Orbi WiFi 7 RBE973
Reply

Block inbound vpn address

dono11
Aspirant

Block inbound vpn address

I have using vpntracker (Macbook Pro) and IOS (iphone 6 and Ipad Air) vpn to connect to my router. In the last 6 months I see a server from shadowserver.org trying to access my router. From VPN log.

Sun Oct 14 22:26:09 2018 (GMT -0400): [FVS336GV3] [IKE] ERROR: Failed to get matching proposal for 216.218.206.90[11833].
Sun Oct 14 22:26:09 2018 (GMT -0400): [FVS336GV3] [IKE] ERROR: No suitable proposal found for 216.218.206.90[11833].

I have an inbound 'All' service that blocks the entire address range. The shadowserver.org attempts to connect once a day. I did contact Comcast to see if they have a contract with shadowserver.org to do these attempts. Comcast said no contract and apparently making no attempt to stop them. 

Is there anyway to block these IKE attempts?

 

Thanks

Model: FVS336Gv3|ProSafe dual WAN gigabit firewall with SSL and IPSec VPN
Message 1 of 4
JohnC_V
NETGEAR Moderator

Re: Block inbound vpn address

Hi dono11,

 

Welcome to our community! 🙂

 

By default, it is already blocked. They cannot connect through VPN as they don't have credentials to have a handshake with your router. They may need to configure your router and configure the right credentials in order for it to work. As you can see, "No suitable proposal found for the IP". I suggest you turn off your VPN for a while and don't click any unknown links to avoid phishing.

 

Regards,

Message 2 of 4
schumaku
Guru

Re: Block inbound vpn address


@JohnC_V wrote:

By default, it is already blocked. They cannot connect through VPN as they don't have credentials to have a handshake with your router. They may need to configure your router and configure the right credentials in order for it to work.


Seriously? The OP states that he has a firewall rule in place supposedly blocking the address range...

 

@dono11 wrote:

I have an inbound 'All' service that blocks the entire address range. The shadowserver.org attempts to connect once a day.

...therefore these IP addresses must be blocked by the firewall before reaching the OpenVPN service port.

 

Assuming the firewall rules are set correct - a clear bug in the firewall implementation! Firewall must deny the access _before_ a packet does reach any local services on the security appliance, too.

 

Of course, there are plenty of reasons why Netgear has never succeeded in this security appliance business, and the products are between EoL and dead.

 

Looking forward to BR500 and what is coming beyond - I hope Netgear is able to listen to the market now.

 

Regards,

-Kurt

 

PS. This is one of the reasons why I'm re-interating the need for configurable firewall rules for the coming-up Insight BR500 router.

Message 3 of 4
dono11
Aspirant

Re: Block inbound vpn address

Here is my Inbound rule. 

 

Message 4 of 4
Discussion stats
  • 3 replies
  • 1723 views
  • 0 kudos
  • 3 in conversation
Announcements