This article will show SecuExtender SSL VPN Client on Stand-alone & Nebula [USG FLEX / ATP / VPN Series]. Disconnection right after connection, cannot connect to the SSL VPN [PC / Mac has ARM processor with Parallels], and SecuExtender cannot be opened, Service "ZyWALL SecuExtender Helper" (ZyWALL SecuExtender Helper) failed to start. Solutions include firewall rule not allowing SSL VPN port [often 443], Visual C++ not installed, SecuExtender Adapter not responding/working which is not supported.
Table of Content
1. SSL VPN disconnects right after connecting
1.1 Solution steps
1.1.1 See if SecuExtender Network Adapter is working or not
1.1.2 See if Visual C++ 2015 is installed or not
2) SSL VPN connection fails - Firewall rule missing
2.1 Solution Steps
2.1.2 Check if Service object contains HTTPS (or SSL VPN port)
2.1.3 Double-Check the HTTPS port for SSL VPN
3) SecuExtender cannot be run on Windows with ARM processor
3.1 Solution Steps
3.1.1 Alternative Solution - L2TP VPN
3.1.2 How do I find out if my PC is compatible with SecuExtender?
4) Service "ZyWALL SecuExtender Helper" (ZyWALL SecuExtende Helper) failed to start!
1. SSL VPN disconnects right after connecting
Sometimes, when connecting the SSL VPN client SecuExtender, right after connecting, it disconnects. The log indicates the following:
- USER XYZ has logged in to ZyWall
- USER XYZ has logged in to SSLVPN
- USER XYZ has logged out of ZyWall
If this happens, eventually check the password - in some cases, especially on older USG devices, when using special characters such as "!", "?" characters etc. in the password, this issue occurs. Using a simpler password without special characters might solve the problem.
Also, make sure that you do not use the same User twice.
Alternatively, check your driver settings according to this little guide:
The most current SecuExtender version is 4.0.4.0. If you’re not using this version, please update it first (SecuExtender_Windows4.0.4.0).
Link: SecuExtender
Before installing the latest SecuExtender, you should update your windows with the latest patches, install the SecuExtender software afterwards and try the SSL VPN connection again.
1.1 Solution steps
If the SSL VPN is still not working, follow the steps below and share the screenshot to check further.
1.1.1 See if SecuExtender Network Adapter is working or not
Go to device manager -> network adapters then check if the SecuExtender is working or not (TAP-Windows Adapter V9 for Zyxel SecuExtender)
1.1.2 See if Visual C++ 2015 is installed or not
Go to control panel -> programs. Then check if the “Visual C++ 2015” is installed or not
2) SSL VPN connection fails - Firewall rule missing
2.1 Solution Steps
If you cannot connect to the firewall via SSL VPN, this is mostly due to the fact that external access via HTTPS is not permitted in the firewall. The firewall needs to allow the SSL VPN traffic from WAN to Zywall, or else it will fail.
2.1.1 Check Firewall rule
Here it is sufficient to add the HTTPS port to the existing Default_Allow_WAN_To_ZyWALL rule.
2.1.2 Check if Service object contains HTTPS (or SSL VPN port)
Navigate to Configuration > Object > Service > Service Groupand make sure HTTPS is included:
2.1.3 Double-Check the HTTPS port for SSL VPN
There is also the possibility to adjust the HTTPS port in the SSL VPN settings.
So you can enable SSL VPN without opening external access to the web interface of your device.
The SSL VPN Port can be adjusted under
Configuration > VPN > SSL VPN > Global Setting
Do not forget to create the service object for the SSL VPN Port and add it to the Default_Allow_WAN_To_ZyWALL rule as described above.
More information below
From firmware v5.00 onwards you can use a different port for the SSL VPN, so only the SecuExtender can log in on this port, no admin nor any other user.
To set this up, you have to log into your USG and change the SSL-VPN port under
Configuration > VPN > SSL VPN > Global Setting
Next you need to create a firewall rule that allows this port from WAN to ZyWall. In general you can simply add a service under
Configuration > Object > Service
and add this new Service to the Default_WAN_to_Zywall group.
If you don't want to log in as an admin or user to the Web GUI of the device, you now can simply remove the HTTPS access from WAN to ZyWall. In general this can be done by removing the HTTPS service from the default_WAN_to_ZyWall group.
3) SecuExtender cannot be run on Windows with ARM processor
In some cases it can happen that our VPN solutions cannot be run on a Windows client.
In many cases it is because these clients use ARM processors, which are not compatible in this scenario.
Our Client VPN solutions for SSL and IPSec have a limitation that they are not intended for use in connection with ARM processors.
Accordingly it is not possible to run VPN clients on devices with these processors. If you're using a PC with ARM processor which is using Windows OS on a Mac computer with the virtual machine Parallels, it will still use the Mac processor and will not work.
3.1 Solution Steps
3.1.1 Alternative Solution - L2TP VPN
In order to still be able to use a remote VPN connection on the affected clients, L2TP over IPSec would be a possible alternative.
The setup guides for L2TP you can find here:
USG FLEX/ATP/VPN - L2TP over IPSec VPN Configuration
L2TP-Setup for Windows built-in client
3.1.2 How do I find out if my PC is compatible with SecuExtender?
To find which processor is used on the client, navigate toSettings > System > Aboutand search for the option “Device specifications.”
The name of your computer’s processor and its speed are displayed to the right of “Processor.”
4) Service "ZyWALL SecuExtender Helper" (ZyWALL SecuExtende Helper) failed to start!
Sometime's it happens that the SecuExtender SSL VPN clients fails to start. Below we describe how to solve this issue.
4.1 Solution Guide
- Download the file which is attached to this KB-Article. Then enter your driver folder:
(Default on older Windows Systems) C:\Windows\System32\drivers - Copy the tap0901_zyxel.sys to the folder.
- Reinstall the ZyWall SecuExtender programm
This should resolve your issue. Otherwise, please step into contact with our support staff!
Comments
3 comments
Our useers using a Windows 10 machine, latest build.
Our experience are that the remote desktop occasionally halts but without the message showing that the session is disconnected, it sometimes resumes back to normal after 5-30 seconds.
Manually closing the current RDP session and restarting a new session usually solves the problem, but I don’t think this is a solution.
Albert Chan
The VPN client software on my computer does not show any error, and I usually do not have to restart the VPN connection.
Dear Mr Chan,
I recommend in this case to step into touch with us by registering yourself to our support-portal https://support.zyxel.eu and creating a ticket for the inquiry. Please do not forget to mention the device in use, firmware version as well as providing a graphical topology, if necessary.
Thank you for your comment
Phillipe Piris
Technical Support Engineer
I was having this issue with SecuExtender 4.0.3.0. on a system running Windows 10 1809.
I tried rolling back to version 4.0.2.0 but it made no difference.
After installing the Windows 10 1903 update, the issue was fixed.
Hopefully this helps someone else out.
Please sign in to leave a comment.