Frequently encountered problems
Symptom:
The SSL tunnel will not set up and the client’s log file shows the following messages:
- Fri Feb 07 16:30:42 2014 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
- Fri Feb 07 16:30:42 2014 Route: Waiting f or TUN/TAP interface to come up...
Solution:
Open the Windows Network and Sharing Center and click on the menu Change adapter settings. Right-click on the TAP-Windows Adapter interface and select Diagnose.
Symptom:
The tunnel will not set up and the client displays the message “Unable to connect to UTM: Socket operation timed out”.
Solution:
Check that the IP address specified in the Firewall address field of the Stormshield Network SSL VPN Client is correct.
Symptom:
The tunnel will not set up and the client displays the message “Unable to connect to UTM: User not allowed”.
Solutions:
- Check that the login and password specified in the Login and Password fields of the Stormshield Network SSL VPN Client are correct,
- On the Firewall, check that the user is allowed to set up SSL VPN tunnels (module Configuration > Users > Access privileges, Detailed access tab).
Symptom:
The SSL tunnel has been set up, but I cannot access an authorized resource (example: could not access an intranet server).
Solutions:
- On the Firewall:
- Check that the filter rules indeed allow access to this resource,
- Check the filter logs in order to determine any possible traffic blocks (menu Logs > Logs > Filter).
- Check that the requested resource is physically available,
- Clear the ARP cache on the client machine: in console mode, type the command “arp -d *”.
Symptom:
The SSL tunnel will not set up and the client displays the message: “Error on service connection: Connection refused”.
Solution:
Check that the Stormshield SSL VPN Service has been started. Restart it if necessary.