- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: Mobile Access portal problem
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mobile Access portal problem
Hi Guys,
Have anyone encountered such error in trace logs between gateway and backend server:
[LOGGER_CURL_INFO/] |11:25:28.998| TLSv1.2 (OUT), TLS alert, Server hello (2):
[LOGGER_CURL_INFO/] |11:25:28.998| SSL read: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac, errno 0
[LOGGER_CURL_INFO/] |11:25:28.998| Closing connection 0
[LOGGER_CURL_INFO/] |11:25:28.998| TLSv1.2 (OUT), TLS alert, Client hello (1):
This happens on both R80.10 and R80.20 any JHF.
Gateway is a VM on esx.
Due to this error some files are partially downloaded, hence the webpage is broken.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The error suggests the SSL/TLS negotiation is failing.
What happens when you access the site in question without going through MAB?
Can you validate the TLS version used by your browser?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dameon,
Thanks for reply. Going directly to website - no problem. Connection is established using TLS1.2. By the way, forgot to mention:
* Using R77.30 works fine
* R80.10 MAB - I get this error with multiple web apps. This suggests it is not specific to that particular website.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
During the event in tcpdump I can see rst flag is sent by gateway. But why?
I have done so far:
* changed TLS1.2 ciphers
* downgraded to TLS1.1 and TLS1.0
* Installed GW in different VLAN.
* tested with all vmware network adapter types
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would open a TAC case so we can troubleshoot this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Been there too case is open for months now with almost no progress
I was thinking giving a shot here
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please send me the SR in a Private Message.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This issue definitely shortened my life expectancy 😄 Overall TAC help was very poor. The ticket lasted almost a year 😞
Finally after many experiments the only thing which helped is the gateway with 3.10 kernel...
