Troubleshoot Mobile VPN with SSL

This topic describes common problems and solutions for Mobile VPN with SSL. Even after the VPN client connects, client traffic might not be able to reach some network resources because of network or policy configuration problems.

Installation Issues

For information about which operating systems are compatible with your Mobile VPN with SSL Client, see the Operating System Compatibility list in the Fireware Release Notes. You can find the Release Notes for your version of Fireware OS on the Fireware Release Notes page of the WatchGuard website.

To use the Mobile VPN with SSL client to connect, your computer must support TLS 1.1 or higher.

To install the Mobile VPN with SSL client on macOS, you must have administrator privileges.

In macOS 10.15 (Catalina) or higher, you must install v12.5.2 or higher of the WatchGuard Mobile VPN with SSL client. For more compatibility information, see the Fireware Release Notes.

Upgrade Issues

To upgrade the Mobile VPN with SSL Windows client, you must have administrator privileges.

  • If a minor version update is available, but you cannot update the client version, you can still connect to the VPN tunnel.
  • If a major version update is available, but you cannot update the client version, you cannot connect to the VPN tunnel.

In Fireware v12.5.3 or higher, if the client automatically detects that an upgrade is available, but you do not have administrator privileges, a message appears that tells you to contact your system administrator for assistance. If a minor version update is available, you can select the Don't show this message again check box. This check box does not appear if a major version update is available.

In Fireware v12.5.2 or lower, if the client automatically detects that an upgrade is available, a message appears that asks you to upgrade. However, if you do not have administrator privileges, you cannot upgrade the client.

Connection Issues

In Fireware v12.5 or higher, you must configure a RADIUS domain name. If your Firebox configuration includes a RADIUS server, and you upgrade from Fireware v12.4.1 or lower to Fireware v12.5 or higher, the Firebox automatically uses RADIUS as the domain name for that server. To authenticate to that server, users must type RADIUS as the domain name. In this case, if users type a domain name other than RADIUS, authentication fails. For more information, see Download, Install, and Connect the Mobile VPN with SSL Client.

To troubleshoot mobile VPN connection issues related to TDR Host Sensor Enforcement, see Troubleshoot TDR Host Sensor Enforcement.

Issues After Connection

We recommend that you do not use the private network ranges 192.168.0.0/24 or 192.168.1.0/24 on your corporate or guest networks. These ranges are commonly used on home networks. If a mobile VPN user has a home network range that overlaps with your corporate network range, traffic from the user does not go through the VPN tunnel. To resolve this issue, we recommend that you Migrate to a New Local Network Range.

If you cannot connect to network resources through an established VPN tunnel, see Troubleshoot Network Connectivity for information about other steps you can take to identify and resolve the issue.

See Also

Mobile VPN with SSL

Plan Your Mobile VPN with SSL Configuration