Jump to content

Archived

This topic is now archived and is closed to further replies.

jeffshead

How to allow VPN access...

Recommended Posts

I have ESS 10 on a PC on my local network. I have a SSL VPN set up on my router so I can access my local network when abroad.

My LAN IP's are 192.168.1.xxx. My VPN IP's are 10.1.1.xxx.

I have tried every setting I could find but I cannot access this PC over the VPN. I am in interactive mode but have never gotten an alert when I try to connect. I have tried disabling IDS, adding the VPN IP to IDS exclusions and disabling HIPS. I have also set HIPS to log all events but I see nothing about my connection attempts in the logs. The only way I can connect via VPN is to "Pause firewall (allow all traffic)".

 

How can I find out exactly why ESS is blocking my VPN connection? Why is it not being logged?

Share this post


Link to post
Share on other sites

1, Remove all custom rules, especially the block ones.

2, Make sure that the subnets 192.168.1.0/24 and 10.1.1.0/24 are marked as Home or office networks in the known networks setup.

If that doesn't help, you can run the Firewall troubleshooting wizard which will show a list of recently blocked communications and enable you to create the appropriate allow rule with a few clicks.

Share this post


Link to post
Share on other sites
17 hours ago, Marcos said:

2, Make sure that the subnets 192.168.1.0/24 and 10.1.1.0/24 are marked as Home or office networks in the known networks setup.

10.1.1.0/24 is not in the known networks setup. Only 192.168.1.0/24.

The firewall troubleshooting wizard is what I was looking for. It does not make sense to me why the Personal Firewall log does not show all blocked communications. Why must users have to hunt for blocked communications in different locations of the GUI?

Share this post


Link to post
Share on other sites
2 hours ago, jeffshead said:

The firewall troubleshooting wizard is what I was looking for. It does not make sense to me why the Personal Firewall log does not show all blocked communications.

Blocked communications are logged with diagnostic logging verbosity. Enabling it may have adverse effect on performance and logs could grow quickly, therefore it should not stay enabled for longer than needed to troubleshoot an issue.

Share this post


Link to post
Share on other sites
4 hours ago, Marcos said:

Blocked communications are logged with diagnostic logging verbosity. Enabling it may have adverse effect on performance and logs could grow quickly, therefore it should not stay enabled for longer than needed to troubleshoot an issue.

Thank you. That makes sense, now. I'm just used to going into routers' firewall logs where everything is logged and easier to find.

Since the VPN subnet is not automatically added to ESET's "Known networks", what is the best approach to  allowing VPN connections as if they were just another PC on the same subnet as the PC on which ESET is installed? Is that a bad idea? What are the differences between adding 10.1.1.0/24 to the Trusted zone versus manually adding 10.1.1.0/24 to the Known networks?

EDIT:

I did what another user suggested (https://forum.eset.com/topic/8274-endpoint-security-homework-network-not-being-treated-as-trusted-zone/?tab=comments#comment-43989) and added the VPN subnet to the already existing Known network and it seems to work just fine.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...