Hello. We’re trying to setup Duo to integrate with our SonicWALL SRA 4200 and so far it is successful with the primary configuration using
[radius_server_iframe], however I’m looking to have this work with NetExtender as well but that doesn’t seem to be working when using the SonicWALL SRA alternative configuration at SonicWALL SRA or SMA 100 Series SSL with RADIUS Auto Push for VPN Client Access | Duo Security and
Our configuration is using
[ad_client] for preauthentication, and the strange thing is that if a user tries to login with either NetExtender or the SSL VPN SRA webpage using
[radius_server_auto] configuration, it will send a push notification to the user’s Duo Mobile app but nothing happens after that point. Before timing out, the user will receive one more push notification, wait a while, then the SRA webpage or NetExtender will return an error “Login server unreachable. Please contact your administrator or try again later.”
According to the
authproxy.log it shows preauth was successful then it triggered a push notification. Then Duo authentication returned ‘allow’: ‘Success. Logging you in…’ and it sent the response. The log pretty much stops at that point but then it repeats this process for that second Duo push. The only error I see here is between the auth and preauth stage with the following line:
[HTTPPageGetter (TLSMemoryBIOProtocol),client] Invalid single ip: hostname.domain.name.
(Note: “hostname.domain.name” is not the actual data in the log, I just changed it here for privacy.)
I learned this was picked up from the SRA’s configured hostname under Network > DNS > SRA Appliance Hostname, and it actually didn’t matter whether I configured it to be a resolvable hostname or not. I even went so far as to change the hostname to the SRA’s IP address, which gave me a different result in the log to the effect of “valid IP” but like I said, no change in the overall behavior.
I also checked the
connectivity_tool.log but it just reports no issues or connectivity problems detected.
What am I doing wrong?