Operational Defect Database
BugZero found this defect 1900 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3SbSAI
Firebox uses Mobile VPN with SSL tun0 IP address instead of Trusted to connect to AuthPoint Gateway
Last update date:
3/7/2019
Affected products:
AuthPoint
Affected releases:
All
AuthPoint
Fixed releases:
All
Description:
Issue
When the Firebox sends a RADIUS authentication request to the AuthPoint Gateway for a Mobile VPN with SSL client connection, the Firebox identifies itself with the tun0 IP address, instead of the Firebox internal interface IP address. The tun0 IP address for the Firebox will depend on whether you have configured the Mobile VPN with SSL to use Routed VPN traffic or Bridge VPN traffic: With Routed VPN traffic, the tun0 IP address is the first available IP address for the Virtual IP address pool. For example, if you use the default 192.168.113.0/24 range, the tun0 IP address will be 192.168.113.1.With Bridge VPN traffic, the tun0 IP address is the Firebox IP address on the bridged network interface. To learn more about Mobile VPN with SSL virtual IP addresses, see Manually Configure the Firebox for Mobile VPN with SSL. Because of this issue, the AuthPoint Gateway rejects the request with a message that includes the text: RadiusProcessRequestThread - Radius client not found.
Workaround/Solution
To resolve this issue, you must add a new RADIUS client resource to your AuthPoint Portal for the tun0 IP address for your Mobile VPN with SSL configuration, and associate that resource with your gateway. For instructions, see RADIUS Client Resources
