Firewallhelp with OpneVPN

Discussion in 'ESET Smart Security' started by tosbsas, Aug 4, 2008.

Thread Status:
Not open for further replies.
  1. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Hey guys

    maybe someone can help me

    I need to use OpenVPn to access companies server.

    I get a corrrect OpenVPn connection, ports are open, all fine

    But -to access the server

    1. I need to disable Firewall filtering - connect once
    2. Enable filtering - connect -it will conect till next restart

    Any ideas?? Log says something about a netbios that has been set by system

    Please in laymans terms, I am still learning that firewall stuff

    Ruben
     
  2. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    anyone?

    Ruben
     
  3. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Some more information and still hoping for help

    05.09.2008 17:38:14 Communication denied by rule 192.168.12.10:138 192.168.12.11:138 UDP Block outgoing NETBIOS requests System NT-AUTORITÄT\SYSTEM
    05.09.2008 17:38:14 Communication denied by rule 192.168.12.10:137 192.168.11.4:137 UDP Block NETBIOS Name Service requests System NT-AUTORITÄT\SYSTEM
    05.09.2008 17:38:14 Communication denied by rule 192.168.12.10:137 192.168.11.4:137 UDP Block NETBIOS Name Service requests System NT-AUTORITÄT\SYSTEM

    Thats what I get when using openvpn -conection is there, but access to servers will not work as it should. Only way go to automatic instead of interactive - why and what can I do

    Ruben
     
  4. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    why is there no support? So far it has been spotless

    Ruben
     
  5. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    still waiting :)-((

    Ruben
     
  6. mower

    mower Registered Member

    Joined:
    Sep 15, 2008
    Posts:
    5
    Try adding your OpenVPN subnet to the trusted zones. It looks like you have a 192.168.11.0/24 and a 192.168.12.0/24 subnet. Then verify that ports 137-138 are allowed in the trusted zone.
     
  7. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    the ips are in trusted zone, and the ports are by default there.As I said,when using automatic mode it works, but not in interactive

    Ruben
     
  8. mower

    mower Registered Member

    Joined:
    Sep 15, 2008
    Posts:
    5
    Do the lines from the log that you posted mean that you have added an explicit rule to block UDP ports 137 and 138?

    When setting up openvpn on my machine, I remember having to remove the rules that were specific to openvpn (because I screwed them up the first time) in order to get interactive mode to prompt again. Here's the setup that worked for me.

    Added local lan subnet to Trusted zone: 192.168.1.0/24 (yours would be 192.168.11.0/24)
    Added Openvpn subnet to Trusted zone: 192.168.2.0/24 (yours would be 192.168.12.0/24)
    Added two rules for openvpn:
    Allow,Incoming,TCP&UDP,address=<my openvpn server's external ip>,localport=all,destport=all,application=openvpn.exe
    Allow,Outgoing,TCP&UDP,address=<my openvpn server's external ip>,localport=all,destport=all,application=openvpn.exe

    I have the following built-in ESET rules regarding netbios ports:
    Allow,Outgoing,UDP,address=Trusted zone,localport=all,destport=137-138,application=System
    Allow,Outgoing,TCP,address=all,localport=all,destport=139,445,application=System
    Block,Outgoing,TCP,address=all,localport=all,destport=138,application=all
     
  9. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    no, never made any special rules, the 137/138 rules are system

    I will try your rules, but can you help me set them up?

    what would this be "my openvpn server's external ip"

    Thing is I get the access to the remote network, but I cannot access the server itself. Netwerk connection -says it doesn't exist, but in automatic it does :)-((

    Ruben
     
  10. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    I can't get thru the block 137 with interactive mode and 138 -thats the wierd part, cause as I said -automatic works

    Ruben
     
Thread Status:
Not open for further replies.