Barracuda Vpn Client For Macos

 

  1. Barracuda Vpn Client For Macos Download
  2. Barracuda Vpn Client For Mac
  3. Barracuda Firewall Vpn Client
  4. Barracuda Vpn Client For Macos Mac

Barracuda solutions have long been engineered to support distributed workloads and mobile workforces. We fully embraced the changing nature of work a few years ago when we launched our Barracuda CloudGen Firewall (CGF). The Barracuda CGF took firewalls to the cloud in a new way.

Why was this necessary? Put simply, business was changing, and the pressure was on to make business as agile and profitable as possible. As our friend Phil Sorgen once said, “Business used to be “big eats small.” Now with the public cloud, it's “fast eats big.”” The Barracuda CloudGen Firewall went beyond the next-generation line of capabilities, with robust support for widely dispersed networks, remote workforces, and the internet of things (IoT). In short, it was designed to support the accelerating adoption of the public cloud, the increasing deployment of branch offices into local and emerging markets, and the enthusiastic embrace of SaaS solutions.

With the Coronavirus COVID-19 pandemic pushing more workers out of corporate offices to practice good social distancing, it seems like a good time to remind customers of remote access capabilities of the Barracuda CGF that will help you empower your employees who are suddenly working from home.

VPN Client for macOS. The VPN Client for macOS is a fully featured VPN client for macOS version 10.5 or higher. The secure and small client runs in the background and lets you quickly connect and disconnect to the configured VPN servers. For more information, see Installing the Barracuda Network Access/VPN Client. Set up a VPN connection on Mac. To connect to a virtual private network (VPN), you need to enter configuration settings in Network preferences. These settings include the VPN server address, account name, and any authentication settings, such as a password or a certificate you received from the network administrator. Barracuda Vpn Client For Macos use cookies to personalize your experience on our websites. By using our website, you agree to the use of cookies as described in our Cookies Policy.

LLCC VPN Installation and configuration instructions can be accessed through the link at the top of the page or by clicking here. VPN Client Downloads. Windows 64-bit; Windows 32-bit; OSX; Linux.x64; Linux.x32; BSD; Still need help? If you have a technical issue withe the VPN client. Barracuda CloudGen Firewall is a family of physical, virtual, and cloud-based appliances that protect and enhance your dispersed network infrastructure. Scalable centralized management and an advanced security analytics platform help you reduce administrative overhead while defining and enforcing granular policies across your entire WAN. Barracuda CloudGen Firewall is a family of physical, virtual, and cloud-based appliances that protect and enhance your dispersed network infrastructure. Scalable centralized management and an advanced security analytics platform help you reduce administrative overhead while defining and enforcing granular policies across your entire WAN.

Remote workers normally need access to corporate information just like they do when they’re in the office. Because different field devices, access levels, and connectivity conditions require different options, Barracuda offers several solutions to support your remote workers.

CudaLaunch: This application provides secure remote access to a corporate network and is ideal for BYOD support and mobile device deployments. The application is available at no charge for Windows, macOS, iOS, and Android devices, and because it's an application, it has an intuitive user interface and it offers a more consistent user experience than a mobile browser. CudaLaunch provides users VPN access to all of the applications assigned by the company. It is designed to be completely self-configuring and includes easy central management for large deployments.

Network Access Client: Barracuda provides a Network Access Client that provides centrally managed access control as well as an advanced firewall on the endpoint. Remote users can easily and securely access network resources without complex client configuration and management. VPN clients are available for Microsoft Windows, macOS, and various Linux systems. Every Barracuda CloudGen Firewall unit supports an unlimited number of VPN clients at no extra cost. This is the ideal remote access solution for home office workers who are using corporate-owned desktops.

Barracuda Browser Remote Access: The SSL VPN portal offers remote users the option to access assigned corporate resources simply by visiting a specified URL and entering their network credentials. Upon login, the user will be able to securely access the applications and other network resources that have been provisioned according to the user’s permission set. This type of access method is available from any computer with an internet connection and a browser.

