Jump to content
RESET Forums (homeservershow.com)
Sign in to follow this  
nrf

a LAN switch interferes with ipsec vpn ?

Recommended Posts

nrf

A recent change in my ISP setup forced me to deal with an issue I have been keeping on the back burner. A while back, I had to change to a new VPN client for work. I had difficulty connecting as it told me a firewall must be blocking IPSEC or UDP. Blaming it on the router I had circled thru several with some initial success but ultimately failure. Having no choice now, I have narrowed it down to my network switch. the VPN is IPsec to a cisco vpn server (port 4500 and all).

 

Bottom line, with switches like GS108Tv2 and GS-1100-5 between my work pc and router (currently Sophos UTM 9) no problem. But my fancy tplink t1600g-28ts, no go. it validates the password ok but can't connect the vpn itself. 

 

Any seasoned veterans out there have an idea how this switch could be messing it up?

thanks in advance!

nrf

Edited by nrf

Share this post


Link to post
Share on other sites
mattb75
A recent change in my ISP setup forced me to deal with an issue I have been keeping on the back burner. A while back, I had to change to a new VPN client for work. I had difficulty connecting as it told me a firewall must be blocking IPSEC or UDP. Blaming it on the router I had circled thru several with some initial success but ultimately failure. Having no choice now, I have narrowed it down to my network switch. the VPN is IPsec to a cisco vpn server (port 4500 and all).
 
Bottom line, with switches like GS108Tv2 and GS-1100-5 between my work pc and router (currently Sophos UTM 9) no problem. But my fancy tplink t1600g-28ts, no go. it validates the password ok but can't connect the vpn itself. 
 
Any seasoned veterans out there have an idea how this switch could be messing it up?
thanks in advance!
nrf


Hi

How have you configured the switch? VLANS, QOS, Port prioritise etc?

I’d try removing any of these features and run it as a dumb switch then later back on any tweaks you’ve made to see which one is causing the issues.

Matt

Share this post


Link to post
Share on other sites
nrf

no vlan, no touching of priorities, not much to turn off - should any of it even inhibit IPsec/UDP?

 

dos defend - on

dhcp snooping - on

lldp - on

 

Share this post


Link to post
Share on other sites
schoondoggy

Probably not the issue you are having, but on the two switches that work, are they IPV4 only or is IPV6 enabled? If they are IPV4 only, I would try disabling IPV6 on the TS1600g.

Also have you upgraded the switch to the latest firmware?

 

Share this post


Link to post
Share on other sites
nrf

good questions. do switches know/care about ipv6 if you don't try to access their admin page that way? the only ipv6 in my network is the link local stuff that comes on by default. one of the switches that works seems to have ipv6 in it, one doesn't, and I don't see anything in the bad one about ipv6...

 

and of course I always start with firmware updates if the company cares to provide any...which they haven't.

Share this post


Link to post
Share on other sites
nrf

resolved. solution: in Network Security -> Dos Defend -> Dos Defend,

turn off both "Ping Flooding" and 'Blat Attack'.

  • Like 1

Share this post


Link to post
Share on other sites
ImTheTypeOfGuy
 

resolved. solution: in Network Security -> Dos Defend -> Dos Defend,

turn off both "Ping Flooding" and 'Blat Attack'.

 

What led you to the discovery?

Share this post


Link to post
Share on other sites
nrf

turning off remaining features and turning them back one by one.

Share this post


Link to post
Share on other sites
mattb75
turning off remaining features and turning them back one by one.


Tried and tested best approach!!

Glad it’s sorted. Looks like TP-Links’ implementation of DoS and Blat protections have impacts on other services as well - eg Bonjour for Apple devices and SIP.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • pksparks
      By pksparks
      Hi, 
      been reading through this forum, and also 2012 r2 essentials, but somehow i am not getting my vpn to work
      my configuration:
       
      gen8 with 2 nics connected and ilo4 nic connected. Nic 1 is connected to internet, nic 2 to my internal network
      ip adresses:
      nic 1: 192.168.2.200, with gateway
      nic 2: 192.168.10.229, no gateway
      ilo: 192.168.10.37
       
      nic 1 is connected to 4g router. Portforwardings for ports 80, 443, 1723 to ip 192.168.2.200
       
      after installation of server 2016e activated a remotewebaccess.com adress at microsoft, and installed remotewebacces and vpn.
      remotewebacces with /remote option is working
       
      my windows 7 laptop is in the domain of my server, client connector installed, and backup etc working.
      when i am at my office, or connected via a hotspot of my iphone, i want to make a vpn connection.
      everytime i start this, i see shortly that username and login are checked, but that is it, connection stops.
       
