SSL VPN-Plus client stops responding when TCP optimization is enabled.
Problem
You have configured SSL VPN-Plus service to run on an NSX Edge and enabled TCP optimization for sending traffic through the tunnel. The SSL VPN-Plus client stops responding when you run any network performance measurement and tuning tool (for example, iperf3) on the SSL VPN-Plus client.
Cause
One of the following two scenarios can cause the tunnel read error to occur when data is sent from the SSL VPN-Plus client:
- The back-end server closes the TCP connection with the SSL VPN server by sending a TCP FIN sequence.
- Tunnels write operation fails while forwarding data to the back-end server.
The tunnel read error is unknown protocol ID. This error clears the tunnel between the SSL VPN server and the SSL VPN-Plus client, which in turn causes the SSL read/write operations to fail on the client, and the SSL VPN-Plus client stops responding.
Solution
- ♦ To resolve this issue, follow these steps in the vSphere Web Client to disable TCP optimization for the private network traffic through the SSL VPN tunnel.
- Double-click the NSX Edge VM on which you have configured the SSL VPN-Plus service.
- Click the SSL VPN-Plus tab, and then select the private network.
- Clear the Enable TCP Optimization check box.