NetExtender VPN getting killed by Firewalla

Follow

Neil Jacobson

• July 07, 2020 18:50

When using Firewalla Blue and enabling an employer-provided NetExtender VPN connection, Firewalla appears to kill the VPN every few minutes. When I disconnect Firewalla, I can stay on the VPN forever. Is there a way to tell Firewalla that the VPN connection ought not be messed with?

0

• 

  Firewalla

  • July 07, 2020 19:20

  Please check a few things

  1. do you have the family protect on? if you do, make sure it is not applied to the host that's doing the VPN.
  2. look at your rules button and see if there anything blocking ports ... that may be related to the VPN

  Next, a few more things to try

  1. try to turn monitoring off the host that's doing VPN. see if it works.
  2. try to give the host a static IP that's on the firewalla overlay network 192.168.218.x network 

  If (1)(2) works, likely something is interrupting the TCP session.  (I assume you are doing SSL VPN).  Then please send help@firewalla.com a email with your router/make/model and also if you are running in simple or dhcp mode 

  0

  Comment actions Permalink
• 

  Neil Jacobson

  • July 07, 2020 20:09

  Thanks. I am not using family protect and my ports are good. I will try the other actions and get back to you

  0

  Comment actions Permalink
• 

  Neil Jacobson

  • July 07, 2020 21:48

  Turning off monitoring seems to do the trick

  0

  Comment actions Permalink
• 

  cjeman

  • October 13, 2020 20:20

  I am having the same problem with SlickVPN. If I have my Blue monitoring then the VPN bounces every few minutes. I would like to have some monitoring on the device but VPN needs to be controlled on the client and not by Firewalla. There is no family protect or ports blocked.

  0

  Comment actions Permalink
• 

  Firewalla

  • October 13, 2020 23:50

  Does turning off monitoring help?

  0

  Comment actions Permalink
• 

  cjeman

  • October 14, 2020 13:04

  Yes. The VPN connection is constant when monitoring is turned off. Like I stated above, I would like to have the Blue do some monitoring of the clients using VPN. 

  0

  Comment actions Permalink
• 

  Firewalla

  • October 14, 2020 16:48

  Try this, if you are using Simple mode, see if you can place the device that's doing the VPN in the firewalla overlay network.  You can see the network addresses in settings->advanced->network settings (under overlay Network)

  0

  Comment actions Permalink
• 

  cjeman

  • October 15, 2020 00:03
  • Edited

  Putting the client's static IP in the overlay put the device off line in the Blue. I had to change the overlay to some unused IP to get the VPN client back on-line in the Blue. 

   

  0

  Comment actions Permalink
• 

  Mckenziefamily

  • October 15, 2020 14:43

  I am also having that same issue the Pulse Secure which I have to use for work. If I pause the monitoring it works fine. So why did this just now started and what can I do to fix.

  0

  Comment actions Permalink
• 

  Firewalla

  • October 15, 2020 16:59

  Do you have family mode on?

  0

  Comment actions Permalink
• 

  cjeman

  • October 15, 2020 19:55

  I had the client's OpenVPN create a verbose listing and the reason VPN is disconnecting is an 'inactivity-timeout'. I added an option to the VPN profile increasing the default  to 1000 ms and this made no difference. I can send you guys the logs.

  I am interested in helping you fix these kinds of issues. I am retired IT and know my way around most network issues.

  0

  Comment actions Permalink
• 

  Firewalla

  • October 15, 2020 22:45

  @cjeman,  I think you are doing the right thing;  try to turn on the logs and start a process on a PC to ping 1.1.1.1 through the VPN and see if it goes down

  0

  Comment actions Permalink
• 

  cjeman

  • October 16, 2020 20:18

  I simply cannot use my Blue on devices with 3rd party VPN (SlickVPN).

  My Blue is setup in Simple mode on an ASUS RT-AC66U-B1 which is compatible.with Simple Mode. I added to my OpenVPN profiles the following parameters:

  keepalive 100 1200

  Inactive 1000

  I still keep getting disconnected every few minutes. I can send you guys logs, configuration, Etc.

  I assume that I need to put the default IP back in the Overlay Network settings.

  0

  Comment actions Permalink
• 

  Firewalla

  • October 16, 2020 20:37

  What is the client you are using? and what the device you are running it on?   we can try to reproduce it here

  0

  Comment actions Permalink
• 

  cjeman

  • October 16, 2020 20:53

  OpenVPN for Android 0.7.21 on an nVidia Shield TV (Android 9 rooted). I import SlickVPN's .ovpn into OpenVPN and I am good to go. I can tweak the profiles if needed for you guys. This may help others.

  BTW Thanks for the quick response.

  0

  Comment actions Permalink
• 

  cjeman

  • October 17, 2020 19:54

  Looking deeper into some of the OpenVPN logs I am seeing this often when Blue is monitoring.

  2020-10-17 12:15:12 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
  2020-10-17 12:15:12 TLS Error: TLS handshake failed

  In fairness to your staff, OpenVPN does occasionally disconnect without Blue monitoring. Not as often, with the same timeout.

  2020-10-16 12:49:34 official build 0.7.21 running on NVIDIA SHIELD Android TV (darcy), Android 9 (PPR1.180610.011) API 28, ABI arm64-v8a, (NVIDIA/darcy/darcy:9/PPR1.180610.011/4086636_1697.8089:userdebug/test-keys)
  2020-10-16 12:49:34 Log cleared.
  2020-10-16 12:55:26 [VPN] Inactivity timeout (--ping-restart), restarting
  2020-10-16 12:55:26 TCP/UDP: Closing socket
  2020-10-16 12:55:26 SIGUSR1[soft,ping-restart] received, process restarting

  0

  Comment actions Permalink

Please sign in to leave a comment.