      i know i am overlooking something, but as allways, the longer you look, less change of finding it.
       
      any suggestions?. No need to hurry, i can only test this again on saturday.😩😏. Have to work tomorrow.
       
      any help is appreciated
       
      rgds
      Patrick
       
       
    • ChappyEight
      By ChappyEight
      Okay, so I'll be moving in about a month to a different home and I'm trying to gather the necessary materials to set up a relatively extensive mixed home network.  In order to simply get off the ground and get started, I've chosen the following pieces of equipment:
       
      Modem:  Our area is served by Spectrum and here's the list of the approved modems.  Any suggestions on one of these? Router: Cisco RV320 Firewall Device: Do you recommend hardware here or use the router's software firewall? Switch: Cisco SG200 Access Point: Cisco Aironet 3602I Controller: Cisco 2504  
      So, I'm a complete novice when it comes to building a mixed home network that will eventually entail a server room, NAS, etc.  However, I do know that I want all Gigabit equipment and the switch I chose is ginormous simply because I want the overhead to add connections later (IOW, I don't mind that it's overkill).  Also, again just because I can, I'm looking to get primarily enterprise quality equipment.  I'm not looking to burn money just to burn money, but I'm also not afraid to spend a little for a more quality network and something to learn on.
       
      If I'm thinking correctly, I'll connect into the modem , then to the router, then to the firewall (if necessary), then to the switch, then have the controller in one of the switch ports and the POE AP in one of the POE ports on the switch.  This, then, should give me both wired (by plugging Cat6a into the switch for other devices) and wireless access (via the AP), correct?  Am I forgetting/missing something?
       
      Really appreciate you entertaining this novice as I try to learn/build this network.  You can see my ultimate goals here (Lofty, I know).
    • lordcroci
      By lordcroci
      Hi there!
      I'm new around here, looked for the presentation thread but haven't found any! 
      Anyway I hope to be able to contribute (as far as my newbie's knowledge will be useful )....

      Speaking about what I'm trying to do, I have this amazing microserver gen8, on which I have 2 3tb wd red as storage and an ocz 125gb ssd on 5° port.. Installed a couple of days ago mr. PROXMOX (I'm a complete newbie to it too ) and configured the xpenology 6.0 that runs amazingly!
      Now.. I'm just wondering which is the best option to configure a vpn (possibily openvpn) and from my inexperience I found a couple of options:
      - try a container with turnkey debian 8 OpenVPN
      - install ubuntu on a VM and setup openvpn
      - try the vpn server on xpenology
       
      or the least pleasurable
      - install openvpn on my windows 10 pc and leave it turned on in way to access the microserver through vpn.. 
      What do you think is better to do? Considering that I am a real noob and will need some guide or some tutorial (already googled something and Have found a lot of material on the openvpn site.. but honestly can't find so much about proxmox and vpn)

      PS: sorry for my english, but I'm italian and I'm still learning!
       
      thanks a lot!
      Lordcroci
    • Camperdownfamily
      By Camperdownfamily
      I used to run a Win Home Server V1, then an Amahi Home Server and now I have built a Home Server based on Win 10 Pro.
       
      I have got everything running really well except for the VPN for remote access.  For some weird reason, I can connect remotely to my Home Server by VPN and it gives me an IP address on the home network ok, but I can't see, access or ping the Home Server itself - yet I can access every other piece of kit connected to the home network (printer, router, other PCs, etc.) through the VPN by entering their IP address into my browser or by pinging them through the command line Ping command with their IP address.
       
      It's as though, by providing access the the rest of the network, the Home Server has become invisible to itself and so I can't access anything on it.
       
      I have used the built-in Windows VPN on Win 10 Pro, rather than using a third party package.  I have been using Terry Walsh's "How to Build a Windows 10 Pro Home Server" e-book which has been excellent so far, except that on this, it tells you how to set up the VPN and then just says - go ahead and connect to your remote Home Server - but doesn't address any potential problems - like this one.
       
      Is this something anyone has seen before?  Any ideas what the problem could be?
    • Steventon's IT World
      By Steventon's IT World
      Hi all,
       
      You might have seen my other post about a way to install two CPU fans to the heatsink of the Micro Server Gen 8 on the forum. If not then check it out here. I posted full instructions on my blog here.
       
      I am trying to find a way to stop the noise of the fans when the server isn't producing much processor heat. I think a temperature switch is the best way to go. Something like in the image attached. It allows me to change the temp value but it looks like it might only turn off the switch when it gets hot. I want this the other way around. Does anyone know if this is the case or whether this item would actually work?
       
      Many Thanks




×
×
  • Create New...