link local: [undef]
Wed Jul 29 15:21:30 2020 TCPv4_CLIENT link remote: [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:30 2020 MANAGEMENT: >STATE:1596028890,WAIT,,,,,,
Wed Jul 29 15:21:30 2020 Connection reset, restarting [-1]
Wed Jul 29 15:21:30 2020 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jul 29 15:21:30 2020 MANAGEMENT: >STATE:1596028890,RECONNECTING,connection-reset,,,,,
Wed Jul 29 15:21:30 2020 Restart pause, 5 second(s)
Wed Jul 29 15:21:32 2020 SIGTERM[hard,init_instance] received, process exiting
Wed Jul 29 15:21:32 2020 MANAGEMENT: >STATE:1596028892,EXITING,init_instance,,,,,

 

Also, I cannot access the admin portal over the DDNS, when remote. I can access the user portal via https://xxxx.myfirewall.co but  https://xxxx.myfirewall.co:4444 doesn't work. When local (inside the WLAN), it works fine.

The ports 443 and 4444 are forwarded on the router (Speedport Plus).

The firewall rules are LAN_2_WAN - all, VPN_2_LAN -all, LAN_2_VPN - all. 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Vishal_R

    Hi Vishal_R,

    The IP Address of my phone (over 4G) was 10.114.240.XXX. I then opened the console on the 135w and entered the code under and simoultaneously tried the https://xyz.myfirewall.co:4444 in Google Chrome on the phone. I received the following code from the console for both commands.

    tcpdump 'host 10.114.240.xxx                                           
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode      
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt
    es                                                                              

    drop 'host 10.114.240.xxx         - no results here       
  • 0 in reply to Shteki

    Hi  

    The above indicates packets not reached to XG from your upstream WAN or from ISP cloud.

    Now from the same Mobile access user portal which is working from outside and confirm tcpdump on XG, you should get the tcpdump.

  • 0 in reply to Vishal_R

    Hi Vishal_R,

    I tried it with the user portla, which is working, but I'm receiving the same output for both the commands... Am I doing somethign wrong?

  • 0 in reply to Shteki

    Hi  

    Please try to confirm TCPDUMP on admin portal port 4444 and user portal port 443. Save this output in notepad with auto save settings in putty- so if more packets are coming / more request are coming, you may review your end machine public IP request later on by opening it in notepad or via notepad++.

    console> tcpdump 'port 4444

    console>drop 'port 4444

  • 0 in reply to Vishal_R

    Hi Vishal_R,

    here are two screenshots from a part of the listing of the commands:

    For tcpdump 'port 443

     

    for tcpdump 'port 4444

     

    drop 'port 4444 and 443 were empty, no feedback.