5 replies to this topic

[chinook9]

DefenseWall appears to be blocking use of L2TP with my VPN.

I have a VPN where I can log in using PPTP or L2TP.
I can log in with PPTP with no problem, however, I cannot login with L2TP.
If I disable DW protection, both inbound and outbound, I can connect using L2TP, however, if I only disable the inbound or the outbound I cannot connect.

I am not getting any warnings from DW3 when this occurs and the VPN is trusted in DW3.

When I attempt to log in, the DW3 log indicates lsass.exe "Attempt of connect to the UDP port 500"

I apparently need to allow this port, however, I'm not sure how I do it or if it is safe to do so.

Recommendations?

NOTE: Port 500/UDP is used for ipsec Internet Key Exchange.

Edited by chinook9, 26 June 2012 - 05:22 AM.

[Ilya Rabinovich]

Could you, please, post a link to the VPN program you use?

[chinook9]

Could you, please, post a link to the VPN program you use?

https://www.boxpn.com/default.aspx

To log in using L2TP it is necessary to use their installer. It is attached. I have password protected because I'm sure they don't want these floating around the internet. I will PM you the password.

Thank you

Attached Files

•  boxpn_installer.zip   268.85KB   2 downloads

[chinook9]

Ilya I am posting this here because you PM inbox is full. Following is content from a PM I tried to send you.

Please read my last PM before this one.

I figured out how to open port 500 inbound but that did not solve the problem. I also tried opening both 500 and 1720 but still no change.

In Expert Mode, I clicked Firewall, Inbound, Profiles-Direct Internet Connection, Open Port 500, Apply. I did not reboot.

I still could not connect.

It is possible that they're using another inbound port for the password authentication.

I will send an e-mail to their tech support and ask them for more information.


EDIT: I received reply from their tech support.

Inbound Port 500 and 4500 must be allowed. I allowed them inbound and I have no trouble connecting.
I am not at all knowledgeable of what is safe and what is not safe in allowing ports on a firewall.
Is it safe to allow these ports full time.
If so, should I allow them using expert mode or adaptive mode.

I appreciate your help.

Edited by chinook9, 27 June 2012 - 04:51 PM.

[Ilya Rabinovich]

IPSec (VPN tunneling) uses the following ports:

50 - Encapsulation Header (ESP)
51 - Authentication Header (AH)
500/udp - Internet Key Exchange (IKE)
4500/udp - NAT traversal

So, I assume, that opening 500 and 4500 ports is quite safe. I'll add this into the regular adaptive rules.

Thanks for letting me know about this issue!

[chinook9]

Thank you!
Have a good day Ilya.