Frequently encountered problems

Symptom:

The SSL tunnel will not set up and the client’s log file shows the following messages:

• Fri Feb 07 16:30:42 2014 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
• Fri Feb 07 16:30:42 2014 Route: Waiting f or TUN/TAP interface to come up...

Solution:

Open the Windows Network and Sharing Center and click on the menu Change adapter settings. Right-click on the TAP-Windows Adapter interface and select Diagnose.

Symptom:

The tunnel will not set up and the client displays the message “Unable to connect to UTM: Socket operation timed out”.

Solution:

Check that the IP address specified in the Firewall address field of the Stormshield Network SSL VPN Client is correct.

Symptom:

The tunnel will not set up and the client displays the message “Unable to connect to UTM: User not allowed”.

Solutions:

• Check that the login and password specified in the Login and Password fields of the Stormshield Network SSL VPN Client are correct,
• On the Firewall, check that the user is allowed to set up SSL VPN tunnels (module Configuration > Users > Access privileges, Detailed access tab).

Symptom:

The SSL tunnel has been set up, but I cannot access an authorized resource (example: could not access an intranet server).

Solutions:

• On the Firewall:

• Check that the filter rules indeed allow access to this resource,
• Check the filter logs in order to determine any possible traffic blocks (menu Logs > Logs > Filter).

• Check that the requested resource is physically available,
• Clear the ARP cache on the client machine: in console mode, type the command “arp -d *”.

Symptom:

The SSL tunnel will not set up and the client displays the message: “Error on service connection: Connection refused”.

Solution:

Check that the Stormshield SSL VPN Service has been started. Restart it if necessary.