Barracuda CloudGen Firewall also supports BYOD practices, which can be even more critical as users move away from the corporate office and into their homes. Studies have shown that 9 in 10 employees use their personal smartphone for work, which can be easier to manage if those employees are in the office and the smartphone is configured and restricted according to policies. Studies have also shown that more than half of the mobile workforce use three or more devices to access network files and corporate information. The Barracuda CGF offers CudaLaunch and the Browser Remote Access options to help you support these users. With the Barracuda CGF, you can maintain the security of your corporate assets and make it easy for your workforce to access their files and applications. In fact, many Barracuda CloudGen Firewall customers make CudaLaunch the cornerstone of their BYOD policy.

Barracuda CGF remote access solutions are easy for the user to adopt for their workflow, and IT departments can take advantage of Zero Touch Provisioning to keep deployment simple and fast. This product is engineered to allow customers to quickly scale up to support a large number of remote workers while keeping deployment costs and IT overhead to a minimum.

See our Barracuda Campus documentation here for more information on how these features work. If you need setup and configuration assistance, please contact tech support here.

If you would like to try a Barracuda CloudGen Firewall in your own environment, risk-free for 30-days, visit our corporate website here.

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.

Barracuda vpn client for macos free

Connect with Christine on LinkedIn here.

Related Posts:

This topic describes common problems and solutions for Mobile VPN with SSL. Even after the VPN client connects, client traffic might not be able to reach some network resources because of network or policy configuration problems.

Installation Issues

For information about which operating systems are compatible with your Mobile VPN with SSL Client, see the Operating System Compatibility list in the Fireware Release Notes. You can find the Release Notes for your version of Fireware OS on the Fireware Release Notes page of the WatchGuard website.

To use the Mobile VPN with SSL client to connect, your computer must support TLS 1.1 or higher.

To install the Mobile VPN with SSL client on macOS, you must have administrator privileges.

In macOS 10.15 (Catalina) or higher, you must install v12.5.2 or higher of the WatchGuard Mobile VPN with SSL client. For more compatibility information, see the Fireware Release Notes.

Upgrade Issues

To upgrade the Mobile VPN with SSL Windows client, you must have administrator privileges.

  • If a minor version update is available, but you cannot update the client version, you can still connect to the VPN tunnel.
  • If a major version update is available, but you cannot update the client version, you cannot connect to the VPN tunnel.

In Fireware v12.5.3 or higher, if the client automatically detects that an upgrade is available, but you do not have administrator privileges, a message appears that tells you to contact your system administrator for assistance. If a minor version update is available, you can select the Don't show this message again check box. This check box does not appear if a major version update is available.

In Fireware v12.5.2 or lower, if the client automatically detects that an upgrade is available, a message appears that asks you to upgrade. However, if you do not have administrator privileges, you cannot upgrade the client.

Connection Issues

The VPN client cannot connect. These error messages might appear on the client or in the client logs: Failed: Cannot perform HTTP request, Cannot perform HTTP request 12157, Cannot perform HTTP request 12031, Timeout 12002, Failed to get domain name, or System tried to join.

This log message indicates that the client is unable to make an HTTPS connection to the IP address specified in the Server text box in the Mobile VPN with SSL client. Confirm that the policy configuration on the Firebox allows connections from Any-External to Firebox, and that no other policy handles traffic from the IP addresses you configured as the virtual IP address pool for Mobile VPN with SSL.

If you specify a TCP port other than 443 as the Configuration Channel in the Mobile VPN with SSL settings, mobile users must specify the port number as part of the address in the Server text box in the Mobile VPN with SSL client. For example, if the port is TCP 444, specify 203.0.113.2:444 on the client.

In Fireware v12.1.x, settings shared by the Access Portal and Mobile VPN over SSL appear on a page named VPN Portal. The Configuration Data Channel for Mobile VPN with SSL was renamed as the VPN Portal port and appears in the VPN Portal settings. In Fireware v12.2, the VPN Portal settings moved to the Access Portal and Mobile VPN with SSL configurations. For configuration instructions that apply to Fireware v12.1.x, see Configure the VPN Portal settings in Fireware v12.1.x in the WatchGuard Knowledge Base.

