Hello Wilders I'm new to the forum and currently trialling LnS. Very impressed so far. I'm using the enhanced rule set (thanks very much for the set up and settings Blackspear), and imported the wifi secure to get connected to the internet. I've come to a stop trying to get connected to my desktop at work from home through Vpn client software, which I had running before with my previous firewall. Can anyone advise which rule set or combination I need to use (and edit if necessary) to get this working. Thanks
Hello albatross, You should import this IP47.rie rule into your RuleSet from the link's below: http://www.looknstop.com/En/rules/rules.htm#VPN Full Link: http://www.looknstop.com/En/rules/rules.htm Good Luck
Thanks for taking the time to reply to this Kush I've tried the IP47.rie rule but it hasn't worked. I'm using Cisco VPN Client software, (IPSec/UDP transport), on connecting it tries to initialize continuously, no screen messages and nothing appears in the LnS log file during this time. I've tried reinstalling the VPN software and a compatibility message appears relating to the LnS driver, so it looks like there a conflict somewhere. Any clues, anyone? Thanks in advance.
Is there any LnS user successfully using a VPN together with LnS?? Our University offers VPN with Cisco software to allow some internal services. They suggest allowing protocol type "50-ESP" and "51-AH" instead of protocol "47". I can select protocol "50", but there is no easy button in LnS for protocol "51". I can successfully connect to the endpoint, get an IP from the University, but my browser (Firefox) does not work. In Windows XP I see 2 networks connected at the same time (1. normal WLAN, 2. Cisco VPN network adapter??), and in LNS Options the Cisco VPN adapter is automatically selected. When I go to grc.com, it still scans my IP from my local ISP instead of the University IP (is this OK?) In their FAQ they suggest not to use any 3rd party firewall besides ZoneAlarm HELP !!! Thanks, Thomas
There is no way to handle a specific protocol not present in the standard rule editor. You have to download the RAW plugin to be able to handle the specific 51 protocol. But the RAW rule editor is not as simple as the standard rule editor. To simplify the creation of a RAW rule : create a standard rule with a protocole like 50-SIPP-ESP and the other fields (source, destination, etc...) you want after the standard rule is created, edit it again with the RAW plugin, and lookups in the Field (0 to 9) list until you see Field offsettype IPInbound 9Outbound 9Field value(s)Value1 50 Then, you can change the value1 to 51. Regards, Endy
r_e_endymion, Thanks for your advice on how to create a rule for protocol 51. 1.) So, are you using LnS together with a VPN ? 2.) Any other LnS user doing VPN ? 3.) Which one of the visible "network interfaces" do I need to choose with VPN active: (A) The standard connection to my ISP, e.g. WLAN driver (gives me an IP from the ISP) (B) Or the so called "Cisco VPN network adapter" (gives me an IP from behind the tunnel??) Thanks again for help, Thomas
Sorry Thomas, but i'm not a VPN user, nor a network god, so I can't help you further. I wish you to find the answers to your questions...
Hi Thomas M Create a new "Test" rule : Ethernet type : all Protocol: others all ports and addresses local and remote incomming and outgoing packets Add the cisco program you want to check in this rule. Place this rule at the top of the list. Save it and restart your PC. Check in the log to see the results. You may also use the raw log option in the advanced options. The raw log may be imported in a spreadsheet such as OO Calc or Ms Excel. Keep only the entries for your test rules and blocking entries. This way you'll be able to create the rules needed for your Cisco stuff.
Hi guys, Yes i'm using the cisco client to connect to my university. The problem with the ip one user mentioned could be related to a setting in the cisco app. for instance i have two connections in my list, one which applies globally, tunneling everything, and one which only tunnels traffic to university related ips. meaning you get an encrypted connection while surfing university sites, but your usual ip while going elsewhere.. i think that depends on the authentication settings your university provides you with. i had two different keys for those two options. also, in the transport tab you should uncheck the "allow local LAN access" for the global tunnel and check it for the restricted one. i hope that solves the ip issue. the two rules i use are appended, maybe they work for you as well. the first is placed right before/above a rule that blocks all UPD in/out, and the second is placed at the end above the block all other rule. in the applications tab i specified the three cisco things with the following 1. CVPND.exe (look at the screen capture for the apps) TCP 62514 127.0.0.1 UDP 62515;53;500 2. - 3. TCP 62514;62516 127.0.0.1 UDP 62514 - as for the interface selection, i usually don't check the cisco adapter to be filtered since it's encrypted anyway. i temporarily uncheck automatic selection and keep my usual interface to be filtered.. wan miniport etc.. i think you can also run a second LNS instance and select the cisco adapter as well, but i would like to hear from some experts what they think one should do regarding that.. best regards,
oh, climenole's advice is good, he has a good site with explanations, i used that test rule back when i configured the cisco client..
Hi Thomas, I'm successfully using a VPN with LnS, but it's not from Cisco. Regarding the two networks, I think that it's normal for your computer to only use the VPN network when you make connections to specific servers at your university (e.g. their POP3/SMTP servers for email). All other traffic (including grc.com) would go through your regular internet connection. I think that this is the expected behavior, however it probably depends on the features that your university offers you. Whenever I need to add complex rules to LnS, I first check if one exists at LnS' website. If not, then I do this in LnS: 1) Go to the "Internet Filtering" tab and enable logging for each of the rules that Block things. There will be a single exclamation point (!) for those rules after you do this. 2) Optionally, go to the "Log" tab and click "Remove All". 3) Use your VPN by trying to do something with your university servers (e.g. downloading new mail into your email client). 4) Go to the Log tab again. See what LnS has blocked. Right click on the relevant lines and choose "Add Rule". 5) After it's working, go to the "Internet Filtering" tab and disable logging. I don't know if this will work for you, but it has helped me when I needed to create some complex rules.
I guess that I repeated what some other people said. That was not my intention. However, perhaps I provided more detailed step-by-step instructions about how to create rules from the Log tab. Regarding the two different networks, I don't even see my VPN in LnS in the list of "Network Interfaces". This is perhaps because I only open my VPN connection when I want to use it and I stop my VPN connection as soon as I'm done with it. Perhaps I would have to restart LnS while my VPN is running in order for LnS to see it. Since LnS doesn't see my VPN, I assume that LnS is not filtering the traffic. That's okay for me because I completely trust the other computer with which I use the VPN connection. However, in your case, you might not trust the university's VPN so much because there might be curious college students on the VPN network who might want to experiment with hacking. So if I were in your situation, I would have LnS filter both my regular internet connection and the VPN connection.