Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

NetExtender on Linux - connection establishes, but no traffic comes in.

thomasuebelthomasuebel Newbie ✭
edited August 20 in SSL VPN

Hey everyone,

I'm looking for support with the Linux Client of NetExtender.

For our Linux clients the connection with Nx is established successfully, but then data is sent, but none is received. I've checked the list of interfaces and the ppp0 created by Nx comes back as "UNKNOWN". Is this normal behaviour?

FYI: the output was:

  • 11: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 3
  • link/ppp
  • inet 10.46.10.26 peer 192.0.2.1/32 scope global ppp0
  • valid_lft forever preferred_lft forever

Just before establishing the connection, syslog shows:

Aug 20 09:26:36 it-nb4863 NetworkManager[1222]: <info> [1629444396.4903] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManager/Devices/14)

Aug 20 09:26:36 it-nb4863 pppd[24105]: Connect: ppp0 <--> /dev/pts/1

Aug 20 09:26:36 it-nb4863 systemd-udevd[24106]: ethtool: autonegotiation is unset or enabled, the speed and duplex are not writable.

Aug 20 09:26:36 it-nb4863 pppd[24105]: local IP address 10.46.10.27

Aug 20 09:26:36 it-nb4863 pppd[24105]: remote IP address 192.0.2.1

Aug 20 09:26:36 it-nb4863 NetworkManager[1222]: <info> [1629444396.6455] device (ppp0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')

Aug 20 09:26:36 it-nb4863 NetworkManager[1222]: <info> [1629444396.6464] device (ppp0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'external')

Aug 20 09:26:37 it-nb4863 systemd[2498]: tracker-extract.service: Succeeded.

Aug 20 09:26:37 it-nb4863 sonicwall-netextender.desktop[18616]: Client IP Address: 10.46.10.27


Our windows clients seem not to have this issue, so I'm wondering if it's some configuration that we're missing either on our Linux side for the clients or within the VPN?

Category: SSL VPN
Reply
Tagged:

Answers

  • thomasuebelthomasuebel Newbie ✭

    When Nx starts wrting the routes this looks somewhat peculiar: (Writing route: 217.110.247.28/<NULL>)

    08/20/2021 11:01:06.410 [routing debug  51994] write_sslvpn_route:Writing route: 217.110.247.28/<NULL>, gw 192.168.1.1, if wlo1, type HOST, isNx false

    08/20/2021 11:01:06.411 [routing debug  51994] write_sslvpn_route:Route setup: /sbin/ip route add 217.110.247.28 via 192.168.1.1 dev wlo1

    08/20/2021 11:01:06.413 [routing debug  51994] write_sslvpn_route:Route cleanup: /sbin/ip route del 217.110.247.28 via 192.168.1.1 dev wlo1

    08/20/2021 11:01:06.414 [routing debug  51994] write_sslvpn_route:Writing route: 192.168.1.1/<NULL>, gw <NULL>, if wlo1, type HOST, isNx false

    08/20/2021 11:01:06.415 [routing debug  51994] write_sslvpn_route:Route setup: /sbin/ip route add 192.168.1.1 dev wlo1

    08/20/2021 11:01:06.417 [routing debug  51994] write_sslvpn_route:Route cleanup: /sbin/ip route del 192.168.1.1 dev wlo1

  • ArkwrightArkwright Newbie ✭
    edited August 20

    What routes do you actually end up with on the client after connecting?

    Perhaps /<NULL> is just a slightly odd way of logging that it's a /32?


    10.2.817 is working fine for me, BTW.

  • thomasuebelthomasuebel Newbie ✭

    Thanks for your response Arkwright!

