Orbi WiFi 7 RBE973
Reply

Re: Enable IPSec UDP ports for all hosts behind firewall

zeppelinux
Aspirant

Enable IPSec UDP ports for all hosts behind firewall

Hi All,

 

I'm trying to make the IPSec working in hybrid environment (home network/cloud), here is the original problem:  

 

https://forums.rancher.com/t/hybrid-cloud-home-network/6646/3

 

I upgraded my router to FVS318Gv2, but it still  doesn't seem to be working (the same symptoms). Do I need to enable anything to make it work or this model doesn't support this config at all?

 

Cheers,

D

Model: FVS318Gv2|ProSafe gigabit 8 port VPN firewall
Message 1 of 6
JohnC_V
NETGEAR Moderator

Re: Enable IPSec UDP ports for all hosts behind firewall

Hi zeppelinux,

 

Welcome to our community!

 

Please help us understand the problem that you were having. Are you trying to make the firewall as the VPN server or the firewall will just work as a passthrough? If the firewall will work as a passthrough, the IPsec VPN tunnel is enabled by default. But if it seems that one of the tunnels that you have is working then I don't see any issues from the firewall as it is working by design. No configurations needed if it will work as passthrough.

 

Regards,

Message 2 of 6
zeppelinux
Aspirant

Re: Enable IPSec UDP ports for all hosts behind firewall

Hi John,

 

Thanks for reply! I'm trying to use the Rancher for managing Docker containers running on my home network and in the cloud (Hubrid network). Rancher connects all the hosts (that supposed to run managed containers) by creating Network overlay (IPSec agent is deployed and running on each host). One of the requirements for this Network Overlay to be functional is to make sure all the 500 and 4500 UDP ports traffic is flowing between ALL participating hosts.

When there is no NAT - everything is working perfcetly and seems like NAT makes this use case invalid i.e. acoring to the response in the Rancher forum there is no way this can work 😞

 

Cheers,

Dmitry 

 

Message 3 of 6
JohnC_V
NETGEAR Moderator

Re: Enable IPSec UDP ports for all hosts behind firewall

@zeppelinux,

 

Please try to open a port from the firewall. Go to Security > Services - Create the specific UDP ports that needs to be opened. Then go to Security > Firewall > Inbound Services - ADD the service that you created and then point it to your LAN Server.

 

Kindly check the manual here(page 130).

 

Regards,

Message 4 of 6
zeppelinux
Aspirant

Re: Enable IPSec UDP ports for all hosts behind firewall

I tried that, the problem is that there are multiple hosts (IP'S) in the local network (behind the NAT) that supposed to have open communication with the hosts in the cloud using 500 and 4500 UDP ports, but there is only single IP can be specified in the firewall rules.

Thanks,
Dmitry
Message 5 of 6
JohnC_V
NETGEAR Moderator

Re: Enable IPSec UDP ports for all hosts behind firewall

@zeppelinux,

 

If you do have multiple lan servers, you may enter a range of IP address. Please select "Subnet" on Send to LAN Server then enter the specific IP range.

 

Please refer to manual on page 141.

 

Regards,

Message 6 of 6
Discussion stats
  • 5 replies
  • 5080 views
  • 0 kudos
  • 2 in conversation
Announcements