Untangle 14.2.2
I am having an issue with bypassed traffic. I have searched to find a solution but most results are dealing with how to bypass; this issue is how to NOT bypass.
I am running L2TP on the Untangle and would like to filter those connections in the rack. I have been unable to do that because the L2TP connections are being bypassed. I have tested connections with "bypass all IPSec traffic" unchecked under Apps > IPSec VPN > IPSec Options. I have since learned that this isn't even necessary based on the IPsec_VPN wiki page.
Here is what I am seeing when I successfully VPN into the Untangle. Any other column from Layer 7 (Web Filter, Firewall, Application Control, etc.) is blank:"When this checkbox is enabled, traffic from IPsec tunnels will bypass all applications and services on the Untangle server. ...
If you disable this checkbox, traffic from IPsec tunnels can now be filtered through all active applications and services.
..
Traffic from L2TP and Xauth VPN clients will always pass through all active applications and services."
Filder Rules:Code:bypassed protocol policy_id policy_rule_id client_intf server_intf c_client_addr c_client_port s_server_addr s_server_port TRUE UDP[17] 0 0 External[1] None[0] vpn client public ip 61809 Untangle wan public ip 1701 TRUE UDP[17] 0 0 External[1] None[0] vpn client public ip 4582 Untangle wan public ip 4500 TRUE UDP[17] 0 0 External[1] None[0] vpn client public ip 4606 Untangle wan public ip 500
I have not changed this from default because the VPN server is the Untangle and not a VPN server on the local network. According to wiki Filter_Rules"
"Filter rules apply to sessions transiting THROUGH the Untangle server. By default this ruleset is blank. Filter Rules are useful for blocking traffic going through the Untangle server."Bypass Rules:Code:None
I have tested without these rules and with them enabled and set to process. I was thinking they might FORCE the traffic to NOT be bypassed. That does not seem to have an effect. Just like the search results I have found, most of the wiki Bypass_Rules deals with trying to bypass not trying to prevent bypass.
Access Rules:Code:Proto=ESP : Process Proto=UDP, Destination_Port=500 : Process Proto=UDP, Destination_Port=4500 : Process Proto=UDP, Destination_Port=1701 : Process
I have allowed L2TP traffic in the WAN with little restriction. I have tested with my own rules in the top of the list and the built in rules towards the bottom. From the wiki it seems like this is the place to allow the connections:
My rules at the top of the list:"Access Filter rules apply to sessions destined to the Untangle server's local processes and only sessions destined to the Untangle server's local processes. These rules have no effect on sessions passing THROUGH Untangle and are only used to limit and secure access to local services on the Untangle server."
Builtin rules at the bottom of the list:Code:Proto=ESP, , Source_Interface=External 1,Interface 2,Interface 3,Interface 4,Interface 5 : Pass Proto=UDP, Destination_Port=500 , Source_Interface=External 1,Interface 2,Interface 3,Interface 4,Interface 5 : Pass Proto=UDP, Destination_Port=4500, Source_Interface=External 1,Interface 2,Interface 3,Interface 4,Interface 5 : Pass Proto=UDP, Destination_Port=1701, Source_Interface=External 1,Interface 2,Interface 3,Interface 4,Interface 5 : Pass
I am really at a loss for why this traffic is getting bypassed. Can anyone think of some other setting that could be effecting this?Code:Proto=AH, ESP, : Pass Proto=UDP, Destination_Port=500 : Pass Proto=UDP, Destination_Port=4500: Pass Proto=UDP, Destination_Port=1701: Pass