If the operating system on your computer does not support TLS 1.1, or TLS 1.1 or higher is not enabled, you might see this error message. Mobile VPN with SSL requires TLS 1.1 or higher. To avoid security vulnerabilities in TLS 1.0, we recommend that you disable TLS 1.0 and only enable TLS 1.1 or higher.

Barracuda Vpn Client For Macos

Some older operating systems do not support TLS 1.1 or higher. For more information about TLS in older operating systems, see Mobile VPN with SSL connections fail from some versions of Windows and macOS in the WatchGuard Knowledge Base.

The VPN client cannot connect with a valid user name and password.

This problem can be caused by a static NAT (SNAT) action for inbound HTTPS traffic, or it can be a problem with client authentication.

When the Firebox receives an HTTPS request, it could forward that request to an internal server if your configuration includes an HTTPS policy with a static NAT action. If this occurs for traffic from the Mobile VPN with SSL client, the client fails to connect and an authentication failure message appears:

(SSLVPN authentication failed) Could not download the configuration from the server. Do you want to try to connect using the most recent configuration?

Client

Check your configuration to make sure that a policy does not forward HTTPS requests on the port used by the Mobile VPN with SSL client to another server.

This authentication error message could also indicate a problem with authentication.

To troubleshoot client authentication:

  1. Connect to the Firebox.
  2. Review the configuration for Mobile VPN with SSL.
  3. Record the configured Primary and Backup IP addresses.
    The address can also be a domain name. If it is a domain name, confirm which IP address the domain name resolves to.
  4. Record the configured Configuration channel TCP port.
    In Fireware v12.1.x, select Authentication > Configure and record the configured VPN Portal port. In Fireware v12.1.x, the configuration channel setting was named as the VPN Portal port.
  5. In your web browser, type https://<ip-address>/sslvpn.html where <ip-address> is the Primary IP address in the Mobile VPN with SSL configuration. If the Configuration channel TCP port is not 443, add the port number to the address, separated by a colon. For example, if the Configuration channel is TCP port 444, in the browser type https://<ip-address>:444/sslvpn.html.
    • If the WatchGuard Authentication Portal page for your Firebox appears, continue to Step 6.
    • If a page other than the WatchGuard Authentication Portal page appears, review your Firebox configuration to identify why the traffic was forwarded to this location. Consider a change to the configured IP address for the VPN.
  6. On the WatchGuard Authentication Portal page, log in with client credentials.
    If more than one type of authentication is configured, or if your authentication server is not the default option, select the authentication server from the drop-down list.
    • If user authentication succeeds, continue to Step 7.
    • If user authentication fails, verify the user credentials on the Firebox, or the external authentication server. For users on an external authentication server, verify whether other users who use that server are able to log in. There may be a problem with authentication in general.
  7. In your web browser, type https://<ip-address>/sslvpn.html. If the Configuration channel TCP port is not 443, add the port number to the address, separated by a colon.
    For example, if the Configuration channel is TCP port 444, type https://<ip-address>:444/sslvpn.html.
    The WatchGuard Authentication Portal appears.
  8. Log in with the client credentials you used in Step 5.

If the user authentication fails on the Mobile VPN with SSL-specific authentication page, but the same credentials worked on the WatchGuard Authentication Portal page, the issue is almost certainly group membership. Confirm that the user is part of the configured group for Mobile VPN with SSL. By default, this group is SSLVPN-Users.

The VPN client cannot connect and this log message appears: SSL VPN Error: connect() failed. ret = -1 errno=10061

This message indicates an issue on the client computer. To troubleshoot on the client computer, verify that:

  • The SSL VPN service is started
  • The TAP driver is installed properly
  • Another VPN client on the computer has not installed drivers that caused a conflict
  • Security software such as anti-virus or firewall software does not block the TAP driver

In Fireware v12.5 or higher, you must configure a RADIUS domain name. If your Firebox configuration includes a RADIUS server, and you upgrade from Fireware v12.4.1 or lower to Fireware v12.5 or higher, the Firebox automatically uses RADIUS as the domain name for that server. To authenticate to that server, users must type RADIUS as the domain name. In this case, if users type a domain name other than RADIUS, authentication fails. For more information, see Download, Install, and Connect the Mobile VPN with SSL Client.

