NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

zeppelinux's avatar
zeppelinux
Aspirant
Jun 21, 2017

Enable IPSec UDP ports for all hosts behind firewall

Hi All,

 

I'm trying to make the IPSec working in hybrid environment (home network/cloud), here is the original problem:  

 

https://forums.rancher.com/t/hybrid-cloud-home-network/6646/3

 

I upgraded my router to FVS318Gv2, but it still  doesn't seem to be working (the same symptoms). Do I need to enable anything to make it work or this model doesn't support this config at all?

 

Cheers,

D

Security
Solutions
Troubleshooting

5 Replies

  • JohnC_V's avatar
    JohnC_V
    NETGEAR Moderator
    Jun 24, 2017

    Hi zeppelinux,

     

    Welcome to our community!

     

    Please help us understand the problem that you were having. Are you trying to make the firewall as the VPN server or the firewall will just work as a passthrough? If the firewall will work as a passthrough, the IPsec VPN tunnel is enabled by default. But if it seems that one of the tunnels that you have is working then I don't see any issues from the firewall as it is working by design. No configurations needed if it will work as passthrough.

     

    Regards,

    • zeppelinux's avatar
      zeppelinux
      Aspirant
      Jun 26, 2017

      Hi John,

       

      Thanks for reply! I'm trying to use the Rancher for managing Docker containers running on my home network and in the cloud (Hubrid network). Rancher connects all the hosts (that supposed to run managed containers) by creating Network overlay (IPSec agent is deployed and running on each host). One of the requirements for this Network Overlay to be functional is to make sure all the 500 and 4500 UDP ports traffic is flowing between ALL participating hosts.

      When there is no NAT - everything is working perfcetly and seems like NAT makes this use case invalid i.e. acoring to the response in the Rancher forum there is no way this can work :(

       

      Cheers,

      Dmitry 

       

      • JohnC_V's avatar
        JohnC_V
        NETGEAR Moderator
        Jun 27, 2017

        zeppelinux,

         

        Please try to open a port from the firewall. Go to Security > Services - Create the specific UDP ports that needs to be opened. Then go to Security > Firewall > Inbound Services - ADD the service that you created and then point it to your LAN Server.

         

        Kindly check the manual here(page 130).

         

        Regards,

  • zeppelinux's avatar
    zeppelinux
    Aspirant
    Jun 28, 2017
    I tried that, the problem is that there are multiple hosts (IP'S) in the local network (behind the NAT) that supposed to have open communication with the hosts in the cloud using 500 and 4500 UDP ports, but there is only single IP can be specified in the firewall rules.

    Thanks,
    Dmitry
    • JohnC_V's avatar
      JohnC_V
      NETGEAR Moderator
      Jun 28, 2017

      zeppelinux,

       

      If you do have multiple lan servers, you may enter a range of IP address. Please select "Subnet" on Send to LAN Server then enter the specific IP range.

       

      Please refer to manual on page 141.

       

      Regards,

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More