SSL handshake failed on ESXi 6.5

2

I have a server with VMware ESXi 6.5 on it. The network behind the server consists of a Asus router and a ZyWALL USG which the server running ESXi is physically connected. The Asus router has a configured static route to the ZyWALL. The firewall feature on the ZyWALL is disabled.

I have troubles connecting to the web interface. I get a status message telling me "Establishing secure connection", the page loads for like 10 seconds, then it times out, leaving me there with a blank page telling me that the connection timed out.

Traceroute shows that the server is found via a static route, in this case the ZyWALL. The server responds to ping without any problems. However, when doing curl on https://server.ip/ i get the following message:

WMWARE WARNING: using IP address, SNI is being disabled by the OS. * Server aborted the SSL handshake

Here's the strange thing though. When I plug my laptop directly to a physical port on the ZyWALL there isn't any problems connecting to the server.

What's the issue?

arqe3

Posted 2017-08-10T18:54:01.153

Reputation: 21

Does this web interface use a certificate that is self-signed, if it is, then you will have to add that certificate to ESXi just like any client OS that requires you to manually add it. – Ramhound – 2017-08-10T20:28:49.270

Answers

0

My guess is that the router sees the IP and is unable to resolve it into a hostname so is unable to push your request to it because the router doesn't know WHO 1.2.3.4 is to complete the handshake.

In your /etc/hosts file, make a binding between the IP of the server, and its' hostname on the network so then use its' hostname in your browser/curl, in lieu of the IP.

var firstName

Posted 2017-08-10T18:54:01.153

Reputation: 1 673

0

Ok thanks.

I realised now that I forgot to tell that there is a wireless access point in the network structure, which my laptop is connecting to the local network through.

So, this is how the complete structure looks, when connecting to the server via the wireless network:

Internet

-> Router (192.168.1.1) - has a static route configured for the ZyWALL

-> Access Point (192.168.1.126)

-> ZyWALL (192.168.1.129)

-> Server (172.16.5.30)

When connecting via WIFI, the connection goes through the access point at 192.168.1.126 and not the ZyWALL.

Now when I ping the server i get the following result:

PING 172.16.5.30 (172.16.5.30): 56 data bytes 64 bytes from 172.16.5.30: icmp_seq=0 ttl=63 time=2.533 ms 92 bytes from router.asus.com (192.168.1.1): Redirect Host(New addr: 192.168.1.129) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 7f49 0 0000 3f 01 890b 192.168.1.126 172.16.5.30

Looks like it tries to resolve the IP through the access point but does not find it, or am I wrong?

Static route configuration set in the router (192.168.1.1) looks like this:

Network/IP: 172.16.5.0

Net Mask: 255.255.255.0

Gateway: 192.168.1.129

Metric: 2

Interface: LAN

arqe3

Posted 2017-08-10T18:54:01.153

Reputation: 21

Asked: 2017-08-10T18:54:01.153

Viewed: 169 times

Active: 2017-08-11T07:57:08.053