To troubleshoot mobile VPN connection issues related to TDR Host Sensor Enforcement, see Troubleshoot TDR Host Sensor Enforcement.

Issues After Connection

The VPN client can connect, but users cannot connect to internal resources by name.

If the VPN client can connect to a resource by IP address but not by name, you must provide the client with the IP addresses of valid DNS and/or WINS servers that can resolve the destination name. When the client connects and receives a virtual IP address from the Firebox, it also receives the IP addresses for the DNS and WINS servers configured globally on the Firebox or in the Mobile VPN with SSL configuration.

When you configure Mobile VPN with SSL in Fireware v12.2.1 or higher, you can select to:

  • Assign the client device the WINS server, DNS server, and DNS suffix configured in the Mobile VPN with SSL settings on the Firebox
  • Assign the client device the WINS server, DNS server, and DNS suffix configured in the Network (global) DNS/WINS settings on the Firebox
  • Assign no DNS or WINS settings to the client device

For information about how to configure WINS and DNS IP addresses, see Name Resolution for Mobile VPN with SSL.

For more information about global DNS settings on the Firebox, see Configure Network DNS and WINS Servers.

The VPN client can connect, but VPN users cannot connect to internal resources with a single-part host name.

If users cannot use a single-part host name to connect to internal network resources, but can use a Fully Qualified Domain Name (FQDN) to connect, this indicates that the DNS suffix is not defined on the client. When you configure Mobile VPN with SSL in Fireware v12.2.1 or higher, you can select to:

  • Assign the client device the WINS server, DNS server, and DNS suffix configured in the Mobile VPN with SSL settings on the Firebox
  • Assign the client device the WINS server, DNS server, and DNS suffix configured in the Network (global) DNS/WINS settings on the Firebox
  • Assign no DNS or WINS settings to the client device

A client without a DNS suffix assigned must use the entire DNS name to resolve the name to an IP address. For example, if your terminal server has a DNS name of RDP.example.net, users cannot type the address RDP to connect with their terminal server clients. Users must also type the DNS suffix example.net.

Barracuda Vpn Client For Macos Download

For more information about DNS for Mobile VPN with SSL, see Name Resolution for Mobile VPN with SSL.

For more information about global DNS settings on the Firebox, see Configure Network DNS and WINS Servers.

In Fireware v12.2 or lower, if you do not configure WINS and DNS settings in the Mobile VPN with SSL configuration, the SSL VPN client is assigned the Network (global) DNS/WINS settings. This includes the DNS server, WINS server, and domain suffix. If you specify a DNS suffix in the Network (global) WINS/DNS settings for the Firebox, but do not specify a DNS suffix in the Mobile VPN with SSL settings, the VPN client does not receive the DNS suffix unless all other DNS and WINS settings in the Mobile VPN with SSL configuration are also not configured.

The VPN client can connect, but all traffic fails. The Unhandled External Packet log message is generated and includes other details that indicate a group membership problem.

If client traffic through the Mobile VPN with SSL connection is denied as unhandled, the problem is almost always related to group membership. By default, Mobile VPN with SSL requires that a user be a member of a group called SSLVPN-Users. If you use a RADIUS, SecurID, or VASCO server, the group membership must be returned as the Filter-ID attribute.

Barracuda Vpn Client For Mac

For more information about how to configure external authentication servers, see Configure the External Authentication Server.

The VPN client can connect, but Office 365 traffic does not go through the SSL VPN tunnel.

If you configure Mobile VPN with SSL to send all traffic through the tunnel, but Office 365 traffic does not go through the tunnel, you have these options:

  • Enable the default-route-client option in the Fireware CLI (Fireware v12.5.3 or higher)
  • Manually configure a default gateway on the client
  • Use a different Fireware mobile VPN method

For more information, and to configure the first two solutions, see Office 365 fails for Mobile VPN with SSL users in the WatchGuard Knowledge Base.

