Menu
Reply
Highlighted
  • 15
  • 0
  • 0
Tuning in
1,119 Views
Message 1 of 27
Flag for a moderator

ssl vpn Issues

Hi

1st post.

After spending nearly two hours on the phone with virgin media Friday and having no joy with them and with them contanstly pushing Gadget Rescue service to help fix my issue for a fee 🤔 I am struggling to get any sort of reasonable response from anyone at Virgin Media

I work in a i.t department which has recently set up a new ssl vpn connection to replace our old connection. Both use ssl vpn on tcp 443 but different programs.

The old one is routed through a German telecom line and connects fine with virgin media 😃

The new one is routed through a Gamma fibre line but refuses to connect with virgin media 😢

All other isps connect to it fine with no issues (BT,SKY, TalkTalk etc) but not Virgin Media

I have tried turning off the hub 3 firewall and put my work provided laptop in a dmz with no joy

Any suggestions appreciated or contact from someone in Virgin Media tech team, I hate to tell our users the only way to connect to our vpn is to switch to a different isp

 

Regards

 

0 Kudos
Reply
Highlighted
  • 1.42K
  • 201
  • 667
Very Insightful Person
Very Insightful Person
1,085 Views
Message 2 of 27
Flag for a moderator

Re: ssl vpn Issues

Gadget Rescue eh, you've more chance of International Rescue flying in to fix this one!

Not much to go on but what are you using to terminate the SSL VPN tunnels? The reason I ask is that many devices have a web portal so the first thing I would try is to see if you can't simply use a web browser to hit the public IP address / FQDN and see if you get the portal page - you'll need to check the config on your device, it might well use a different port to get to the portal than the one that the tunnel itself uses.

If you can get to the portal page then there isn't a routing issue, and you might see a useful error message which the SSL client wouldn't show. You could also check if your clients have web safe or child safe enabled on their accounts as they can cause havoc with SSL connections sometimes.

Forget about the Hub's firewall or DMZ, they only effect inbound unsolicited connections so won't be blocking the tunnel setup.

John

Highlighted
  • 15
  • 0
  • 0
Tuning in
1,073 Views
Message 3 of 27
Flag for a moderator

Re: ssl vpn Issues

Hi

Thanks for your reply.

I haven't checked to see if I can connect to the tunnel page - I will try and connect later.

I did try pinging the gateway from the laptop and directly from the hub, the ping from the hub worked but from the laptop failed. To double check the laptop I pinged google.com and that worked - same directly from the hub.

As per my orginal post the tunnel works with other isp so the issue is only when connected to Virgin Media.

I'm not sure at the old tunnel as this was managed by our German office but the new connection is provided by Gamma and the firewall is a watchguard.

web safe and child safe are turned off - also tried turning off advanced network error search, how ever this is not possible on all users

Martin

 

0 Kudos
Reply
Highlighted
  • 1.42K
  • 201
  • 667
Very Insightful Person
Very Insightful Person
1,063 Views
Message 4 of 27
Flag for a moderator

Re: ssl vpn Issues

I can guarantee you that Watchguard's SSL VPN client works with VM because I use them all the time. They definitely have an SSL portal so you should be able to browse to the public IP address (ignore the cert warnings) and see it - might just need to double check that it is using 443 for the data and config channels - that's in VPN / Mobile VPN / SSL VPN Configuration and then under the Advanced Tab - on the Watchguard web management page or use the offline System Manager.

Highlighted
  • 14.73K
  • 620
  • 1.42K
Alessandro Volta
1,057 Views
Message 5 of 27
Flag for a moderator

Re: ssl vpn Issues

Try with the hub in modem mode and run a tracetcp to the VPN
https://simulatedsimian.github.io/tracetcp.html
“IP”:443

---------------------------------------------------------------
0 Kudos
Reply
Highlighted
  • 15
  • 0
  • 0
Tuning in
1,046 Views
Message 6 of 27
Flag for a moderator

Re: ssl vpn Issues

Hi Again

Again thank you for the reply.

Can you confirm when you connect are you using a name or using a ip address? Can you confirm your using a hub 3?

vpn1.JPG

As you can see the data channel and config channel are the same. I will check to see if I can access the portal page when I am home later and update the post

 

Regards

0 Kudos
Reply
Highlighted
  • 1.42K
  • 201
  • 667
Very Insightful Person
Very Insightful Person
1,021 Views
Message 7 of 27
Flag for a moderator

Re: ssl vpn Issues

Usually by IP address and yes via a Hub 3. You really should be able to get the portal page up just by browsing to the public IP address on port 443. By the way you might want to change the Authentication to SHA-256, SHA-1 has been considered insecure for the past ten years or so.

John

0 Kudos
Reply
Highlighted
  • 15
  • 0
  • 0
Tuning in
984 Views
Message 8 of 27
Flag for a moderator

Re: ssl vpn Issues

Hi John

Thank you for that info - sha-1 is what our installer setup and configured. We are looking at changing it soon 😀

However back to the subject at hand.

I am unable to access the portal page when connected to VM, when disconnected from VM and connected to my mobile hotspot (with o2) the portal page loads and I am able to connect to the tunnel. So this really makes me think this is a problem with VM instead of a config issue with the tunnel or our laptops

Our users (my self included are based in the west midlands) so maybe it's  a local issue

Martin

 

0 Kudos
Reply
Highlighted
  • 1.42K
  • 201
  • 667
Very Insightful Person
Very Insightful Person
907 Views
Message 9 of 27
Flag for a moderator

Re: ssl vpn Issues

Martin

Might be a local problem, but at least for now we can disregard a config issue with the Firewall itself or the VPN client. So what happens if you just try to ping the Firewall's external address? You might need to temporarily add a rule to enable ping responses from untrusted interfaces. Can you traceroute to it?

If you can't get to the SSL portal's webpage from a browser, then the client is very unlikely to be able to connect either.

John

0 Kudos
Reply
Highlighted
  • 15
  • 0
  • 0
Tuning in
903 Views
Message 10 of 27
Flag for a moderator

Re: ssl vpn Issues

John

When trying to ping the public ip address the ping request times out.

Doing a tracert only hits the hub

Martin

0 Kudos
Reply