You know the drill.
Have a couple of WFH users out of ~50 who use our WatchGuard SSL VPN and constantly complain that it disconnects. Other VPN users are fine when these disconnects happen. Authentication is RADIUS-based w/ Azure MFA.
Basic troubleshooting done:
- Reinstalled the VPN client
- Updated to the latest version of the VPN client
- Updated the firmware on the firebox hosting the VPN
- Tried using the vanilla OpenVPN client
- Supplied a CAT6 cable for the user to use at home for a wired connection
- Completely replaced the end user devices
- Checked that the WFH user’s IP range does not overlap with the internal VPN subnet (it doesn’t)
- Changed the connection port to UDP 443 instead of TCP
- Adjusted the encryption algorithm to AES-128-GCM for better performance
None of these worked.
For each user, logs show the exact same message when their VPN disconnects:
Inactivity timeout (–ping-restart), restarting
My understanding is that the VPN server pings the client but does not receive a response, leading to connection termination and restart. I am at my wit’s end and don’t know what else to investigate to prove it’s not on our end.
One user admitted that this problem started after switching ISPs. I even tested one of the replaced devices at my home and could connect continuously for over 8 hours without seeing that message in the logs.
Any suggestions on how to proceed?