SSLVPN traffic policies fail at clients after large number of traffic rules are created for the SSLVPN server

  • 3475924
  • 04-Jul-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 SSLVPN Server
Novell Access Management 3 Access Administration

Situation

SSLVPN environment setup where the Access Gateway is deployed on linux and the Identity Server and SSLVPN server are deployed on another linux SLES10 server.

When the SSLVPN server is configured with more than 10 traffic rules for the various clients, the rules do not work correctly. The SSLVPN clients can still connect to the SSLVPN server, and the SSLVPN policy tab on the connected client
browsershows all the created traffic rules correctly, however, no traffic through the vpn tunnel is possible. If we reduce the number to a maximum of ten, everything is fine. Recreating another one breaks the traffic again.

Resolution

Apply the Access Manager SP1 Release Candidate 1 build (b2nam3sp1.tar.gz) or greater. The corresponding packages should be equal to or greater than

novl-sslvpn-servlet-3.0.1-162
novl-sslvpn-3.0.1-107

Additional Information

There was issue with OpenVPN management interface when a large number of rules exist. If the number of rules are large and a fragment of one of the rules is sent to the SSLVPN server, it ignores that rule as well as all subsequent rules. Fix is to make sure no fragmented rules are sent to OpenVPN mgmt interface.