 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6
 ·Bell Fibe
1 edit | Can't access USG web via VPN I just run into weird issue.
There's IPSec tunnel between two USGs. I can't access the Web GUI from the remote USG via VPN tunnel. Doesn't work from either side over VPN, it does work locally though.
The web page starts loading, then it freezes indefinitely. Did some wireshark sniffing and see some lost and duplicate packets.
I've tried FF, IE and Chrome ... all the same.
The interesting part is I can access the devices via VPN using SSH. I can use any other resources one remote LAN.
I'm not sure what happened, seems strange, this used to work (and as I said SSH works).
Anybody seeing similar issue or it's just me? |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 Reviews:
·Bell Fibe
| Anybody accessing USG via IPSec site-to-site that can confirm the access works or not? ...that would really help me before I reset the machine to defaults.
I simply can't access the USG WEB GUI (FW 3.0) from IPSec site-to-site VPN. Tried two tunnels. The web page starts loading then freezes indefinitely. SSH and other services work OK. |
|
| I got same problem, after a firmware upgrade on 2 different USG100.
USG100 3.00.2 Zyxel VPN client 3.0.204.61.71
I still got a problem on a single machine win7-64.... but... I've solved the problem on others client simply disable the NAT-T on the software client. (forced disable)
I guess the new firmware has some problem with NAT-T. |
|
 meowBB
join:2002-01-21
Hayward, CA | reply to Brano
said by Brano:Anybody accessing USG via IPSec site-to-site that can confirm the access works or not? ...that would really help me before I reset the machine to defaults.
I simply can't access the USG WEB GUI (FW 3.0) from IPSec site-to-site VPN. Tried two tunnels. The web page starts loading then freezes indefinitely. SSH and other services work OK.
What are the types of your connection? Any encapsulation, eg PPoE on one side?
I got the exact same issue. The issue is resolved by changing the MSS and checked the 'Ignore "Don't Fragment" setting in IP header"' on the "VPN Connection" page. |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 | Thanks, I'll play with that.
My connection is PPPoE on my side. I've tested with multiple ends on PPPoE and plain Ethernet. |
|
|
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:6 Reviews:
·Bell Fibe
| reply to meowBB
said by meowBB:The issue is resolved by changing the MSS and checked the 'Ignore "Don't Fragment" setting in IP header"' on the "VPN Connection" page.
I 'hate' you!  ... you know how much time I spent debugging and sniffing the traffic and didn't catch this?!#!
The "Ignore "Don't Fragment" setting in packet header" did the trick! Didn't even have to tinker with MSS.
THANK YOU, SIR!!!
Now the question, is this FW 3.0 bug or not? It was working on 2.2 without this having checked. Or was 2.2 buggy? |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Haha, chicken or egg luv it. |
|
meowBB
join:2002-01-21
Hayward, CA | reply to Brano
I don't know if this issue starts on v3 or not since I upgraded my other end to usg20 which I flashed it to v3 right after I opened the box. I almost lost my faith in Zyxel before I found the solution. |
|
