Troubleshooting

In this chapter, you will see some of the issues that occur most frequently when using the SN SSL VPN Client. If the issue you encounter cannot be found in this chapter, we recommend that you refer to the Stormshield knowledge base.

The tunnel won’t set up and the message "Connecting to the local service, please wait" remains displayed.

  • Situation: During the attempt to connect to the SSL VPN, the tunnel won’t set up and the message "Could not connect to firewall: Failed to resolve UTM name" persists.

  • Cause: The connected user is not in the "OpenVPN Administrators" group on the workstation used.

  • Solutions:

    • Update SN SSL VPN Client to version 3.2.3.

    • For versions lower than 3.2.3, ensure that the user belongs to the local "OpenVPN Administrators" group by executing the command net localgroup "OpenVPN Administrators" in the Windows command prompt. To manually add the user to the group, run net localgroup "OpenVPN Administrators" "myuser" /add (replace myuser with the relevant user).

The tunnel won’t set up and the message "Could not connect to firewall: Failed to resolve UTM name" appears.

  • Situation: During the attempt to connect to the SSL VPN, the tunnel won’t set up and the message "Could not connect to firewall: Failed to resolve UTM name" appears.

  • Cause: The address entered is incorrect or unreachable.

  • Solution: Check that the firewall address entered is correct.

The tunnel won’t set up and the message "Login or password incorrect" appears.

  • Situation: During the attempt to connect to the SSL VPN, the tunnel won’t set up and the message "Could not connect to firewall: Failed to resolve UTM name" appears.

  • Cause: Either the user's password is incorrect or the user does not have sufficient privileges to authenticate on the SSL VPN.

  • Solutions:

    • Check that the login and password are correct.

    • On the SNS firewall, check that the SSL VPN policy has been set to Allow in Configuration > Users > Access privileges, Default access tab, and that the user or user group in question is allowed to set up SSL VPN tunnels in Configuration > Users > Access privileges, Detailed access tab.

The tunnel won’t set up and the message "Error while connecting to the service: Connection refused" appears.

  • Situation: During the attempt to connect to the SSL VPN, the tunnel won’t set up and the message "Error while connecting to the service: Connection refused" appears.

  • Cause: The Stormshield SSL VPN Service is not running or is not working.

  • Solution: Check that the Windows Stormshield SSL VPN Service has been started on the workstation. You can also try to restart the service.

The tunnel won’t set up and logs contain the message "Route: Waiting for TUN/TAP interface to come up...".

  • Situation: During the attempt to connect to the SSL VPN, the tunnel won’t set up and the message "Error while connecting to the service: Connection refused" appears in logs.

  • Cause: An issue with the TAP-Windows Adapter interface prevents the VPN tunnel from setting up.

  • Solution: In the Windows Network and Sharing Center, click on Change adapter settings, right-click on the TAP-Windows Adapter interface and click on Diagnose.

A corporate resource cannot be accessed over the VPN tunnel

  • Situation: The tunnel has been set up, but a corporate resource cannot be accessed.

  • Cause: Either the firewall’s filter policy is blocking access to this resource or the resource is no longer accessible. There may also be other causes for this situation.

  • Solutions:

    • On the SNS firewall, ensure that the filter rules enable access to the resource and that there is no record of any traffic being blocked in the logs (in Monitoring > Logs - Audit logs > Filtering for SNS 4.x versions or in Audit logs > Logs > Filtering for SNS 3.x versions),

    • Ensure that the requested resource is in fact physically available.

    • Clear the machine’s ARP cache by typing the command arp -d * in a console.

The VPN tunnel shuts down whenever very large files are sent

  • Situation: Whenever a large file is sent, the VPN tunnel shuts down.

  • Cause: The file sent is too large.

  • Solution: Send the file over a protocol, such as FTP, that uses smaller blocks, or set up the tunnel over UDP.