    I've checked after connecting with Nx, this is what I get:

    [email protected]:~/Downloads/netExtenderClient$ ip route

    default via 10.46.10.11 dev ppp0

    default via 192.168.1.1 dev wlo1 proto dhcp metric 600

    3.120.0.0/14 via 10.46.10.11 dev ppp0

    10.40.4.2 via 10.46.10.11 dev ppp0

    10.41.0.0/16 via 10.46.10.11 dev ppp0

    10.42.0.0/16 via 10.46.10.11 dev ppp0

    10.43.0.0/16 via 10.46.10.11 dev ppp0

    10.44.0.0/16 via 10.46.10.11 dev ppp0

    10.60.0.0/16 via 10.46.10.11 dev ppp0

    10.60.160.31 via 10.46.10.11 dev ppp0

    10.65.0.0/16 via 10.46.10.11 dev ppp0

    10.66.0.0/16 via 10.46.10.11 dev ppp0

    10.177.0.0/16 via 10.46.10.11 dev ppp0

    10.210.0.0/16 via 10.46.10.11 dev ppp0

    13.74.145.179 via 10.46.10.11 dev ppp0

    18.184.230.238 via 10.46.10.11 dev ppp0

    18.195.207.165 via 10.46.10.11 dev ppp0

    18.196.98.61 via 10.46.10.11 dev ppp0

    23.102.36.216 via 10.46.10.11 dev ppp0

    40.112.94.8 via 10.46.10.11 dev ppp0

    52.28.144.127 via 10.46.10.11 dev ppp0

    52.28.173.255 via 10.46.10.11 dev ppp0

    52.29.0.0/16 via 10.46.10.11 dev ppp0

    52.178.183.23 via 10.46.10.11 dev ppp0

    52.236.39.189 via 10.46.10.11 dev ppp0

    54.93.144.191 via 10.46.10.11 dev ppp0

    128.0.0.0/1 via 10.46.10.11 dev ppp0

    138.91.49.184 via 10.46.10.11 dev ppp0

    168.61.81.151 via 10.46.10.11 dev ppp0

    169.254.0.0/16 via 10.46.10.11 dev ppp0

    169.254.0.0/16 dev br-565c9987257e scope link metric 1000 linkdown

    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

    172.18.0.0/16 dev br-565c9987257e proto kernel scope link src 172.18.0.1 linkdown

    192.0.2.1 dev ppp0 proto kernel scope link src 10.46.10.11

    192.168.1.0/24 via 10.46.10.11 dev ppp0

    192.168.1.0/24 dev wlo1 proto kernel scope link src 192.168.1.145 metric 600

    192.168.1.1 dev wlo1 scope link

    217.110.247.28 via 192.168.1.1 dev wlo1

    [email protected]:~/Downloads/netExtenderClient$ ip route show dev wlo1

    default via 192.168.1.1 proto dhcp metric 600

    192.168.1.0/24 proto kernel scope link src 192.168.1.145 metric 600

    192.168.1.1 scope link

    217.110.247.28 via 192.168.1.1


    After disconnecting Nx it gets reset to:


    [email protected]:~/Downloads/netExtenderClient$ ip route show dev wlo1

    default via 192.168.1.1 proto dhcp metric 600

    192.168.1.0/24 proto kernel scope link src 192.168.1.145 metric 600

    [email protected]:~/Downloads/netExtenderClient$ ip route

    default via 192.168.1.1 dev wlo1 proto dhcp metric 600

    169.254.0.0/16 dev br-565c9987257e scope link metric 1000 linkdown

    172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

    172.18.0.0/16 dev br-565c9987257e proto kernel scope link src 172.18.0.1 linkdown

    192.168.1.0/24 dev wlo1 proto kernel scope link src 192.168.1.145 metric 600

  • prestonpreston Enthusiast ✭✭

    @thomasuebel , what firmware are you running on the firewall? if is a Gen 6 appliance is it on 6.5.4.8-89n ?

    if so make sure the below is enabled in the SSL VPN Server settings


  • ArkwrightArkwright Newbie ✭

    OK, your problem clearly isn't due to a lack of routes then.

    The /<NULL> routes are a red herring too as they've worked fine [I assume they're "failsafe" routes so the client can still reach it's default gateway and the firewall it's connected to, after installing all the other routes sent as part of the VPN connection].

  • thomasuebelthomasuebel Newbie ✭

    I'm not quite sure. When Nx is connected, no PING or Traceroute will work. It's not a DNS issue either, because it also desn't work for IP addresses. I assume "default via 10.46.10.11 dev ppp0" is a tunnel-all via the ppp0 device that Nx creates. So neither VPN IP Addresses nor any outside IP Addresses are reachable. :/

Sign In or Register to comment.