Operational Defect Database
BugZero found this defect 977 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000SN7jSAG
Built-in mobile VPN clients cannot connect if the RADIUS name exceeds 15 characters
Last update date:
9/15/2021
Affected products:
No affected products provided.
Affected releases:
Any/Unknown
Fixed releases:
All
Description:
Issue
Built-in VPN adapters that use NetBOIS support host names and domain names that have only 15 or fewer characters. This limitation affects built-in VPN adapters on computers that run Windows, macOS, iOS, Android. For Microsoft documentation about this character limit, see Naming conventions in Active Directory for computers, domains, sites, and OUs. If you configure a Firebox mobile VPN method that supports connections from built-in VPN adapters, such as Mobile VPN with IKEv2, and you specify a RADIUS server name longer than 15 characters, the client computer truncates the RADIUS server name to 15 characters. Example: RADIUS domain configured on Firebox: Thisadomain.internal (20 characters long) Client computer truncates this to: Thisadomain.int (15 characters long) When this issue occurs, the Firebox receives the truncated domain name from the VPN client, which is incorrect. The authentication request fails, which causes the VPN connection to fail.
Workaround/Solution
The RADIUS domain configured on the Firebox is used only between the Firebox and its client devices. For example, the RADIUS domain is not sent to the RADIUS server when authenticating user requests. This means that you can configure a RADIUS domain name fewer than 15 character to avoid this truncation issue. Example: Domain name used inside the network: Thisadomain.internal Configure the RADIUS domain name on the Firebox to be 15 characters or fewer: domain.internal
