NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Block services not working
If I go into my RBR50 Orbi router under block services, and select thhe defaults of VPN-IPSEC, VPN-L2TP, VPN-PPTP, IPsec, and then add some addition ones such as tcp/udp ports 1194 that should prevent any VPN from being established but it does not. Is this a known issue that the option is there but it doesn't work? I am on version V2.5.2.4
Thanks in advance,
chivolet wrote:Thanks CrimpOn for attempting to recreate it. Not sure how you captured the Wan/Lan traffic unless you did it off of a switch.
Although I have no solution to the problem, at least I can explain how to capture LAN/WAN traffic.
On the Orbi debug page (http://orbilogin.net/debug.htm) there is a check box to "Enable LAN/WAN packet capture".
Then, click on "START CAPTURE". Perform whatever tests you want. Then click on "SAVE DEBUG LOG".
This will create a file in the PC Download folder called Debug.zip that has all sorts of stuff in it. The files I want are LAN.pcap and WAN.pcap which can be opened by a lot of networking programs. I use Wireshark (a) because it's free, and (b) because it has a lot of display filter options.
3 Replies
chivolet wrote:If I go into my RBR50 Orbi router under block services, and select thhe defaults of VPN-IPSEC, VPN-L2TP, VPN-PPTP, IPsec, and then add some addition ones such as tcp/udp ports 1194 that should prevent any VPN from being established but it does not. Is this a known issue that the option is there but it doesn't work? I am on version V2.5.2.4
Thanks in advance,
Having no VPN, I performed a block on telnet (port 23). After verifying that my PC could telnet to lord.stabs.org (no idea what it is, but was on a list of "places to telnet"), I set up a block on telnet for my PC. After 'Adding' the block and clickiing 'Apply', telnet would no longer open a connection. After removing the service block, telnet works again. I should confess that in the past I have been in a hurry and neglected to click 'Apply' or did not notice that although I set the service block to "Always", it got put back to "Never" and I had basically applied nothing. For me, User Error is a daily occurance.
Conclusion: Blocking VPN may not be as simple as blocking telnet. What I would do is collect the Orbi WAN/LAN traffic while opening a VPN session and see where it goes and what ports are being used.
Thanks CrimpOn for attempting to recreate it. Not sure how you captured the Wan/Lan traffic unless you did it off of a switch. My Orbi doesn't give you that option other then grabbing logs for "Attempted access to blocked sites and services". The log did show it was blocking the VPN but I was still able to establish a VPN and go wherever I wanted to go using global protect, pulse secure, and HOXX vpn. Tunnelblick seems to be the only one that stopped working. I have added as many TCP/UDP ports I can find to put in the services, I have tried the services blocking on always, per schedule, turned it off and then back on. I just updated to the latest code thinking it may be a code issue but nothing has changed. I don't think this box fully supports blocking services even though it is listed in the documentation for VPNs.
I ran through your test with telnet and had the same finding. That does work like a champ.
chivolet wrote:Thanks CrimpOn for attempting to recreate it. Not sure how you captured the Wan/Lan traffic unless you did it off of a switch.
Although I have no solution to the problem, at least I can explain how to capture LAN/WAN traffic.
On the Orbi debug page (http://orbilogin.net/debug.htm) there is a check box to "Enable LAN/WAN packet capture".
Then, click on "START CAPTURE". Perform whatever tests you want. Then click on "SAVE DEBUG LOG".
This will create a file in the PC Download folder called Debug.zip that has all sorts of stuff in it. The files I want are LAN.pcap and WAN.pcap which can be opened by a lot of networking programs. I use Wireshark (a) because it's free, and (b) because it has a lot of display filter options.