Connection lost inside SSL VPN tunnel

Pnagy · July 2020

Hi
I have a similar problem.
We have USG110 no problem more than 2 years.
But a month ago sslvpn problems and problems, only USG restart solve the problem,
but sometimes in this situation usg reboot crashes and need disconnect power,
its not very good
.
Timeline:
The sslvpn working good, some user some hours two years
The corona virus change sslvpn light to hard use.
More than 10users 8 hours 4.32fw use without problem.

But about a month ago sslvpn problems and problems
/no configuration changes/
Some sslvpn user connected and working, but new connections not posibble,
only USG restart solve the problem.
After restart, the sslvpn working again about some hours to some days.

I upgrade the firmware to 4.38 after a day new sslvpn connection ok, but route not working,
pingig servers inside lan no answer, only usg inside ip respond to ping,
USG restart solve the problem.
The restart not good solution
i can't always restart the router during the day, coference rooms, office renters.etc..
Pls help, thx

USG_User · July 2020

What kind of internet connection are you using? We have a 50/10 (down/up) Mbit connection with about 20 users here at the office. When 10 of my users are working from home (due to covid-19) via SSLVPN and we simultaneously make a big upload (>1 GB upload to an internet exchange server) where the 10 Mbit upload rate is fully occupied, different users complain an abortion of their SSL VPN connection. Also when a W10 computer is downloading a big Windows update patch, we encountering such problems because Windows is always using the full bandwith which it can get

Further, did you ever checked the number of simultaneously used SSL VPN tunnels when encountering the problems? We experienced that often users do not disconnect when finishing their work. In that case the tunnel keeps open over a period of time and on next morning they connect again, building up another new tunnel. Working in that way could exhaust the maximum number of simulateous SSL VPN tunnels as per licence. To handle this problem you could adjust the tunnel idle detection or time until a user has to re-authenticate.

Finally, as already said in this forum, check whether the problems occur always with the same users when they connecting from home. My "problematic" users have weird stuff like WLAN extender or powerline adapters in place at home, which often interrupt the proper functioning of a SSL VPN tunnel. When removing this stuff, it works immediately.

Zyxel_Cooldia · July 2020

Hi @Pnagy,

Welcome to Zyxel Community.

When user use SecuExtender connect to USG110, they need to click “Disconnect” on SecuExtender before leaving the network.

Otherwise, the user will occupy the “Login Users” session. You can remind users to click “Disconnect” to leave the network or adjust USG110 lease Time to less than 10 minutes to avoid this issue.

How to check current login user

Router# show service-register status sslvpn-status

Adjust lease time(CONFIGURATION > Object > User/Group)

Pnagy · July 2020

Hi,

Thank you, your answers.
The internet optical leased line 200/200mbit and speed limit per user 15/15mbps

,
i think this is not limit, problem.

Some users really forget logout vpn, but for two months there was no problem.
but i change the lease time in the future

Good news.
The router now working good, more than 10days
no changes in the configuration only one: USB Flash Drive (save logs, etc)
not to see that bad, but i change to new.

i hope that was really the problem

Thanks for the help!

Zyxel_Cooldia · July 2020

Hi @Pnagy,

it's hard to imagine the issue was related to USB driver.

Anyway, keep monitor on it. Feel free to contact us if the issue happens again.

Connection lost inside SSL VPN tunnel

All Replies

Categories

Security Highlight

Security Help Center