Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SSL VPN - Connection Issues

kab343kab343 Newbie ✭

Hi there, we are having trouble with both Netextender and Mobile Connect, they connect to our SSL VPN once, then subsequent attempts to re-connect (after disconnecting) fail. Netextender with the error Verifying user…authentication failed! and Mobile Connect with the error Failed to fetch the domain list from server. It doesn't seem to have any real repeatable behavior and because it connects and operates fine once, it seems like some sort of timeout/refresh issue in the Sonicwall rather than a configuration issue?

We are using a TZ300 router on FW 6.5.4.5-53n.

Due to the Covid crisis we have been trying to connect users to our network from their home PC's which aren't joined to our domain. I'm thinking that possibly changing User Authentication Method from LDAP + Local Users to Local Users only may help? Any other ideas to make it a little more reliable, please?

Category: SSL VPN
Reply

Answers

  • KaranMKaranM Moderator
    edited March 20

    Hello @kab343,

    Can you please help me with the below:

    • Are you facing this issue on the current firmware version (6.5.4.5-53n.) only or this was there on the previous firmware as well?
    • Are you using VLAN with the parent WAN interface(example X1) and what is the parent WAN interface configured as(does it show any IP or says 0.0.0.0 )?
    • Can you please check what error you see in the logs (Firewall Logs) when the issue occurs?

    Thanks

    Knowledge Management Senior Analyst at SonicWall.

  • kab343kab343 Newbie ✭
    edited March 20
    • Are you facing this issue on the current firmware version (6.5.4.5-53n.) only or this was there on the previous firmware as well?

    The previous version of firmware was 6.5.4.4-44n. We did not seem to have the same issues connecting to the the VPN. But I from what I understand we can't 'rollback' to older firmware.


    • Are you using VLAN with the parent WAN interface(example X1) and what is the parent WAN interface configured as(does it show any IP or says 0.0.0.0 )?

    We are using VLAN on the WAN interface (X3). X3 WAN is 0.0.0.0, the X3:V10 interface has an IP address. We also have WAN on X1, that has an IP address also.


    • Can you please check what error you see in the logs (Firewall Logs) when the issue occurs?

    I logged out of a successful Netextender VPN session at 10:57:42, then tried to login again. All logins failed until I reset my NIC, then it successfully connected at 11:05:20. I've attached two screenshots of the logs. I can send full logs to you privately if required.


  • kab343kab343 Newbie ✭

    Hi @KaranM, and ideas on what else I could try? I have a support case logged with Sonicwall also, Case 43357852.

  • KaranMKaranM Moderator

    Hello @kab343,

    Hope you had an awesome Weekend!

    Thanks for providing the information, I am glad that you were able to get in contact with the support team and they will be more than happy to assist you. Having said that I would request you to try the following and test

    • Please exoprt a backup of your settings before making any changes and save it on your local device.
    • Can you please try configuring X3 as WAN and with a dummy IP scheme that is not conflicting with any other IP/Network.
    • Example 1.1.1.1

    Thanks

    Knowledge Management Senior Analyst at SonicWall.

  • VogelArchitektenVogelArchitekten Newbie ✭
    edited April 29

    Dear all

    I have the exact same problem with the exact same error message. Even the firmware is absolutely identical. Could you maybe indicate what support told you to do and how you fixed the issue?

    Thank you and best regards.

  • SaravananSaravanan Moderator

    Hi @VOGELARCHITEKTEN,

    Hope you are safe and well.

    Could you please help me with answers to below questions in-order to understand the issue behavior?

    1. Is this issue started to happen post firmware upgrade on SonicWall to 6.5.4.5 version?
    2. Were there any changes made onto the SonicWall configuration or in the network prior to the issue appearance?
    3. Is this issue observed with every SSLVPN user from various locations?
    4. Are you using LDAP or SonicWall's local user database for SSLVPN user authentication?

    Also, please help me with below debug files to narrow down the issue.

