Environment
Novell Access Management 3 SSLVPN Server
Novell Access Management 3 Access Administration
Situation
SSLVPN environment setup where
the Access Gateway is deployed on linux and the Identity Server and
SSLVPN server are deployed on another linux SLES10 server.
When the SSLVPN server is configured with more than 10 traffic rules for the various clients, the rules do not work correctly. The SSLVPN clients can still connect to the SSLVPN server, and the SSLVPN policy tab on the connected clientbrowsershows all the created traffic rules correctly, however, no traffic through the vpn tunnel is possible. If we reduce the number to a maximum of ten, everything is fine. Recreating another one breaks the traffic again.
When the SSLVPN server is configured with more than 10 traffic rules for the various clients, the rules do not work correctly. The SSLVPN clients can still connect to the SSLVPN server, and the SSLVPN policy tab on the connected clientbrowsershows all the created traffic rules correctly, however, no traffic through the vpn tunnel is possible. If we reduce the number to a maximum of ten, everything is fine. Recreating another one breaks the traffic again.
Resolution
Apply the Access Manager SP1 Release Candidate 1 build
(b2nam3sp1.tar.gz) or greater. The corresponding packages should be
equal to or greater than
novl-sslvpn-servlet-3.0.1-162
novl-sslvpn-3.0.1-107
novl-sslvpn-servlet-3.0.1-162
novl-sslvpn-3.0.1-107
Additional Information
There was issue with OpenVPN management interface when a large
number of rules exist. If the number of rules are large and a
fragment of one of the rules is sent to the SSLVPN server, it
ignores that rule as well as all subsequent rules. Fix is to make
sure no fragmented rules are sent to OpenVPN mgmt interface.