Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Netextender, can't connect

Ruben_CardenalRuben_Cardenal Newbie ✭
edited June 15 in VPN Client

Hello,

We recently acquired a TZ 570 firewall for our corporate offices (100-150 users).

Now I'm trying to setup a VPN connection between the FW and our AWS environment in order to monitor several resources. Since I kind of don't like diving into a IPSec VPN, I'm trying to use the NetExtender option, since it seems fairly simple to use. Or so I thought...

Well, I configured it as per the documentation at

and

but it's not working. There are several things here:

a) When I attempt to connect NetExtender, either from a Linux device or a Windows device (for the sake of checking in both worlds, just in case), I'm automatically logged out from the admin session at the firewall I have in the browser. This really puzzles and annoys me.

b) If I go to https://X.X.X.X:4433 I can log-in with the user credentials (and it asks me to download NetExtender, etc). So it's clear that, up to some point, it works... at least partially.

c) NetExtender from Windows connection log is:

d) NetExtender from Linux connection log is:

# netExtender -u ********* -p ********* -d LocalDomain X.X.X.X:4433
NetExtender for Linux - Version 8.6.799
SonicWall
Copyright (c) 2017 SonicWall

Connecting to X.X.X.X:4433...
ERROR: SSL_connect: Connection reset by peer (104)
Retrying...
ERROR: SSL_connect: Success (0)
Authentication failure: Connection failed. Check log for details.
NetExtender connection failed.
SSL VPN logging out...
ERROR: SSL_connect: Connection reset by peer (104)
Retrying...
ERROR: SSL_connect: Success (0)
Logout command failed
SSL VPN connection is terminated.
Exiting NetExtender client


Category: VPN Client
Reply

Answers

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    Hi @Ruben_Cardenal


    Could you share netextender logs and firewall ssl-vpn logs.

    your message includes some authantication errors.

    It seems SSL Connection is ok.

    SSL_connect: Success
    

    User authantication has problem.

    Authentication failure: Connection failed. Check log for details.
    


  • Ruben_CardenalRuben_Cardenal Newbie ✭

    Hello,

    Well, I added no more logs, because there are no more logs from the client side. Under Linux (the part I'm interested in) the contents of .netExtender.log are, unfortunately, completely useless:

    06/16/2022 22:13:44.244 [general info   5160] NetExtender launched
    06/16/2022 22:13:44.244 [general info   5160] NetExtender 8.6.799 for Linux initialized
    06/16/2022 22:13:44.244 [config info   5160] Compatibility mode: SUSE/Ubuntu
    06/16/2022 22:13:44.244 [connect info   5160] User:  "*****"
    06/16/2022 22:13:44.244 [connect info   5160] Domain: "LocalDomain"
    06/16/2022 22:13:44.244 [connect info   5160] Server: "X.X.X.X:4433"
    06/16/2022 22:13:44.259 [general notice  5160] Connecting to X.X.X.X:4433...
    06/16/2022 22:13:44.349 [general error  5160] ERROR: SSL_connect: Connection reset by peer (104)
    06/16/2022 22:13:44.349 [general notice  5160] Retrying...
    06/16/2022 22:13:44.349 [general error  5160] ERROR: SSL_connect: Success (0)
    06/16/2022 22:13:44.349 [general error  5160] Authentication failure: Connection failed. Check log for details.
    06/16/2022 22:13:44.349 [general error  5160] NetExtender connection failed.
    06/16/2022 22:13:44.349 [general notice  5160] SSL VPN logging out...
    06/16/2022 22:13:44.440 [general error  5160] ERROR: SSL_connect: Connection reset by peer (104)
    06/16/2022 22:13:44.440 [general notice  5160] Retrying...
    06/16/2022 22:13:44.440 [general error  5160] ERROR: SSL_connect: Success (0)
    06/16/2022 22:13:44.440 [general error  5160] Logout command failed
    06/16/2022 22:13:44.441 [general notice  5160] SSL VPN connection is terminated.
    

    Regarding the firewall-side logs, frankly, firewalls are not my thing and I can't find where should I get those logs from, because maybe there there would be more information.

    Sometimes under Linux, the information displayed about the connection attempt is different:

