Authentication / Connection with SSL client fails (strange error message)

Question

Hello, 
 I hope this is the right topic. I'm trying to set up remote access to the network via the SSL VPN client. I can install the client from the user portal just fine, but when I try to connect, it is stuck in a loop. 
 This is the setup: We have an XG105 that's situated behind a FritzBox router, which was originally used before we installed the XG. The FritzBox still serves as cable modem and is set to exposed host, so any traffic it receives will go straight through to the XG. 
 FritzBox internal IP: 192.168.178.1 XG WAN address: 192.168.178.2 (connected to FritzBox) XG ports 1, 3, 4 are bridged, IP is 192.168.0.1 
 This is the log the SSL VPN client creates: 
 Wed Nov 20 13:05:56 2019 SIGUSR1[soft,init_instance] received, process restarting Wed Nov 20 13:05:56 2019 MANAGEMENT: >STATE:1574251556,RECONNECTING,init_instance,,,,, Wed Nov 20 13:05:56 2019 Restart pause, 5 second(s) Wed Nov 20 13:06:01 2019 Socket Buffers: R=[65536->65536] S=[65536->65536] Wed Nov 20 13:06:01 2019 Attempting to establish TCP connection with [AF_INET]10.255.0.1:8443 [nonblock] Wed Nov 20 13:06:01 2019 MANAGEMENT: >STATE:1574251561,TCP_CONNECT,,,,,, Wed Nov 20 13:06:02 2019 TCP connection established with [AF_INET]10.255.0.1:8443 Wed Nov 20 13:06:02 2019 TCPv4_CLIENT link local: [undef] Wed Nov 20 13:06:02 2019 TCPv4_CLIENT link remote: [AF_INET]10.255.0.1:8443 Wed Nov 20 13:06:02 2019 MANAGEMENT: >STATE:1574251562,WAIT,,,,,, Wed Nov 20 13:06:02 2019 MANAGEMENT: >STATE:1574251562,AUTH,,,,,, Wed Nov 20 13:06:02 2019 TLS: Initial packet from [AF_INET]10.255.0.1:8443, sid=7905d330 302de3ed Wed Nov 20 13:06:02 2019 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=DE, ST=NA, L=[censored:city], O=[censored:company], OU=OU, CN=Sophos_CA_S1403A41877B779, emailAddress=[censored:email] Wed Nov 20 13:06:02 2019 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Wed Nov 20 13:06:02 2019 TLS Error: TLS object -> incoming plaintext read error Wed Nov 20 13:06:02 2019 TLS Error: TLS handshake failed Wed Nov 20 13:06:02 2019 Fatal TLS error (check_tls_errors_co), restarting Wed Nov 20 13:06:02 2019 SIGUSR1[soft,tls-error] received, process restarting Wed Nov 20 13:06:02 2019 MANAGEMENT: >STATE:1574251562,RECONNECTING,tls-error,,,,, Wed Nov 20 13:06:02 2019 Restart pause, 5 second(s) Wed Nov 20 13:06:07 2019 Socket Buffers: R=[65536->65536] S=[65536->65536] Wed Nov 20 13:06:07 2019 Attempting to establish TCP connection with [AF_INET]192.168.178.2:8443 [nonblock] Wed Nov 20 13:06:07 2019 MANAGEMENT: >STATE:1574251567,TCP_CONNECT,,,,,, Wed Nov 20 13:05:56 2019 TCP: connect to [AF_INET]192.168.178.2:8443 failed, will try again in 5 seconds: The system tried to assign a drive with SUBST to a directory on a drive assigned with JOIN. (Had to translate the last error message, I hope it is close to the actual English message.) 
 This then repeats. 
 I don't know what exactly is wrong here, I'm quite certain the settings on the XG are identical to another XG where it works.

FormerMember · Accepted Answer

Hi , 
 In order to resolve this issue, please follow these steps: 
 Step 1. Override the host name whit the Public IP address of your ISP modem. Override Host name under Configuration > VPN > Show VPN Setting > SSL. 
 Step 2. Create port forwarding rule on ISP modem to forward port 8443 towards WAN interface of the XG. 
 Step 3. Make sure you have SSL VPN enabled for WAN zone under Device Access. 
 In the logs it seems client is trying to connect to the 192.168.178.2 on port 8443 but if that port is not forwarded from your ISP modem than firewall will not see that traffic. 
 Note : If you make this suggested change make sure you re-download the configuration file from the UserPortal. 
 Thanks,