Vista SP1 with VPN Internet not working

Discussion in 'LnS English Forum' started by sage78, Jul 28, 2008.

Thread Status:
Not open for further replies.
  1. sage78

    sage78 Registered Member

    Joined:
    Jul 28, 2008
    Posts:
    6
    On XP and win2k same hardware all working ok.

    This is my situation on Vista x86 sp1:

    http://img28.picoodle.com/img/img28/4/7/28/f_lnsvistasp1m_3bfdaf1.jpg

    Start with StandardRulesSet.rls and I can choose 4 network interfaces.

    Automatic selection go to Marvel yukon ethernet and internet no working.
    WaN miniport (IP) filtering the traffic but internet browser not working.
    Wan Miniport (Network monitor) no filter any packet in up and down all 0, internet working but no firewall protection.

    Only working filter internet is WAN Miniport (IP) but it filter all internet packet, also if I enable application on list of autorized application.

    http://img28.picoodle.com/img/img28/4/7/28/f_vista2m_30f94a0.jpg

    What's wrong? Can you help me?

    I have a modem adsl ppoa, I create a vpn connection to go on internet.
    Modem address is 10.0.0.138 and ethernet marvel yukon is 10.0.0.1
     
    Last edited: Jul 28, 2008
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    The right network interface should be normally "Marvel yukon...".
    And I guess this is the primary Internet connection on which you setup the VPN.

    Did you add some rules to allow the VPN protocol ?
    Usually protocols 47 and/or 50 are used and need to be allowed. Sometimes a special UDP port also is used (UDP 500 for Nortel VPN for instance).
    Anyway, the Look 'n' Stop log should indicate which kind of packet are blocked so you can add rules accordingly.

    If the IP address is 10.0.0.1, you have also to remove the "10;" in the advanced options (for the IP address to exclude).

    Regards,

    Frederic
     
  3. sage78

    sage78 Registered Member

    Joined:
    Jul 28, 2008
    Posts:
    6
    I have add a vpn rie,+ automatic selection go to marvel yukoon,but it seem not filter the packet and the log in blank.

    Vista has different to win2k/xp o_O

    I use this firewall with adsl@vpn about 2 years and never add this rules.

    Now I have swich to win2k partition same pc and It filtering and working great.

    http://img33.picoodle.com/img/img33/4/7/28/f_win2km_c2a4b98.jpg
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    When the "Wan Miniport" interface is selected, my understanding is you are filtering the VPN IP traffic, and not the traffic of your primary internet connection (which is on the ethernet adapter).
    Do you have a full internet connectivity without the VPN, or do you actually need this VPN connection to get connected ?

    I'm a bit confused there, as usually a VPN is setup on another working internet connection, and it is the primary internet connection which has to be filtered (since the VPN is normally already secured).

    I don't know why it works for Win2k/XP and not Vista.
    Which VPN software did you install ?
    Since VPN software include also network drivers, sometimes some conflicts may appear (like having 2 firewalls).

    Regards,

    Frederic
     
  5. sage78

    sage78 Registered Member

    Joined:
    Jul 28, 2008
    Posts:
    6
    Yes, my only way to enter on internet is create a vpn to comunicate with my adsl modem 10.0.0.138.

    I setup my ethernet adapter to 10.0.0.1 and with VPN connection i can go to internet.

    When I select (in win2k and xp) wan miniport look'n'stop block me unwanted internet traffic.
    It' working great, I have use enanced rules on internet 24/24 without antivirus and spyware an never infected with windows2000.

    If I select marvel yukon I can't able to connect, internet username and password autentication fail.
    If I download a VPN rie and add it, I can use marverl yukon and login but internet is not filtered, all vpn internet traffic passing.

    Now I want to go a new operating system (vista sp1) but without look'n'stop working I don't' want trasfer to it.

    I have disable a windows firewall, and vpn connection is made with internal microsoft software.
     
  6. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok, thanks for these precisions.

    So, I agree, in your case you have to choose the Wan Miniport adapter, so the real internet traffic is filtered.

