SSLVPN over UDP TLS handshake error

Question

Running SFOS: 17.1.2 MR-2 
 Suddenly when running SSLVPN it gives error: 
 Mon Sep 17 08:39:55 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:2443 Mon Sep 17 08:39:55 2018 Socket Buffers: R=[65536->65536] S=[65536->65536] Mon Sep 17 08:39:55 2018 UDP link local: (not bound) Mon Sep 17 08:39:55 2018 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:2443 Mon Sep 17 08:39:55 2018 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:2443, sid=cb74f153 8b656703 Mon Sep 17 08:39:55 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Sep 17 08:39:55 2018 VERIFY OK: depth=1, C=dk, L=MyCity, O=None, CN=None WebAdmin CA, emailAddress=user@domain.com Mon Sep 17 08:39:55 2018 VERIFY X509NAME OK: C=dk, L=MyCity, O=None, CN=fw.domain.com Mon Sep 17 08:39:55 2018 VERIFY OK: depth=0, C=dk, L=MyCity, O=None, CN=fw.domain.com Mon Sep 17 08:40:55 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) ERROR: TLS error! See log for details Mon Sep 17 08:40:55 2018 TLS Error: TLS handshake failed Mon Sep 17 08:40:55 2018 SIGUSR1[soft,tls-error] received, process restarting Mon Sep 17 08:40:55 2018 Restart pause, 5 second(s) Mon Sep 17 08:41:00 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:2443 Mon Sep 17 08:41:00 2018 Socket Buffers: R=[65536->65536] S=[65536->65536] Mon Sep 17 08:41:00 2018 UDP link local: (not bound) Mon Sep 17 08:41:00 2018 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:2443 Mon Sep 17 08:41:00 2018 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:2443, sid=a6469550 665f08fd Mon Sep 17 08:41:00 2018 VERIFY OK: depth=1, C=dk, L=MyCity, O=None, CN=None WebAdmin CA, emailAddress=user@domain.com Mon Sep 17 08:41:00 2018 VERIFY X509NAME OK: C=dk, L=MyCity, O=None, CN=fw.domain.com Mon Sep 17 08:41:00 2018 VERIFY OK: depth=0, C=dk, L=MyCity, O=None, CN=fw.domain.com Disconnected 
 When choosing TCP it does not work, it just gives this: 
 
 Mon Sep 17 08:56:44 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:8443 Mon Sep 17 08:56:44 2018 Socket Buffers: R=[65536->65536] S=[65536->65536] Mon Sep 17 08:56:44 2018 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:8443 [nonblock] Mon Sep 17 08:56:45 2018 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:8443 Mon Sep 17 08:56:45 2018 TCP_CLIENT link local: (not bound) Mon Sep 17 08:56:45 2018 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:8443 Mon Sep 17 08:56:45 2018 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:8443, sid=cf9ad1ff 8d8dc1d6 Mon Sep 17 08:56:46 2018 VERIFY OK: depth=1, C=dk, L=MyCity, O=None, CN=None WebAdmin CA, emailAddress=user@domain.com Mon Sep 17 08:56:46 2018 VERIFY X509NAME OK: C=dk, L=MyCity, O=None, CN=fw.domain.com Mon Sep 17 08:56:46 2018 VERIFY OK: depth=0, C=dk, L=MyCity, O=None, CN=fw.domain.com Mon Sep 17 08:56:46 2018 Connection reset, restarting [0] Mon Sep 17 08:56:46 2018 SIGUSR1[soft,connection-reset] received, process restarting Mon Sep 17 08:56:46 2018 Restart pause, 5 second(s) 
 Never been a issue with UTM on port 2443 and UDP. 
 
 Try changing port number to 8443, with no luck.

twister5800 · Accepted Answer

Hi, sorry for the delay, I did use some hours on this :-) 
 
 I used the UTm --> XG config conversion appliance , and somehow, the certificates, for users got mixed up. 
 
 I did make sure that the "ApplianceCertificate" got regenerated. 
 
 I edited the Default CA with my own informations, and saved it, that I got from FloSupport in another thread : 
 To regenerate the SSL VPN user certificate for all users, navigate to System | Certificates | Certificate Authorities and edit the "Default" CA. Clicking save within this certificate will force the regeneration of all the SSL VPN user certificates and will also restart the SSL VPN service. To regenerate an individual user's SSL VPN certificate, you will have to navigate to System | Certificates and delete their "Per User Certificate". Their certificate will then be regenerated the next time the user signs into the XG User Portal. Please note that if any of these actions are performed, that all users or that individual user will have to re-download their SSL VPN installation file to utilize their new certificate. 
 I downloaded the config again and it worked..pheeww :-)