The VPN client can connect, but users cannot connect to some internal resources. The log messages do not show traffic allowed or denied.

If you select Routed VPN traffic in the Mobile VPN with SSL network settings, the Firebox routes traffic from Mobile VPN with SSL clients to allowed networks and resources.

Make sure that users have v11.10 or higher of the Mobile VPN with SSL client. The Mobile VPN with SSL client v11.10 and higher supports more than 24 routes. Previous versions of the Mobile VPN with SSL client support a maximum of 24 routes.

For users with Mobile VPN with SSL client v11.9.x and lower, your configuration must include fewer than 24 routes to resources for the Mobile VPN with SSL client. If the total number of networks or allowed resources exceeds 24, the VPN client cannot route traffic to all of the allowed resources. For users with Mobile VPN with SSL client v11.9.x and lower, your Mobile VPN with SSL configuration might include too many routes if:

  • In the Mobile VPN with SSL configuration, you select Allow access to networks connected through Trusted, Optional, and VLANs, and you have more than 24 resources in the Allowed Resources list.
  • In the Mobile VPN with SSL configuration, you selected Specify allowed resources, and added more than 24 resources.

The WINS and DNS settings can also add up to five additional routes to the total if two DNS servers, two WINS servers, and a domain suffix are all configured. This further reduces the number of allowed resources the client can route to.

To reduce the number of routes, you can specify allowed resources in a way that generates fewer routes. To do this, select Specify allowed resources and then use supernets to specify the allowed resources as fewer entries. For example, if your Allowed Resources list includes the resources 192.168.1.0/24, 192.168.25.0/24, and 192.168.26.0/24, you can express this as a single resource, 192.168.0.0/22, which includes all addresses from 192.168.1.0 to 192.168.31.255.

For more information about how to specify resources for Mobile VPN with SSL, see Manually Configure the Firebox for Mobile VPN with SSL.

Barracuda Firewall Vpn Client

The VPN client can connect, but all traffic fails. The Unhandled External Packet log message is generated, and includes other details that indicate a problem with the policy configuration.

When you enable Mobile VPN with SSL, the Allow SSLVPN-Users policy is automatically created to allow traffic from the clients to internal or external network resources. If you disable or remove this policy, clients cannot send traffic to internal or external networks.

To solve this problem, make sure that the policy exists and allows traffic to network resources.

For more information about the this policy, see Manually Configure the Firebox for Mobile VPN with SSL and Options for Internet Access Through a Mobile VPN with SSL Tunnel.

The VPN client can connect, and the traffic appears to be allowed, but the client never gets a response, or some network resources fail.

If your VPN clients can connect to some but not all parts of the network, or traffic otherwise fails when log messages show traffic is allowed, this can indicate a routing problem. Confirm that each of these items is true:

Barracuda Vpn Client For Macos Mac

  • The virtual IP address pool for Mobile VPN with SSL clients does not overlap with any IP addresses assigned to internal network users.
  • The virtual IP address pool does not overlap or conflict with any other routed or VPN networks configured on the Firebox.
  • If the Mobile VPN with SSL users must access a routed or VPN network, the hosts in that routed or VPN network must have a valid route to the virtual IP address pool, or the Firebox must be the default route to the Internet for those hosts.

For more information about how to configure the IP address pool, see Manually Configure the Firebox for Mobile VPN with SSL.

We recommend that you do not use the private network ranges 192.168.0.0/24 or 192.168.1.0/24 on your corporate or guest networks. These ranges are commonly used on home networks. If a mobile VPN user has a home network range that overlaps with your corporate network range, traffic from the user does not go through the VPN tunnel. To resolve this issue, we recommend that you Migrate to a New Local Network Range.

If you cannot connect to network resources through an established VPN tunnel, see Troubleshoot Network Connectivity for information about other steps you can take to identify and resolve the issue.

See Also