    06/16/2022 22:28:11.655 [config info   1808] Loading saved profiles...
    06/16/2022 22:28:11.661 [general info   1808] NetExtender launched
    06/16/2022 22:28:11.661 [general info   1808] NetExtender 8.6.799 for Linux initialized
    06/16/2022 22:28:11.661 [config info   1808] Compatibility mode: SUSE/Ubuntu
    06/16/2022 22:28:11.661 [connect info   1808] User:  "vpnbastion"
    06/16/2022 22:28:11.661 [connect info   1808] Domain: "LocalDomain"
    06/16/2022 22:28:11.661 [connect info   1808] Server: "45.15.138.15:4433"
    06/16/2022 22:28:11.667 [general notice  1808] Connecting to 45.15.138.15:4433...
    06/16/2022 22:28:11.906 [connect warn   1808] SSL_get_peer_certificate: X509_V_ERR_INVALID_CA
    06/16/2022 22:28:15.356 [general notice  1808] Connected.
    06/16/2022 22:28:15.356 [general notice  1808] Logging in...
    06/16/2022 22:28:15.409 [general notice  1808] Login successful.
    06/16/2022 22:28:15.498 [general error  1808] ERROR: SSL_connect: Connection reset by peer (104)
    06/16/2022 22:28:15.498 [general notice  1808] Retrying...
    06/16/2022 22:28:15.498 [general error  1808] ERROR: SSL_connect: Success (0)
    06/16/2022 22:28:15.498 [connect error  1808] error verifing server's certificate
    06/16/2022 22:28:15.498 [epc   info   1808] Server don't support EPC check. Just pass EPC check
    06/16/2022 22:28:15.586 [general error  1808] ERROR: SSL_connect: Connection reset by peer (104)
    06/16/2022 22:28:15.586 [general notice  1808] Retrying...
    06/16/2022 22:28:15.586 [general error  1808] ERROR: SSL_connect: Success (0)
    06/16/2022 22:28:15.586 [connect error  1808] error verifing server's certificate
    06/16/2022 22:28:15.587 [general error  1808] Connection failure
    06/16/2022 22:28:15.587 [general notice  1808] SSL VPN logging out...
    06/16/2022 22:28:15.678 [general error  1808] ERROR: SSL_connect: Connection reset by peer (104)
    06/16/2022 22:28:15.678 [general notice  1808] Retrying...
    06/16/2022 22:28:15.678 [general error  1808] ERROR: SSL_connect: Success (0)
    06/16/2022 22:28:15.678 [general error  1808] Logout command failed
    06/16/2022 22:28:15.679 [general notice  1808] SSL VPN connection is terminated.
    

    I'm aware of the "error verifing server's certificate" and "X509_V_ERR_INVALID_CA" parts, but I don't know what to do about it, since the FW's documentation states that the self-signed certificate has to work just fine.

    Also, with those 2 tries I made to put the information in this post, I was logged-out both times from the admin session via HTTPS the very moment the connection attempt was done.

    Thanks.

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    Hi @Ruben_Cardenal

    I have checked your logs. and there is a Authantication error.

    06/16/2022 22:13:44.349 [general error  5160] Authentication failure: Connection failed. Check log for details.
    

    could you check authantication systems, settings on sonicwall and sonicwall logs.

  • Ruben_CardenalRuben_Cardenal Newbie ✭
    edited June 21

    Hello @MitatOnge

    Browsing to https://x.x.x.x:4433 and logging-in with the user, works. So it's, effectively, authenticated properly (at least vía http).

    Also, as I said in the OP, the setup is done meticulously according to Sonicwall's instructions. I'm not new with systems, just I don't use to deal with firewalls and have never dealt with this one before.

    Also, I have trouble both setting up those logs and finding them, since the instructions in Sonicwall's website are for SonicOS 6.5, and this device runs a 7 version.

    In Device -> Log -> Settings I have this:

    As you can see in the last column, there are events there. But when I click on "View Logs" at the top:

    For the last 10 minutes, and I just tried the VPN connection 7 minutes ago with this result:

    06/21/2022 18:33:34.737 [config info  30224] Loading saved profiles...
    06/21/2022 18:33:34.744 [general info  30224] NetExtender launched
    06/21/2022 18:33:34.744 [general info  30224] NetExtender 8.6.799 for Linux initialized
    06/21/2022 18:33:34.744 [config info  30224] Compatibility mode: SUSE/Ubuntu
    06/21/2022 18:33:34.744 [connect info  30224] User:  "****"
    06/21/2022 18:33:34.744 [connect info  30224] Domain: "LocalDomain"
    06/21/2022 18:33:34.744 [connect info  30224] Server: "****:4433"
    06/21/2022 18:33:34.753 [general notice 30224] Connecting to ****:4433...
    06/21/2022 18:33:35.030 [connect warn  30224] SSL_get_peer_certificate: X509_V_ERR_INVALID_CA
    06/21/2022 18:33:48.547 [general notice 30224] Connected.
    06/21/2022 18:33:48.547 [general notice 30224] Logging in...
    06/21/2022 18:33:48.547 [general error  30224] Authentication failure: Authentication failed.
    06/21/2022 18:33:48.547 [general notice 30224] SSL VPN logging out...
    06/21/2022 18:33:48.866 [https  error  30224] httpReqAddCookie: value is NULL
    06/21/2022 18:33:48.866 [https  error  30224] Missing parameter(s); returning false
    06/21/2022 18:33:48.966 [general error  30224] Logout command failed
    06/21/2022 18:33:48.967 [general notice 30224] SSL VPN connection is terminated.
    

    all I get is:

    So.. Where are those events then? More clearly, filtering by category:

    Nothing.

    Sorry if this looks dumb, I just don't know how this device works, and I've been tasked with making a VPN.

    Thanks.

  • Ruben_CardenalRuben_Cardenal Newbie ✭

    Also, if I try to log-in with a purposely wrong password:

    06/21/2022 18:52:24.284 [general notice 13462] Connected.
    06/21/2022 18:52:24.284 [general notice 13462] Logging in...
    06/21/2022 18:52:24.413 [general error  13462] Authentication failure: Login failed - Incorrect username/password.
    

    but when done with the right password:

    06/21/2022 18:33:48.547 [general notice 30224] Connected.
    06/21/2022 18:33:48.547 [general notice 30224] Logging in...
    06/21/2022 18:33:48.547 [general error  30224] Authentication failure: Authentication failed.
    


Sign In or Register to comment.