SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Juniper Secure Connect OpenSSL Error

     
    Posted 08-16-2024 09:32

    This is a posting to help anyone experiencing a seemingly random SSL error with Secure Connect.

    If you receive a message something akin to the following on the Secure Connect client, all you need to do as a workaround is to run 'restart web-management'. 

    Configuration Download

    Login: HTTPS request failed.

    OpenSSL SSL_read:

    error: 1408F10B:SSL

    This is being experienced with the recommended Junos v22.4R3-S2.11

    It is regrettable how dependant Secure Connect seems to be on J-Web, essentially. Incidentally,  you'll notice if you experience the above that you cannot access J-Web.



  • 2.  RE: Juniper Secure Connect OpenSSL Error

    Posted 10-28-2024 07:24

    Experiencing the same issue, with both 22.4R3-S2.11 and then upgraded to 23.4R2-S2.1, now the recommended version (2024-9-10).

    Is there a longer term solution to  this? 

    Thanks




  • 3.  RE: Juniper Secure Connect OpenSSL Error

     
    Posted 11-28-2024 05:20

    I have been informed that the recently released 23.4R2-S3 addresses this issue. However, you will find no mention of it in the release notes. I have installed it and am monitoring the situation, but fingers crossed! 




  • 4.  RE: Juniper Secure Connect OpenSSL Error

    Posted 11-08-2024 08:26

    Using JUNOS 24.2R1.17 for the lab and testing ran into the same issue



    ------------------------------
    CHRISTOPHER TUSKA
    ------------------------------



  • 5.  RE: Juniper Secure Connect OpenSSL Error

     
    Posted 11-28-2024 05:21

    I note you mentioned lab and test use in your message, try to avoid using it in production, as I have been advised that v24 code is 'buggy'.




  • 6.  RE: Juniper Secure Connect OpenSSL Error

    Posted 11-28-2024 09:39

    Hey,

    not sure yet but apparently under security remote-access "default-profile" configuration was deprecated due to changes in how the profiles are named.

    Before you had profile name which you entered after the GW URL/IP 
    Like Profile FullTunnel (users would connected to vpn.test.com/FullTunnel)
    Now the profile is supposed to be named vpn.test.com/FullTunnel directly, and if you want something as "default" then you just name that profile plain vpn.test.com.

    So im guessing that for some reason the old profile names stop working.



    ------------------------------
    VILLEVEIKKO PUTAANSUU
    ------------------------------