    1. Export the logs from the SonicWall GUI after reproducing the issue once.
    2. Provide the screenshots of the error displayed on the Netextender or Mobile Connect application.

    To download the firewall logs,

    Navigate to Investigate | Logs | Event Logs, set the Show field to "All Entries" and click txt or csv button located next to Log Events Since drop down menu.  

    Regards,

    Saravanan V

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • Dear Saravanan

    Thank you for your help. Regarding your questions, let me answer them below:

    1. Yes, the issue started after upgrading from 6.5.1.1-42n to SonicOS Enhanced 6.5.4.5-53n.
    2. No.
    3. Yes. The issue is observed with every user from various locations.
    4. We are using LDAP to our internal Domain Controller.

    You do have the screenshot above from user kab343. It's the same issue.

  • kab343kab343 Newbie ✭

    Hi @VogelArchitekten,

    The only thing that fixed it for me was downgrading to 6.5.4.4-44n.

    I spent a while with support trying to fix it, but nothing they tried worked. The last I heard they suspected a bug in the code, but I've never heard if it got resolved.

    I'll warn you that it was not easy to downgrade at all, but since then we have had no issues connecting to the VPN.

  • SaravananSaravanan Moderator

    Hello VOGELARCHITEKTEN,

    Thank you so much for your answers.

    I took sometime to research on this matter and came to know that, the issue is specific to firmware version 6.5.4.5 in which a bug is already filed with our Engineering team where patched firmware's are available for different SonicWall models to address the issue.

    There is also a probable workaround for this scenario.

    Please ensure to take SonicWall configuration / settings backup and try this out. Please follow instructions from below web-link to save a copy of the SonicWall configuration.

    Workaround:

    Assign a dummy IP address on the X1 WAN interface if its left unassigned. The authentication should start working.

    If you are looking for the patched firmware for your SonicWall model, then please file a support case with our technical support team and contact for assistance on the same.

    Please feel free to let me know if any questions or clarification.

    Regards

    Saravanan V

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • VogelArchitektenVogelArchitekten Newbie ✭

    Dear Saravanan, dear kab343

    Thank you for your feedback.

    I suspect that I know what the issue is and Saravanan you seem to be correct with the dummy IP address on the X1 interface. Although I'm a bit worried to change the parent interface from unassigned to static because there are several virtual interfaces connected to this parent interface - including the local LAN zone. I worry that I will shut down access to the admin-portal by changing this.

    So the simpler solution would be to install the patched firmware and check if it's fixed. The device is under support so that shouldn't be a problem.

    Thank you again for your support guys and have a good day.

  • SaravananSaravanan Moderator

    Hello @VOGELARCHITEKTEN,

    You are Most Welcome.

    I'm glad to hear that you are all set after applying the firmware patch. Good that you could get the firmware patch from our Support Team.

    Thank you for Choosing SonicWall Communities.

    Have a good one!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • VogelArchitektenVogelArchitekten Newbie ✭
    edited May 6

    Hi Saravanan

    I'd like to add a correction: Support would not send me the patch. But the helped me sorting the issue:

    By setting a dummy IP to the parent interface SSL VPN connections started to work again! So you were right. Also by changing the parent interface no settings regarding the virtual interface were affected.

    For anyone finding this issue: The parent interface needs to have a static IP set and can not be in "unassigned" mode. Please find further informations in attached screenshot.

    Thanks again everyone and best regards.


  • SaravananSaravanan Moderator

    Hi @VOGELARCHITEKTEN,

    Thanks for correcting my previous comment and for the feedback in detail.

    This post will definitely give some insights to people experiencing similar issues.

    Stay Safe. Thanks again and have a good one!!!

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • shiprasahu93shiprasahu93 Moderator

    This was an interesting read. I wasn't sure that the interface has to absolutely be assigned even if it's a dummy address.

    Thanks @VogelArchitekten

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • NevyadithaNevyaditha Moderator

    Thanks @VogelArchitekten for the intresting information!!

    Nevyaditha P

    Technical Support Advisor, Premier Services

Sign In or Register to comment.