V. VPN (Virtual Private Networking)
Teleworker VPN - SSL - Java SSL Tunnel Troubleshooting
The SSL VPN Tunnel feature available on DrayTek SSL VPN routers allows remote teleworkers to connect using either the DrayTek Smart VPN Client or a web browser using the Java SSL Tunnel client.
The Java SSL Tunnel VPN client runs from the router's SSL VPN web interface, it uses a virtual device driver in Windows to operate and requires administrator rights on the machine to run.
- The router's SSL VPN web interface is blocked by the web browser
With older firmware versions, SSL 3.0 is the supported HTTPS security mechanism, this is now deprecated and browsers will block access to sites that use SSL 3.0.
Update the firmware to a current version, all DrayTek SSL VPN routers have firmware updates to support TLS 1.0 or later which will allow SSL VPN and other HTTPS facilities to work.
- The web browser reports that the certificate is invalid when accessing the router's SSL VPN interface
This is because the pre-installed certificate on DrayTek routers is not a certificate that is trusted by the browser's certificate authorities. The router's default certificate can still be used to establish a secure SSL VPN tunnel.
To avoid this error message in the web browser, either make an exception for the certificate for that site / IP address or set up a valid certificate in the web interface as described in this guide.
- The router's SSL VPN web interface does not allow users to log in
Check that the VPN user account has "SSL Tunnel" enabled if using the SSL Tunnel feature. Also check that the user has been added to a User Group under [SSL VPN] > [User Group]
- After allowing the Java app to run by clicking the "Run" button in Java's security prompt, nothing happens
The web browser must be run as an administrator to be able to run the SSL Tunnel driver.
- Clicking "Connect" in Firefox doesn't do anything
Java does not run by default in Firefox with recent versions, check the left of the address bar, if that shows a plug-ins icon, click that and allow Java to run:
- The Java SSL Tunnel does not work in Google Chrome
As of September 2015, Google no longer supports NPAPI plug-ins, which includes Java. It is recommended to use the DrayTek Smart VPN Client or an alternative browser such as Firefox or Internet Explorer. The DrayTek SSL VPN Tunnel feature that operates from a browser requires Java to operate.
- In Windows 10, the SSL Tunnel driver reports "Can't install virtual driver"
This is not supported in current firmware, it is recommended to use the latest DrayTek Smart VPN client.
- Clicking "Connect" in Microsoft Edge doesn't do anything
This browser cannot currently work with the router's Java SSL VPN Tunnel because it does not support extensions and therefore cannot run Java applets. Use Internet Explorer for this instead. If this is the only browser available, use the DrayTek Smart VPN client.
- Does the Java SSL VPN Client work with Mac OS X?
The DrayTek Java SSL VPN Tunnel client is not able to work with Mac OS X due to the differences in how the two operating systems handle networking. The SSL Proxy and SSL Application features such as RDP and VNC are operating system independent.
How do you rate this article?
- First Published: 18/03/2013
- Last Updated: 09/12/2015
Add a comment to this article
NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.