Skip to main content
paradoxum
paradoxum
New Member
May 5, 2015
Question

SSL VPN process not starting

  • May 5, 2015
  • 2 replies
  • 11383 views

Greetings, I have a 60C which has been in production for several months running v5.0,build0305 (GA Patch 10). This morning, while troubleshooting an IPSec issue on the unit, I noticed the SSL VPN portal is no longer accessible. After digging deeper, I found the sslvpnd process was not listed in the top list. I rebooted the box and my IPSec issue cleared up, but the SSL issue persists. SSL VPN is enabled in the GUI. Has anyone else experienced something like this? Run Time: 0 days, 0 hours and 56 minutes

12U, 0N, 10S, 78I; 933T, 643F, 122KF
          httpsd      237      R       7.9     2.0
          httpsd      235      S       3.5     2.0
          httpsd      151      R       2.7     2.5
          newcli      243      R       1.1     1.4
          httpsd      236      S       0.5     1.8
            iked       79      S       0.1     1.5
         pyfcgid      165      S       0.0     2.9
         pyfcgid      164      S       0.0     2.7
         pyfcgid      163      S       0.0     2.4
         pyfcgid      161      S       0.0     2.3
         miglogd       53      S       0.0     2.1
          httpsd      148      S       0.0     2.1
         cmdbsvr       33      R       0.0     2.1
          httpsd      147      S       0.0     1.7
          httpsd       55      S       0.0     1.7
       ipsengine       70      S <     0.0     1.6
     proxyworker       62      S       0.0     1.4
           fgfmd       93      S       0.0     1.4
          newcli      242      S       0.0     1.4
          cw_acd       94      S       0.0     1.4
 

    2 replies

    emnoc
    emnoc
    New Member
    May 5, 2015

    Are you 100% sure it's not running?

     

    I would find the pid and then run the ps output and double check;

     

    e.g

     

    fnsysctl cat  /var/run/sslvpnd.pid

    78

     

    fnsysctl ps -ef

     

    And look for #78, if it's not running than ensure SSL is enabled. In fact this should be the 1st step.

     

    e.g

     

     get vpn ssl settings sslvpn-enable       : enable sslv3               : enable dns-server1         : 0.0.0.0 dns-server2         : 0.0.0.0 route-source-interface: enable reqclientcert       : disable sslv2               : disable force-two-factor-auth: disable force-utf8-login    : disable allow-unsafe-legacy-renegotiation: disable servercert          : self-sign algorithm           : default idle-timeout        : 300 auth-timeout        : 28800 tunnel-ip-pools:     == [ SSLVPN-P-TUN-0 ]     name: SSLVPN-P-TUN-0             wins-server1        : 0.0.0.0 wins-server2        : 0.0.0.0 url-obscuration     : disable http-compression    : disable port                : 10443

     

     

    paradoxum
    paradoxumAuthor
    New Member
    May 5, 2015

    The sslvpnd.pid is not present in the run folder, perhaps that's the issue...

     

    # fnsysctl ls /var/run
    alertmail.pid       authd.pid           bgpd.pid            cmdbsvr.pid         
    cw_acd.pid          daemon.pid          ddnscd.pid          dhcpd.pid           
    dnsproxy.pid        eap_proxy.pid       fclicense.pid       fcnacd.pid          
    fgfmd.pid           fnbamd.pid          forticldd.pid       forticron.pid       
    fsd.pid             httpclid.pid        httpd.pid           iked.pid            
    imd.pid             imi.pid             init.pid            ipsengine.pid       
    ipsmonitor.pid      isisd.pid           kmiglogd.pid        merged_daemons.pid  
    miglogd000.pid      nsm.pid             ntpd.pid            ospf6d.pid          
    ospfd.pid           pdmd.pid            pim6d.pid           pimd.pid            
    proxyacceptor.pid   proxyd.pid          proxyworker000.pid  pyfcgid.pid         
    quard.pid           ripd.pid            ripngd.pid          scanunit.pid        
    snmpd.pid           sqldb.pid           sshd.pid            sslacceptor.pid     
    sslworker000.pid    stpd.pid            telnetd.pid         updated.pid         
    uploadd.pid         urlfilter.pid       usbmuxd.pid         wad_diskd.pid       
    wpad.pid            zebos_launcher.pid

     

    Here is the output of "get vpn ssl settings"

     

    get vpn ssl set
    sslvpn-enable       : enable 
    sslv3               : enable 
    tlsv1-0             : enable 
    tlsv1-1             : enable 
    tlsv1-2             : enable 
    dns-server1         : 0.0.0.0
    dns-server2         : 0.0.0.0
    route-source-interface: disable 
    reqclientcert       : disable 
    sslv2               : disable 
    allow-ssl-big-buffer: disable 
    allow-ssl-insert-empty-fragment: enable 
    allow-ssl-client-renegotiation: disable 
    force-two-factor-auth: disable 
    force-utf8-login    : disable 
    servercert          : self-sign 
    algorithm           : high 
    idle-timeout        : 300
    auth-timeout        : 28800
    tunnel-ip-pools:
    tunnel-ipv6-pools:
    dns-suffix          : 
    wins-server1        : 0.0.0.0
    wins-server2        : 0.0.0.0
    --More--          ipv6-dns-server1    : ::
    ipv6-dns-server2    : ::
    ipv6-wins-server1   : ::
    ipv6-wins-server2   : ::
    url-obscuration     : disable 
    http-compression    : disable 
    http-only-cookie    : enable 
    port                : 30443
    port-precedence     : enable 
    auto-tunnel-static-route: enable 
    auto-tunnel-policy  : enable
    Terms & ConditionsAccessibility statement