Results 1 to 8 of 8
  1. #1
    Newbie
    Join Date
    Aug 2011
    Posts
    7

    Post IPsec and firewall

    I've got a working ipsec tunnel between untangle and a sonicwall box at a client.

    I'm wondering, as the person posting here:
    24908-destination-networks.html#post146477 (sorry can't post links)
    also did, how I can apply firewall rules to traffic on the ipsec tunnel? It all seems to be bypassed.

    Thanks
    JYH

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    All IPsec tunnel traffic is bypassed. You can use packet filter if you want, but the firewall app won't see any of the traffic coming out of the tunnel.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    Facinating.

    OpenVPN traffic is subject to the firewall, a fact I exploit the crap out of every day. So IPSec is bypassed... but IPSec is working with Bandwidth Control, when OpenDNS does not.

    We have a nice web of feature mesh.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Aug 2011
    Posts
    7

    Default

    Quote Originally Posted by dmorris View Post
    All IPsec tunnel traffic is bypassed. You can use packet filter if you want, but the firewall app won't see any of the traffic coming out of the tunnel.
    Can I disable the bypass by unchecking the "Bypass IPsec VPN traffic" system bypass rule?

    Going the packet filter route,I just tested that and couldn't get it to work. I set a filter to reject traffic with a source address of the remote lan and a specified destination port. The traffic still gets through.

    JYH

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    I think that packet filter rule has to do with the tunnel traffic, not the traffic within the tunnel.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by jhirth View Post
    Can I disable the bypass by unchecking the "Bypass IPsec VPN traffic" system bypass rule?
    That applies to IPsec traffic going *through* untangle.

    The stuff ending at untangle is automatically bypassed.
    You can disable that by editing bypass-rules by hand, but then your IPsec traffic won't pass at all.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Aug 2011
    Posts
    7

    Default

    OK, so getting back to the packet filter idea ...

    How do I specify a packet filter that applies to traffic traversing the tunnel? The only way I can see to specify it is by specifying the remote network and that didn't work.

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    I don't know without looking at your rule and knowing more about your network.
    Call support if you have live support.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2