SSL VPN-Plus client stops responding when TCP optimization is enabled.

Problem

You have configured SSL VPN-Plus service to run on an NSX Edge and enabled TCP optimization for sending traffic through the tunnel. The SSL VPN-Plus client stops responding when you run any network performance measurement and tuning tool (for example, iperf3) on the SSL VPN-Plus client.

Cause

One of the following two scenarios can cause the tunnel read error to occur when data is sent from the SSL VPN-Plus client:
  • The back-end server closes the TCP connection with the SSL VPN server by sending a TCP FIN sequence.
  • Tunnels write operation fails while forwarding data to the back-end server.

The tunnel read error is unknown protocol ID. This error clears the tunnel between the SSL VPN server and the SSL VPN-Plus client, which in turn causes the SSL read/write operations to fail on the client, and the SSL VPN-Plus client stops responding.

Solution

  • To resolve this issue, follow these steps in the vSphere Web Client to disable TCP optimization for the private network traffic through the SSL VPN tunnel.
    1. Double-click the NSX Edge VM on which you have configured the SSL VPN-Plus service.
    2. Click the SSL VPN-Plus tab, and then select the private network.
    3. Clear the Enable TCP Optimization check box.