Overview
Troubleshooting SSL VPN issues can be time consuming.
To better understand the issue good information needs to be gathered.
SSL VPN connections to an OBR will not work from behind an OBR. Ensure testing is done outside of an OBR network.
Helpful facts / First things to check
VPN Client
Is the User configured properly? Is the software client? Setup instructions
Idle Timeout
The SSL VPN will timeout after 15 minutes of inactivity.
Session Timeout
The VPN session timeout is 8 hours.
Always On
The Always On option is not currently available.
Split Tunnel
The VPN is split tunnel and only sends traffic to the Zone networks in the OBR Portal.
The SSL-VPN tunnel time times out after 10 minutes of inactivity to the OBR network, and after 8 hours of total connectivity.
OmniNet VPN IP's are in the 10.212.0.0/16 range. Each site will have a smaller pool within 10.212.XX.0/24
Ensure that internal Firewalls will allow connections from this range.
-- Example: Window's Server Firewall is set by default to only allow traffic from the subnet of the IP address it has.
Overlapping Subnets
Routing issues will occur if the end user's network subnet is the same as the office behind the OBR.
-- Example: End user's subnet is 192.168.0.0/24, and the OmniBridge's subnet is 192.168.0.0/24
End User's connection
- Has the user's home internet been cleared of packet loss or high latency?
-> Remote onto your source client and ping a few public services for a bit and make sure there's no packet loss.
- Check for consistent latency for their home internet
-> run a "ping 1.1.1.1 -t" for at least 500 pings and then review results
- Is the person connected wirelessly? Have they tried switching to wired and comparing?
Questions and Answers to send to Support
The What:
- What is the problem exhibited?
- What error messages are received? (Have end user provide any error messages as screenshots or copy/paste)
The Who:
- All VPN users have issues simultaneously, or do they appear to be random events?
(Everyone on SSL-VPN at the same time?)
- Specific users?
(Provide which user account)
- Is each account assigned to an individual user?
(Make sure people aren't sharing accounts)
The When:
- All day or only certain hours?
(Have them right down a few times, including the most recent)
- Issue exhibited at consistent intervals, or is it sporadic? Does it happen during peak hours?
(Record if it happens on average after an X amount of time)
- Was it previously reliable?
(How long was it reliable for and when did it stop)
- If it is a disconnect, are they able to reconnect right after?
(Include errors if not)
The Where:
- What ISP are they on?
(If multiple users, are they on similar ISP's?)
- Test from a persons computer experiencing issues.
-> From their source network run winmtr and trace to your assigned ssl-vpn gateway FWDN name or IP
(Normally includes a hostname.mdsremote.com) where "hostname is a unique value)
Custom-DNS for SSL-VPN
How to:
Go to the "Remote Access" section and then go to "SSL-VPN" and click the slider for "Custom DNS"
From there, you can fill in the specific DNS servers you'd like, as well as DNS-Suffix