Hello. We use an NSA 4700 at our corporate HQ and all user computers are configured to use the NetExtender VPN client to connect to the office when needed. Everything has been working great for the last year since we installed this device but the SSL cert that we use for VPN connections recently expired so I had to remove the existing one and install the new one. At this point, we started hearing from some of our users that they could no longer connect to the VPN. They received one or more of the following errors:
The server is unreachable. The server may be down or your internet settings may be down.
SSL error happened, your OS may not support connecting to the server. Please make sure the server has a valid certificate setup.
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server!
After a bit of troubleshooting, we found that the only users that were having problems were those that were connected to a site that was using Spectrum as their ISP. If we have those same users connect instead to their phone/tablet hotspot, VPN works fine.
Has anyone experienced this? Any idea why a new SSL cert would cause these issues all of a sudden? Any advice that can be provided would be appreciated. Thanks.
Does this ISP provide a service where if you enter an unknown URL in a browser, they redirect you to their own branded search page?
We had this with a couple of ISPs here in the UK, thinking they are being helpful when you enter an unresolvable URL that would otherwise result in NXDOMAIN.
They assume you’ve typo’d it and serve you a “did you mean” page, along with some ads.
This was causing NetExtender issues for us (it’s basically a DNS Hijack) and the only fix was to turn it off in the user’s home router or in one case their account settings with their ISP
I had a high level off-site conference with two dozen people who consider themselves quite important. The facility the meeting was held was blocking our VPN traffic. Talked to their admin and he was able to unblock it. Perhaps contact Spectrum to discuss…?
Otherwise, install NX on a personal machine (if they’re willing & able) to test it from that same network
Are you seeing anything I’m the logs on the sonicwall? Just curious if it’s hitting the sonicwall then bombing out or if it’s actually dropping before it hits the Sonny.
Any chance is similar to this guy’s issue with tls 1.3?
We also are having this issue on Gen7 units specifically with Spectrum. It seems to be related to their provided routers, if you bypass the router and use a 3rd party like netgear it works fine. Also concur it seems to have been triggered on Certificate renewal, like somehow their routers are doing some kind of certificate inspection.
Any updates on this? I am experiencing the exact same problem with one of our clients.
Installing new GoDaddy cert broke VPN for Spectrum users only
Both NetExtender and Mobile Connect fail
Reverting to self-signed cert on firewall allows Spectrum users to connect
So for now I am using a self-signed cert to allow Spectrum users access but this shouldn’t be a long-term solution. Any input would be greatly appreciated!
SOLUTION**. Hello, I came across this when looking for a solution to what sounds like the same problem. We ended up uninstalling netextender in software center and reinstalling it. It then downloaded an update and worked again.
This is a long dead thread, but I can confirm that the issue is specific to certain revisions of the modem that Spectrum provides. In our case two of our techs have the same service with the same model router but differing hardware revisions. Specifically revision “1D” fails.
I can also confirm changing the certificate to self-signed indeed works.
We are using a wildcard cert for our NSA4700s.
I can also confirm Spectrum does not give a flip about the issue.
Yeah, I did a packet capture on my end and I see lots of traffic coming from the remote user. I must confess that I’m not too experienced with reading these captures so it doesn’t make much sense to me.
I tried enabling TLS 1.3 in the internet options on a client machine but it didn’t make a difference.
I’m not able to locate the ciphersuites settings on my NSA4700. It sounds like that would solve the issue so I’m going to continue looking around.