Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 5484 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG86 Random Issue on SSL Site to Site VPN after upgrade to 19

Lorena Zandona

I have a Site to Site (XG is server) and before upgrade all work for year.

After upgrade randomly (i think this happen on night for some sevice restart maybe?) the firewall not use the Tunnel to Route the traffic

The VPN is working from the other site to this, only this to other stop working.

On log page you can see this (192.168.1.x is the remote network)

After editing config and saving (i think this reconnect vpn) al start working again

What i can do?? Only wait a fix? Is rather annoying almost every day i have to fix this

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Giridhar Katti

    As the subject is the SSL VPN not working... IPSEC work normal. No config is changed after upgrade. The problem started immediately after update.. Editing and saving SSL Site to Site config re-enabled the normal behaviour for some time

    On SDWAN routing i have only a config for the Wifi to use one GW instead of the other

    But here:

    Dont share SSL vpn config screenshot because there no particular setting on the gui only lan names

    Here obfuscated config file for ssl svpn

    {"server_address":["88.x.x.x","192.168.178.250","192.3.3.250"],"authentication_algorithm":"SHA256","password":"****","key":"-----BEGIN RSA PRIVATE KEY-----***\n-----END RSA PRIVATE KEY-----","server_dn":"C=IT, ST=NA, L=Capriolo, O=***, OU=OU, CN=***, emailAddress=***","server_port":"8443","username":"****","encryption_algorithm":"AES-128-CBC","protocol":"udp","compression":"1","ca_cert":"-----BEGIN CERTIFICATE-----\n{"server_address":["88.x.x.x","192.168.178.250","192.3.3.250"],"authentication_algorithm":"SHA256","password":"***","key":"-----BEGIN RSA PRIVATE KEY-----\n***\n-----END RSA PRIVATE KEY-----","server_dn":"C=IT, ST=NA, L=Capriolo, O=***, OU=OU, CN=***, emailAddress=***","server_port":"8443","username":"***","encryption_algorithm":"AES-128-CBC","protocol":"udp","compression":"1","ca_cert":"-----BEGIN CERTIFICATE-----\n***\n-----END CERTIFICATE-----","certificate":"-----BEGIN CERTIFICATE-----\n***\n-----END CERTIFICATE-----"}

  • 0 in reply to Lorena Zandona

    In non-working case, can you check if route for the remote network is installed on the XGS (through the route command on the shell) ?

Unfiltered HTML