Network defender/Firewall with OpenVPN Server

ASUSTOR's VPN service brings businesses a truly effective solution.

Moderator: Lillian.W@AST

Post Reply
Daudiren
Posts: 13
youtube meble na wymiar Warszawa
Joined: Wed Aug 26, 2015 2:26 pm

Network defender/Firewall with OpenVPN Server

Post by Daudiren »

Hi,

After deciding to use an all block IP policy with only allow from white list- I have come across a problem that some of you might have the solution for.

I have white listed all my known locations that I connect to my NAS via my OpenVPN server. But when I tried from my cell phone my connection was rejected, as expected because of my IP policy. I could add my IP but when using 4G or roaming, I don't always know what my IP will be.

What is a good way to address this issue? Do you guys just go without Network Defender turned on? I did this the last year or so and I guess it's fine. But the heightened security makes me sleep better at night.
sksbir
Posts: 395
Joined: Tue Aug 25, 2015 9:23 pm

Re: Network defender/Firewall with OpenVPN Server

Post by sksbir »

hi.

First, you must add in whitelist the network you have defined for your openvpn network : vpn server --> settings --> openvpn --> check what is stored in field " dynamic IP address", and report this network in whitelist.


I have noticed opposite behaviour with my NAS : not so long before, I decided to upgrade Geoip application. I didn't notice immediately that all policies based on geoip vanished.
But I noticed that I couldn't connect directly any more to my NAS from outside with my phone. But I could still use my openvpn client with my phone and access my NAS once connected to my local network with openvpn.

My NAS is also using white list, with local network + 3 coutries listed in the white list.

if you have also upgraded geoip app, check your whitelist again :)
Daudiren
Posts: 13
Joined: Wed Aug 26, 2015 2:26 pm

Re: Network defender/Firewall with OpenVPN Server

Post by Daudiren »

Thanks for the quick reply sksbir! I have tried to add my Dynamic IP address range in the "Black and White list"-part of Network Defender. As well as my own country. But I can't seem to connect with my phone via 4G for testing.

My dynamic IP range is 10.0.1.0-10.0.1.254. Is it correct to add it as such? Or do I add it as a single entry, not a range? If you're certain this should work I'm yet to try doing a reboot of the system to see if that helps.
sksbir
Posts: 395
Joined: Tue Aug 25, 2015 9:23 pm

Re: Network defender/Firewall with OpenVPN Server

Post by sksbir »

You must add it has a range, exactly in the same manner has shown in openvpn/dynamic IP . A reboot is not needed.
You must also check the autoblacklist section of adm defender to see if you have something stored here, and remove it.
And you must add the openvpn virtual network in your trusted list. Only for test purpose if you want ( I add it permanently )

From cellphone side, you must also be sure to successfully connect to openvpn. with openvpn for android, you will get a key logo in upper notitication tab and get "initialization sequence completed" in log.
install "netstat" on your phone (android), and check that you have one IP in the dynamic range of your openvpn server.
Daudiren
Posts: 13
Joined: Wed Aug 26, 2015 2:26 pm

Re: Network defender/Firewall with OpenVPN Server

Post by Daudiren »

I think i managed to make it work. I had Network Defender as well as Firewall turned on. When I changed the firewall setting to "allow all connections" it started working. Should that be okay? The NAS is behind a firewall in my router, and not in a DMZ. And I assume the Network Defender part of the settings, which are turned on as far as I can tell, will help in regards to security as well?

In Network Defender auto black list is turned on, and Black and White list in the settings are turned to White List.
sksbir
Posts: 395
Joined: Tue Aug 25, 2015 9:23 pm

Re: Network defender/Firewall with OpenVPN Server

Post by sksbir »

The NAS is behind a firewall in my router
You must allow the port and protocol to be accessed from outside.
I mean port and protocl you have specified in openvpn settings. default is 1194/udp.
Daudiren
Posts: 13
Joined: Wed Aug 26, 2015 2:26 pm

Re: Network defender/Firewall with OpenVPN Server

Post by Daudiren »

sksbir wrote:
The NAS is behind a firewall in my router
You must allow the port and protocol to be accessed from outside.
I mean port and protocl you have specified in openvpn settings. default is 1194/udp.
I was trying to tell you that everything is working :) What I wrote about in my last post was in regards to security. If my current settings are sufficient.
Post Reply

Return to “VPN Server”