DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

VPN Bypassing Firewall

More
13 Feb 2012 08:51 #71181 by davea66
VPN Bypassing Firewall was created by davea66
Hi

having recently tightened up security at my work place, I found that the VPN traffic between my home and the office was aslo subjected to the firewall rules.
The same applied to the VPN the MD has to home.
I have had to create a firewall rule to open up the VPN again.
Is this the way it is supposed to work?

Ideally I would like a VPN connectio to override the firewall settings, is there a way to allow this, or must I create a pass all rule in the firewall to allow
any traffic to/from the VPN remote subnet?

Thanks

Dave

Please Log in or Create an account to join the conversation.

More
13 Feb 2012 15:56 #71191 by frag
Replied by frag on topic Re: VPN Bypassing Firewall
Hello Dave,

This is normal behaviour.

When a Dial in VPN tunnel is active... traffic first goes through to your work place via the VPN tunnel, and then 'out' through that routers WAN connection. Being subjected to the normal restrictions of the works firewall. For example, if you establish the VPN tunnel and then type 'what is my IP' into google; you will find that the IP address listed is that of your Work router, not your home one.

Now, for ways to get round this:

The simplest way is to assign a static IP address to the VPN user. This can be done from the dial-in user configuration page on the router. you would then create a firewall rule which is set to 'pass immediately' and specifies that IP address. Provided this rule is placed at the start of the firewall filter list this should then allow all traffic from the VPN to be passed without further filtering.

Please Log in or Create an account to join the conversation.

More
14 Feb 2012 16:55 #71215 by davea66
Replied by davea66 on topic Re: VPN Bypassing Firewall
Hi Frag

Thanks for the reply.
However I do not think I explained the situation well.

The VPN from Home to the Office is from Vigor to Vigor, it is not from, for ex. a microsoft PPTP client to the Vigor in the office.

The traffic subjected to the firewall rules was not from home bound for the internet, but just my applications at home trying to communicate with the servers in the office, so really all "internal" traffic.

Dont think I really made that clear in the OP sorry!

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami