NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

dono11's avatar
dono11
Aspirant
Oct 15, 2018

Block inbound vpn address

I have using vpntracker (Macbook Pro) and IOS (iphone 6 and Ipad Air) vpn to connect to my router. In the last 6 months I see a server from shadowserver.org trying to access my router. From VPN log.

Sun Oct 14 22:26:09 2018 (GMT -0400): [FVS336GV3] [IKE] ERROR: Failed to get matching proposal for 216.218.206.90[11833].
Sun Oct 14 22:26:09 2018 (GMT -0400): [FVS336GV3] [IKE] ERROR: No suitable proposal found for 216.218.206.90[11833].

I have an inbound 'All' service that blocks the entire address range. The shadowserver.org attempts to connect once a day. I did contact Comcast to see if they have a contract with shadowserver.org to do these attempts. Comcast said no contract and apparently making no attempt to stop them. 

Is there anyway to block these IKE attempts?

 

Thanks

Security
Solutions

3 Replies

  • JohnC_V's avatar
    JohnC_V
    NETGEAR Employee Retired
    Oct 16, 2018

    Hi dono11,

     

    Welcome to our community! :)

     

    By default, it is already blocked. They cannot connect through VPN as they don't have credentials to have a handshake with your router. They may need to configure your router and configure the right credentials in order for it to work. As you can see, "No suitable proposal found for the IP". I suggest you turn off your VPN for a while and don't click any unknown links to avoid phishing.

     

    Regards,

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Oct 17, 2018
      JohnC_V wrote:

      By default, it is already blocked. They cannot connect through VPN as they don't have credentials to have a handshake with your router. They may need to configure your router and configure the right credentials in order for it to work.

      Seriously? The OP states that he has a firewall rule in place supposedly blocking the address range...

       

      dono11 wrote:

      I have an inbound 'All' service that blocks the entire address range. The shadowserver.org attempts to connect once a day.

      ...therefore these IP addresses must be blocked by the firewall before reaching the OpenVPN service port.

       

      Assuming the firewall rules are set correct - a clear bug in the firewall implementation! Firewall must deny the access _before_ a packet does reach any local services on the security appliance, too.

       

      Of course, there are plenty of reasons why Netgear has never succeeded in this security appliance business, and the products are between EoL and dead.

       

      Looking forward to BR500 and what is coming beyond - I hope Netgear is able to listen to the market now.

       

      Regards,

      -Kurt

       

      PS. This is one of the reasons why I'm re-interating the need for configurable firewall rules for the coming-up Insight BR500 router.

      • dono11's avatar
        dono11
        Aspirant
        Oct 17, 2018

        Here is my Inbound rule. 

         

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More