Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 2695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot connect over SSL VPN when remote (not connected to local WLAN); cannot connect to admin portal (https://xxxxx:4444) from remote

Shteki

Hello,

We received a new XG 135w in the office and are now trying to make the SSL VPN function. I tried it localy (I'm connected to the WLAN from the office, on which the FW is also connected) and it works (I can login). But when I try to do it outside of the office (from home), it won't work.

Here is the log file (192.168.10.8 is the WAN/port on the router:

Wed Jul 29 15:21:11 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Wed Jul 29 15:21:11 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Wed Jul 29 15:21:11 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Jul 29 15:21:11 2020 Need hold release from management interface, waiting...
Wed Jul 29 15:21:12 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'state on'
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'log all on'
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'hold off'
Wed Jul 29 15:21:12 2020 MANAGEMENT: CMD 'hold release'
Wed Jul 29 15:21:23 2020 MANAGEMENT: CMD 'username "Auth" "xxxxx"'
Wed Jul 29 15:21:23 2020 MANAGEMENT: CMD 'password [...]'
Wed Jul 29 15:21:23 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 15:21:23 2020 Attempting to establish TCP connection with [AF_INET]192.168.10.8:8443 [nonblock]
Wed Jul 29 15:21:23 2020 MANAGEMENT: >STATE:1596028883,TCP_CONNECT,,,,,,
Wed Jul 29 15:21:24 2020 TCP connection established with [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:24 2020 TCPv4_CLIENT link local: [undef]
Wed Jul 29 15:21:24 2020 TCPv4_CLIENT link remote: [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:24 2020 MANAGEMENT: >STATE:1596028884,WAIT,,,,,,
Wed Jul 29 15:21:24 2020 Connection reset, restarting [-1]
Wed Jul 29 15:21:24 2020 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jul 29 15:21:24 2020 MANAGEMENT: >STATE:1596028884,RECONNECTING,connection-reset,,,,,
Wed Jul 29 15:21:24 2020 Restart pause, 5 second(s)
Wed Jul 29 15:21:29 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 15:21:29 2020 Attempting to establish TCP connection with [AF_INET]192.168.10.8:8443 [nonblock]
Wed Jul 29 15:21:29 2020 MANAGEMENT: >STATE:1596028889,TCP_CONNECT,,,,,,
Wed Jul 29 15:21:30 2020 TCP connection established with [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:30 2020 TCPv4_CLIENT link local: [undef]
Wed Jul 29 15:21:30 2020 TCPv4_CLIENT link remote: [AF_INET]192.168.10.8:8443
Wed Jul 29 15:21:30 2020 MANAGEMENT: >STATE:1596028890,WAIT,,,,,,
Wed Jul 29 15:21:30 2020 Connection reset, restarting [-1]
Wed Jul 29 15:21:30 2020 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jul 29 15:21:30 2020 MANAGEMENT: >STATE:1596028890,RECONNECTING,connection-reset,,,,,
Wed Jul 29 15:21:30 2020 Restart pause, 5 second(s)
Wed Jul 29 15:21:32 2020 SIGTERM[hard,init_instance] received, process exiting
Wed Jul 29 15:21:32 2020 MANAGEMENT: >STATE:1596028892,EXITING,init_instance,,,,,

 

Also, I cannot access the admin portal over the DDNS, when remote. I can access the user portal via https://xxxx.myfirewall.co but  https://xxxx.myfirewall.co:4444 doesn't work. When local (inside the WLAN), it works fine.

The ports 443 and 4444 are forwarded on the router (Speedport Plus).

The firewall rules are LAN_2_WAN - all, VPN_2_LAN -all, LAN_2_VPN - all. 



This thread was automatically locked due to age.
  • 0 in reply to Vishal_R

    Hi Vishal_R,

     

    after a couple of days of the system working, I went to our remote branch and tried to connect myself to the server, but it won't again.

    Here is the part from the log. I haven't changed anything. What could be he problem now?

     

    Mon Aug 03 08:41:00 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
    Mon Aug 03 08:41:00 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Enter Management Password:
    Mon Aug 03 08:41:00 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
    Mon Aug 03 08:41:00 2020 Need hold release from management interface, waiting...
    Mon Aug 03 08:41:00 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
    Mon Aug 03 08:41:00 2020 MANAGEMENT: CMD 'state on'
    Mon Aug 03 08:41:00 2020 MANAGEMENT: CMD 'log all on'
    Mon Aug 03 08:41:00 2020 MANAGEMENT: CMD 'hold off'
    Mon Aug 03 08:41:00 2020 MANAGEMENT: CMD 'hold release'
    Mon Aug 03 08:41:17 2020 MANAGEMENT: CMD 'username "Auth" "xxxxx"'
    Mon Aug 03 08:41:17 2020 MANAGEMENT: CMD 'password [...]'
    Mon Aug 03 08:41:17 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Mon Aug 03 08:41:17 2020 Attempting to establish TCP connection with [AF_INET]192.168.10.8:8443 [nonblock]
    Mon Aug 03 08:41:17 2020 MANAGEMENT: >STATE:1596436877,TCP_CONNECT,,,,,,
    Mon Aug 03 08:41:27 2020 TCP: connect to [AF_INET]192.168.10.8:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Mon Aug 03 08:41:32 2020 MANAGEMENT: >STATE:1596436892,TCP_CONNECT,,,,,,
    Mon Aug 03 08:41:34 2020 SIGTERM[hard,init_instance] received, process exiting
    Mon Aug 03 08:41:34 2020 MANAGEMENT: >STATE:1596436894,EXITING,init_instance,,,,,

  • 0 in reply to Shteki

    Hi  

    Have you re downloaded the config file after last changes to have latest settings or conf file settings while trying to connect SSL VPN? 

    I can see the connection request is still coming on IP 192.168.10.8:8443 which you have set previously in your Override hostname settings of SSL VPN.

    if you have already tried with re downloading config file and issue still there then would suggest you to raise a support case to have further investigation.