    The problem seems to be with the IP adress which is not detected by Look 'n,' Stop. From one of the screenshots (in the 1st post), I see 0.0.0.0, and it should be 10.0.0.1.
    Could you confirm the IP address is Ok for Win2K/XP and 0.0.0.0 appears for Vista ?

    If this is confirmed, what you can try is to edit the rules using the "equal my @" criteria. There are two rules like that:
    - "TCP : Authorize most common Internet services"
    - "UDP : Authorize name resolution (DNS)"
    For the IP address selection (on the left part), instead of "equal to my @", just select All. Do it for the two rules, and then press the Apply button.

    If it works, this will confirm the problem is only with the IP address, and then we will investigate further to understand why the IP address is not properly detected.

    Regards,

    Frederic
     
  7. sage78

    sage78 Registered Member

    Joined:
    Jul 28, 2008
    Posts:
    6
    This is my configuration in win2k working great

    http://img27.picoodle.com/img/img27/4/7/30/f_pppoa1m_735f60f.jpg

    This is vpn internet configuration

    http://img27.picoodle.com/img/img27/4/7/30/f_pppoa2m_4fb33b0.jpg

    And this is an opened internet connection session, look'n'stop report me a internet provider ip 87.17.212.182 on wan miniport IP aver all traffic is filtred.

    http://img27.picoodle.com/img/img27/4/7/30/f_pppoa3m_efabcc3.jpg


    On vista sp1 I have to try all wan miniport but it never reported me a internet address that provider assigned me, but alvays report me 0.0.0.0

    At the moment I turn on win2k when I have time to spend I will try first vista without service pack.
     
  8. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    I don't think the problem could come from the service pack.

    If you have some time, you could try to change the two rules as I suggested, it should solve the issue (otherwise it means there is an additional issue)
    Also I would like to know the report of the following utility:
    http://looknstop.soft4ever.com/Tools/AdaptList.exe

    This could help me to understand why Look 'n' Stop doesn't detect the IP address of the VPN (you can send me the result to lnssupport@soft4ever.com, to avoid showing IP & MAC address here).

    Regards,

    Frederic
     
  9. sage78

    sage78 Registered Member

    Joined:
    Jul 28, 2008
    Posts:
    6
    I have modify your suggest rules equal@ ---> all

    Now, with Wan Miniport (IP) I can go to internet but:

    1)the ip Address is always 0.0.0.0
    2)the filter packets seem less efficent but I don't know if is true, I must compare to win2k.

    About AdaptList.exe I have download it and I will send screenshot result in email.
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    This was especially to be sure the IP address detection is the only issue.
    The filtering is a bit less secure: in case your PC tries to send packets with another IP address, or if packets are received without your IP address (and if these packets are at risk) they will not be detected. I'm not sure this is really a big security risk.
    If the 1st number of the IP address is always the same (it seems to be 87) then you can at least change the "All" by "Mask"+87.0.0.0+255.0.0.0 to reduce the risk, so at least you will detect packets with another first number.
    Thanks for the result.
    The problem is the "Wan Miniport" Interface has really 0.0.0.0 for IP address (internally in Windows). There is another interface called "Dsl" with a null MAC address, but with the right IP address.
    Unfortunately Look 'n' Stop doesn't know this "Dsl" interface and anyway the trafic and filtering is on the "Wan Miniport" one.
    I don't know why it is like this in Vista internally. Usually (and it should be like this for Win2K/WinXP) the "Wan Miniport" Interface should have the proper IP address.
    It seems the way the VPN is setup by Vista is currently not compatible with the way Look 'n' Stop associates an IP address to the interface.

    Frederic
     
  11. sage78

    sage78 Registered Member

    Joined:
    Jul 28, 2008
    Posts:
    6
    I just try to install a new fresh copy to vista x86 without service pack.

    Never seen change, Internet IP not recognized, in this version there is not the Wan Miniport (network monitor)

    http://img37.picoodle.com/img/img37/3/8/4/f_vistax86m_e376cc0.jpg

    I have try vista some days, but Im not entusiast for it, vmware and other software are not stable or compatible.

    I choose to return on my rock win2k and thank you for a support...


    Roberto
     
Thread Status:
Not open for further replies.