Jump to content


Photo

Barracuda Connector Disconnection

connector disconnection barracuda

  • Please log in to reply
3 replies to this topic

#1 Benoit_Fr

Benoit_Fr
  • Members
  • 3 posts

Posted 11 June 2014 - 10:24 AM

Hi,

 

For few weeks due to our supplier we're using Barracuda Connector client.

In practice I need to go to the supplier website which seems to be a Barracuda VPN box. More details here:

Firmware 1.7.2.010 2014-05-15 16:52
VPN 1.7.2010
Model: 680

From the supplier requirement:

First at all I installed the Barracuda Network Connector 2.1 RC20 on the desktop. Also I added the IP address of the resource we need to access as a permanent route within the TCP configuration of the desktop.

Then when I'm logged in to the supplier barracuda vpn box I just need to click on LAN1 icon to start the VPN connection.  Then we can access to the resource we need. Our constraint is to keep the VPN connection online 24/24h

 

My problem is unfortunately sometimes the connection is lost. We checked everything we can but for sure we missed something.

The problem occurs on both desktops which are not on the same factory. One desktop is connected through Ethernet. One desktop is connected through wireless. Our supplier confirmed all is ok for them. The engineer who manages the firewall confirmed all is ok too. But the disconnection still occurs randomly during the day or the night. The VPN can be online either for 4 or 5 days or for 5 hours. It's Windows 7 on both desktops.

 

We tried to have a look on the logs below but nobody is able to help me:

Fri Jun 06 18:24:18 2014 write TCPv4_CLIENT: Connection reset by peer (WSAECONNRESET) (code=10054)
Fri Jun 06 18:24:18 2014 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Fri Jun 06 18:24:18 2014 Connection reset, restarting [-1]
Fri Jun 06 18:24:18 2014 TCP/UDP: Closing socket
Fri Jun 06 18:24:18 2014 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jun 06 18:24:18 2014 Restart pause, 5 second(s)
Fri Jun 06 18:24:23 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jun 06 18:24:23 2014 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Fri Jun 06 18:24:23 2014 Re-using SSL/TLS context
Fri Jun 06 18:24:23 2014 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jun 06 18:24:23 2014 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ]
Fri Jun 06 18:24:23 2014 Local Options hash (VER=V4): '10f35004'
Fri Jun 06 18:24:23 2014 Expected Remote Options hash (VER=V4): 'a917298a'
Fri Jun 06 18:24:23 2014 Attempting to establish TCP connection with Supplier_Barracuda_VPN_IP_Address:443
Fri Jun 06 18:24:23 2014 TCP connection established with Supplier_Barracuda_VPN_IP_Address:443
Fri Jun 06 18:24:23 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jun 06 18:24:23 2014 Socket flags: TCP_NODELAY=1 succeeded
Fri Jun 06 18:24:23 2014 TCPv4_CLIENT link local: [undef]
Fri Jun 06 18:24:23 2014 TCPv4_CLIENT link remote: Supplier_Barracuda_VPN_IP_Address:443
Fri Jun 06 18:24:23 2014 TLS: Initial packet from Supplier_Barracuda_VPN_IP_Address:443, sid=XXXXXXXXXX
Fri Jun 06 18:24:23 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jun 06 18:24:23 2014 VERIFY OK: depth=1, /OU=SSL_VPN/O=Barracuda_Networks/CN=US
Fri Jun 06 18:24:23 2014 VERIFY OK: nsCertType=SERVER
Fri Jun 06 18:24:23 2014 VERIFY OK: depth=0, /C=US/O=Barracuda_Networks/OU=SSL_VPN/CN=tap0
Fri Jun 06 18:24:23 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 06 18:24:23 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 06 18:24:23 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Jun 06 18:24:23 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 06 18:24:23 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jun 06 18:24:23 2014 [tap0] Peer Connection Initiated with Supplier_Barracuda_VPN_IP_Address:443
Fri Jun 06 18:24:25 2014 SENT CONTROL [tap0]: 'PUSH_REQUEST' (status=1)
Fri Jun 06 18:24:25 2014 AUTH: Received AUTH_FAILED control message
Fri Jun 06 18:24:25 2014 TCP/UDP: Closing socket
Fri Jun 06 18:24:25 2014 Closing TUN/TAP interface
Fri Jun 06 18:24:25 2014 SIGTERM[soft,auth-failure] received, process exiting

 

Any advices on what's going on here please ?

Do we have a problem with our firewall? How can I be sure the Barracuda VPN box is correctly configured by our supplier ?

 

Thank you very much for your help.

Benoit



#2 Gavin Chappell

Gavin Chappell
  • Moderators
  • 441 posts
  • LocationNottingham, UK

Posted 12 June 2014 - 11:49 AM

Benoit,

From what you're describing, it sounds like you've installed the full client (meaning that you have a Network Connector icon in your taskbar constantly) but for your launch method you're actually using the feature we call "web launch". The issue with this is that to avoid any prompts for credentials, the web launch method uses a unique "token" which is tied to your browser session - as soon as you log off or the session expires, this token becomes invalid which is what's causing your auht-failure on the bottom line of that log.

 

The better way to do things is to use the "More..." button on the LAN1 icon and use "Install configuration" to configure your standalone client. This authenticates with a traditional username and password (the same you use to log into the web interface) and should be able to keep you online more reliably - by this I mean that it should be able to re-authenticate correctly, it can't necessarily do anything about the WSAETIMEDOUT or WSAECONNRESET errors, these are usually down to a network level problem.

 

Hope this helps?



#3 Benoit_Fr

Benoit_Fr
  • Members
  • 3 posts

Posted 18 June 2014 - 05:04 AM

Hi Gavin,

Yes the network Connector icon appears in the task bar constantly

Thanks you for your help.

Let me try.



#4 Benoit_Fr

Benoit_Fr
  • Members
  • 3 posts

Posted 01 September 2014 - 04:58 AM

Hi Gavin,

Apologies for the delay.

It's running much better. Thank you very much for your help.