Why is static route being blocked by firewall?
I've been trying to get router to send specific traffic over to my server to go through an OpenVPN connection.
The OpenVPN connection is working fine; and I can use the server as a gateway with no problems. I am however wanting to keep my router as my default gateway (Great GUI controls - Asus Merlin), so to do this; I've configured an ip table with a default route... Quote:
Quote:
Now; I can see that ping and tracert/traceroute are working correctly; however my web browser does not work. I did discover that disabling the windows firewall made this work no problem. It also works on other devices, so guessing it must be just a windows thing Can anybody suggest why this would be the case? And how I could get around it (ideally without having to configure firewalls across several machines) Cheers |
What's your network topology, default gateway, server and window machine?
|
1 Attachment(s)
Quote:
Attachment 29884 |
Yep, it does. VPNs don't allow back doors - nohow. If you use the vpn, route everything through it.
|
Quote:
However VPN traffic can be selectively routed. I have this working on a different network. This time with a openwrt router; but it does selectively route traffic |
You need use iptable tool to specify IPSec tunnel traffic, not ip rule.
|
attempts
I've using iptables to mark the packets and route them accordingly with ip rule
Code:
e.g. iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.xx.xxx -j MARK --set-mark 0 Also tried..forwarding with iptables prerouting, postrouting dnat, snat; couldn't get these to work in any way |
A backdoor is a security breach, because traffic can get in/out unencrypted. Guys have suggestions. Try them.
|
Quote:
Going round in circles |
Following link could help you, https://community.openvpn.net/openvp...gingAndRouting
|
Nothing on there that I am not already doing;
As I said, it is working apart from windows firewall blocking it. After lots of messing around, I think you were right with the backdoor/IP Sec stuff; because with the same settings I am I able to have it working with a PPTP tunnel between the router and the VPN Client. Even with no encryption. I could not get this to work with a OpenVPN tunnel; though this may be to do with the peculiar ASUS implementation Problem with this is; PPTP server is notoriously unsafe, and would have to configure additional rules etc to block it externally |
Although the issue is gone after firewall is off on Window machine, it still is dependant on traffic path, what device is walked through.
|
All times are GMT -5. The time now is 12:11 AM. |