VPN and selection of network interfaces

Discussion in 'LnS English Forum' started by Thomas M, May 8, 2007.

Thread Status:
Not open for further replies.
  1. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    So, finally I managed to set up a VPN client (Cisco) on my computer together with LnS 2.06b2 (I am happy to share the 2 necessary rules with you :) )

    Here is my question: As soon as the VPN is running and connected, the "network interface" in LnS is changing to the "Cisco VPN driver" and my IP is changing immediately to the VPN tunnel endpoint (as expected). So LnS indicates the new IP and everything looks OK!

    BUT, how is my computer protected from inbound traffic to my still existing local IP address (-> I am still physically connected to my local ISP, although I am surfing through the VPN-tunnel endpoint IP o_O ).

    I can not ping myself anymore to the "normal" IP-address when connected to the VPN (I have a static IP, and LnS gets no ICMP port 8 inbounds anymore to this address when the VPN is active).

    So, does this mean that my computer is fully isolated from the static "normal" IP address traffic o_O?

    I hope I could make myself clear \)

    Thanks a lot for help,
    Thomas :)
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Thomas,

    Normally, the network interface selection should stay on the primary internet connection and should not switch to the VPN one.

    The VPN is supposed to be already secure, and doesn't require to be filtered by Look 'n' Stop.
    On the other side, the primary internet connection has to be still filterered.

    When you have just the primary internet connection, is the "connected to internet" checkbox ticked on the Welcome page ?

    After you are connect to the VPN, is there any change in the IP configuration of the primary internet connection ? (could you perform an ipconfig before and after connecting to the VPN)

    Thanks,

    Frederic
     
  3. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Frederic,

    Thank you for your reply!
    See my response via E-Mail....

    Thomas :)
     
  4. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78

    In my case it does switch to the VPN, but only when automatic selection is enabled. i just uncheck this before connecting.
    The ip in the welcome tab shouldn't change right?

    At Thomas, which rules are you using? i attached mine.

    thanks
     

    Attached Files:

  5. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, it should stay with the IP of your primary internet connection.

    Frederic
     
  6. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Hello tristantzara,

    Thanks for your reply! I attach my VPN rules with this post.
    Interesting: I can use VPN at my university with a rule allowing "protocol 47" and another one for UDP port "62515".

    However, I still have the problem that my primary internet connection gets lost after switching to the VPN. Even when I manually select the primary IP! - Have you ever tried "pinging" your primary IP during a VPN session from an external computer? I can do this, and my primary IP seems not to exist anymore when running the VPN :mad:

    Frederic already suggested to reinstall LnS o_O

    Thomas :)
     

    Attached Files:

  7. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78
    Thanks Thomas,

    i can't do this, never tried that. But maybe it's something with the client? I'm using the cisco client. I'm sorry, i don't know.

    best regards,
     
  8. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    We also use the Cisco client. I will try your "protocol 50" rule tomorrow, maybe it helps!

    Thanks again,
    Thomas :)
     
  9. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Just to finish this up:

    For some reason LnS did not bind properly to the VPN network driver. Now after one re-install of LnS my Cisco-VPN client works perfectly together with LnS!

    Thomas :)
     
  10. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78
    Nice, glad to hear.

    funny thing is, now mine doesn't work anymore.
    i have no idea what brought this about.

    situation: starting the vpn i get the two rules triggered once but after that "protocoll" appears in the log. nothing works anymore after that. disabling the vpn including service, cutting internet connection and reconnecting doesn't work. everything suddenly has "protocoll" in the log. even the TOR connection attempts you see in the second screen capture. i have to restart the computer.

    it always worked, it's weird, i didn't change anything...

    probably try reinstalling too, but if anyone has some other suggestions before that...
     

    Attached Files:

  11. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78
    here is the 2nd screen showing the connections from tor etc..
     

    Attached Files:

  12. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    tristantzara,

    Not sure if reinstallation will solve your problem. In my case the cisco client was not properly connected to LnS.

