NethServer Version: 7
Module: VPN
I have a pc with client vpn cisco-anyconnect, we try to conect to a external vpn and my firewall drop the conection, this is the log Shorewall:net2fw:DROP:IN=enp0s3, how can I fix it? The pc is in my Green network and the firewall show that message, but if I move a pc to red network then I can do it, it connects throw the vpn cisco-anyconnect
That is inbound connection to the red interface being dropped at the firewall, which would have nothing to do with a VPN client connected via the green interface.
Is the PC able to surf the internet correctly when connected to the green interface.
Not quite sure I understand what you are saying there. What is the topology of your network. Is the red interface connected directly to your ISP, or behind another router.
Cheers.
Do this VPN support NAT environment?
NethServer also uses ports like 500, 4500 UDP and 443TCP, but the should be reachable on the AnyConnect Server…
the pcs that are on my network green have the anyconnect client of Cisco this vpn is on an external network to which I want to connect.
my network scheme is simple a router connected to my ISP and my nethserver server connected to this router, this is my red network, then I have nethserver connected to a switch on the green network which is where my pc’s, printers and point access are located
the router that precedes my server connects via ppoe to my isp and I have an intermediate network between my router and my nethserver. Nat is configured, when I connect the pc in the red range which is where I’m getting my nethserver from the router, there if anyconnect works, but within my green network it doesn’t work, obviously it’s the firewall rules, as I’ve been investigating, anyconnect uses ports 500 and 4500 of udp and 443 of tcp
NS does not block any routes coming into the green interface, who’s destination is out via the red.
What subnets are the red and green interfaces. How are the IPs configured. How are the client PCs configured with regard to IP/DHCP.
Cheers.
My server has two interfaces, one for the red network and the other for the green one, the red one is connected to my router with a subnet ex.192.168.3.0 / 24 and the green one connected to a switch with an address ex. 192.168.100.0/24. My server takes ip for the red one using dhcp, and
The PCs connected to my green network take IP by DHCP. The scenario is as follows, if I connect a PC in the subnet where the red interface of the server is located, the cisco-anyconnect client works, but if I connect it to the subnet of the green interface it does not work for me. And in the log log I see Shorewall: net2fw: DROP: IN = enp0s3
I’ve used Cisco Anyconnect on a NAT’d Windows machine behind NS for quite some time.
Can you provide the full text.
Can the PCs in the green network surf the internet.
Cheers.
Shorewall:net2fw:DROP:IN=enp0s3 OUT= MAC=08:00:27:09:09:49:ac:84:c6:e6:a1:4a:08:00 SRC=192.168.200.1 DST=192.168.200.155 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=51314 DPT=137 LEN=58
the pcs on the green network have access to the internet, users navigate smoothly
SRC=192.168.200.1(Gateway) DST=192.168.200.155(NethserveServer) this is my red network
That doesn’t appear to be anything to do with a VPN. Port 137 is used by Microsoft’s NETBIOS Name Service.
You could try (briefly) allowing that into the firewall, as a test, in case the Cisco VPN is doing something weird and wonderful at the NETBIOS level.
Cheers.
I removed all the firewall settings and it worked, it seems that it was some rule that I had set