It is currently Thu Jun 24, 2021 2:23 pm
All times are UTC + 8 hours

Network defender/Firewall with OpenVPN Server

ASUSTOR's VPN service brings businesses a truly effective solution.

Network defender/Firewall with OpenVPN Server

Postby Daudiren » Fri Aug 26, 2016 8:45 pm

Hi,

After deciding to use an all block IP policy with only allow from white list- I have come across a problem that some of you might have the solution for.

I have white listed all my known locations that I connect to my NAS via my OpenVPN server. But when I tried from my cell phone my connection was rejected, as expected because of my IP policy. I could add my IP but when using 4G or roaming, I don't always know what my IP will be.

What is a good way to address this issue? Do you guys just go without Network Defender turned on? I did this the last year or so and I guess it's fine. But the heightened security makes me sleep better at night.
Daudiren
 
Posts: 13
Joined: Wed Aug 26, 2015 2:26 pm

Re: Network defender/Firewall with OpenVPN Server

Postby sksbir » Fri Aug 26, 2016 10:06 pm

hi.

First, you must add in whitelist the network you have defined for your openvpn network : vpn server --> settings --> openvpn --> check what is stored in field " dynamic IP address", and report this network in whitelist.


I have noticed opposite behaviour with my NAS : not so long before, I decided to upgrade Geoip application. I didn't notice immediately that all policies based on geoip vanished.
But I noticed that I couldn't connect directly any more to my NAS from outside with my phone. But I could still use my openvpn client with my phone and access my NAS once connected to my local network with openvpn.

My NAS is also using white list, with local network + 3 coutries listed in the white list.

if you have also upgraded geoip app, check your whitelist again :)
sksbir
 
Posts: 340
Joined: Tue Aug 25, 2015 9:23 pm

Re: Network defender/Firewall with OpenVPN Server

Postby Daudiren » Fri Aug 26, 2016 11:23 pm

Thanks for the quick reply sksbir! I have tried to add my Dynamic IP address range in the "Black and White list"-part of Network Defender. As well as my own country. But I can't seem to connect with my phone via 4G for testing.

My dynamic IP range is 10.0.1.0-10.0.1.254. Is it correct to add it as such? Or do I add it as a single entry, not a range? If you're certain this should work I'm yet to try doing a reboot of the system to see if that helps.
Daudiren
 
Posts: 13
Joined: Wed Aug 26, 2015 2:26 pm

Re: Network defender/Firewall with OpenVPN Server

Postby sksbir » Sat Aug 27, 2016 5:39 am

You must add it has a range, exactly in the same manner has shown in openvpn/dynamic IP . A reboot is not needed.
You must also check the autoblacklist section of adm defender to see if you have something stored here, and remove it.
And you must add the openvpn virtual network in your trusted list. Only for test purpose if you want ( I add it permanently )

From cellphone side, you must also be sure to successfully connect to openvpn. with openvpn for android, you will get a key logo in upper notitication tab and get "initialization sequence completed" in log.
install "netstat" on your phone (android), and check that you have one IP in the dynamic range of your openvpn server.
sksbir
 
Posts: 340
Joined: Tue Aug 25, 2015 9:23 pm

Re: Network defender/Firewall with OpenVPN Server

Postby Daudiren » Mon Aug 29, 2016 6:31 pm

I think i managed to make it work. I had Network Defender as well as Firewall turned on. When I changed the firewall setting to "allow all connections" it started working. Should that be okay? The NAS is behind a firewall in my router, and not in a DMZ. And I assume the Network Defender part of the settings, which are turned on as far as I can tell, will help in regards to security as well?

In Network Defender auto black list is turned on, and Black and White list in the settings are turned to White List.
Daudiren
 
Posts: 13
Joined: Wed Aug 26, 2015 2:26 pm

Re: Network defender/Firewall with OpenVPN Server

Postby sksbir » Tue Aug 30, 2016 1:47 am

The NAS is behind a firewall in my router
You must allow the port and protocol to be accessed from outside.
I mean port and protocl you have specified in openvpn settings. default is 1194/udp.
sksbir
 
Posts: 340
Joined: Tue Aug 25, 2015 9:23 pm

Re: Network defender/Firewall with OpenVPN Server

Postby Daudiren » Wed Aug 31, 2016 8:28 pm

sksbir wrote:
The NAS is behind a firewall in my router
You must allow the port and protocol to be accessed from outside.
I mean port and protocl you have specified in openvpn settings. default is 1194/udp.


I was trying to tell you that everything is working :) What I wrote about in my last post was in regards to security. If my current settings are sufficient.
Daudiren
 
Posts: 13
Joined: Wed Aug 26, 2015 2:26 pm

Return to VPN Server

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 1 guest