    I have never seen these "protocol" logs, though o_O

    By chance, do you have a rule with the name "protocol"? I imported your "IP protocol 50" rule and it perfectly works on my system.

    Does it work, when you temporally deactivate the internet filtering in LnS?

    Thomas :)
     
  13. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78

    Hi,

    no i don't have a rule like that and it worked when disabling internet filtering so i tried some other things and finally found that disabling protocol filtering solved the problem.

    weird thing is that i didn't change that before.
     

    Attached Files:

  14. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Gentlemen :)

    One remark (may be stOOpid...) :oops:

    Instead of disabling the protocol filtering is'nt possible to add the protocol used by the VPN ? Is there a way to do this and how? May be Frédéric have the solution o_O

    Have a nice day !

    :)
     
  15. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Thanks for the information, tristantzara!
    This is interesting: On my machine protocol filtering is also disabled! But I didn't know about it....

    Is this the standard setting of LnS to disable protocol filtering?

    Thomas :)
     
  16. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Well, my VPN runs also with "protocol" filtering active!
    But I modified one of your rules slightly (see attachment)

    Maybe you can try it....

    Thomas :)
     

    Attached Files:

  17. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78
    hey Thomas,

    thanks, i tried but didn't work. It's not even related to a rule i guess. After disabling the VPN completely everything gets the Protocoll tag in the logs. browser, tor, everything. nothing works anymore, no rules are used.
    disabling the protocoll filter solves all that.

    Climenole, yes that would be the better way to solve this. maybe Frederic knows.

    :)
     
  18. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi tristantzara,

    Which protocol is mentioned in the log ?
    Did you try to simply allow it ?

    Frederic
     
  19. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78

    Hi Frederic,

    It's just like in the screenshots. There is no more info. How do i allow it?
    Rightclicking just let's me add TCP or UDP rules, no mentioning of protocol.
    Also, these are rules for internet apps i have (second screen, port 9001 for instance is for TOR), and for which there are rules already, they just don't trigger anymore and everything goes "protocol".
    i probably have to add this via protocol configuration but i don't know how.

    Regards,
     
  20. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    The blocked protocol should normally automatically appear in the Protocol configuration dialog box. The option has to be enabled to see it.
    It's better to reboot after changing this option.
    I suggest, you enable it again, you reboot, you see some Protocol blocking alerts in the logs, then open the Protocol configuration dialog box. If no additional protocol is listed, there is a bug.

    Frederic
     
  21. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    tristantzara,

    I could reproduce your problem. After activating the protocol filtering and rebooting my machine I saw the same problem: protocol entries in the log and no connection anymore.
    This morning (after reboot!) there is a new protocol visible (see picture). When I allow it, then I it works !!!

    Maybe you have the same experience when you try ;)

    Thomas :)
     

    Attached Files:

  22. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78
    Thomas and Frederic, thanks for the tip,
    It works like that :)
     
  23. bytebrand

    bytebrand Registered Member

    Joined:
    May 31, 2007
    Posts:
    3
    I have a question somewhat similar to the initial one:

    If I have two Interfaces on my PC (lets say WiFi and Ethernet) and BOTH are active and capable of connecting to the Internet, how does LnS handle this ?

    Does LnS automatically detect which one is being used to connect to the Internet ? What is with the other then - is it unprotected ?

    Some applications allow you to choose which Interface to use, what if both Interfaces are connected at the same time ?

    Should I run 2 Instaces of LnS with this kind of setup ?
     
  24. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Look 'n' Stop selects the first adapter obtaining a valid IP address (in automatic mode).

    If 2 network adapters are connected at the same time and both need to be protected, then yes, the only solution is to start 2 Look 'n' Stop instances.
    In that case, it is better to not use the automatic mode, and to select manually the two adpaters in each instance (this is automatically saved separately).

    Frederic
     
Thread Status:
Not open for further replies.