Does LAN to LAN VPN traffic get filtered by the Firewall?

Andrew

Depends on the model and version of the router.
In the more modern drayteks I would tend to say yes unless otherwise noted in the Firewall settings.
older routers (2900,2300) there was a checkbox in the WebUI to enable the firewall on VPN connections traffic.

It's a
Model Name : Vigor2820Vn
Firmware Version : 3.3.5.2_232201
Build Date/Time : Apr 7 2011 18:10:43
ADSL Firmware Version : 232201_A Hardware: Annex A

Andrew

I think, yes (because I dont see a checkbox), but no warranties.

Having checked it I think the firewall is only used on the WAN ports. Is there any way that traffic from a VPN tunnel can be filtered/firewalled?

Andrew

Are your sure ?
thats why I said, no warranty - for me, it works ( Draytek 2950).

Example rule:
Goal: block smtp outgoing traffic with the exeption of 1 server machine.
2 rules:
1st rule:
Allow explicit one ip for traffic to port 25:
Some filterset WHICH IS ENABLED in the filter general setup als the Start filter set, or a filter set which is linked by another filter set
Some rule:

check enabled
Name: smtpOutOK
Direction: LAN ->WAN
source IP: 192.168.0.10
DestIP: any
Service Type: Port, from an to 25
Filter: pass immediately

---

2nd rule following the first in the same filterset
check enabled
name: blocksmtp
Direction: LAN -> WAN
SourceIP: any
DestIP: any
SErvice type: TCP, port: from any to 25
Filter: block immediately

---

---

works for me.

Maybe try with this rule in your Vigor:
backup your configuration,
clear all filter sets
in the Firewall general setup, look for the deault data filter set.
Choose this set.
setup the filter as above and then try to connect with telnet to port 25 to a known smtp server connected through VPN.