×

Introducing the Orbi 970 Series Mesh System with WiFi 7(BE) technology. For more information visit the NETGEAR Press Room.

Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

Re: Block services not working

chivolet
Aspirant
Aspirant
‎2021-02-02 06:58 AM
‎2021-02-02 06:58 AM

Block services not working

  If I go into my RBR50 Orbi router under block services, and select thhe defaults of VPN-IPSEC, VPN-L2TP, VPN-PPTP, IPsec, and then add some addition ones such as tcp/udp ports 1194 that should prevent any VPN from being established but it does not.  Is this a known issue that the option is there but it doesn't work?  I am on version V2.5.2.4

Thanks in advance,

Message 1 of 4
0 Kudos
Reply

Accepted Solutions
CrimpOn
Guru Guru
Guru
‎2021-02-09 03:52 PM
‎2021-02-09 03:52 PM

Re: Block services not working

@chivolet wrote:

Thanks CrimpOn for attempting to recreate it.  Not sure how you captured the Wan/Lan traffic unless you did it off of a switch.

Although I have no solution to the problem, at least I can explain how to capture LAN/WAN traffic.

On the Orbi debug page (http://orbilogin.net/debug.htm) there is a check box to "Enable LAN/WAN packet capture".

Then, click on "START CAPTURE". Perform whatever tests you want.  Then click on "SAVE DEBUG LOG".

This will create a file in the PC Download folder called Debug.zip that has all sorts of stuff in it.  The files I want are LAN.pcap and WAN.pcap which can be opened by a lot of networking programs.  I use Wireshark (a) because it's free, and (b) because it has a lot of display filter options.

View solution in original post

Message 4 of 4
Reply

All Replies
CrimpOn
Guru Guru
Guru
‎2021-02-02 10:33 AM
‎2021-02-02 10:33 AM

Re: Block services not working

@chivolet wrote:

  If I go into my RBR50 Orbi router under block services, and select thhe defaults of VPN-IPSEC, VPN-L2TP, VPN-PPTP, IPsec, and then add some addition ones such as tcp/udp ports 1194 that should prevent any VPN from being established but it does not.  Is this a known issue that the option is there but it doesn't work?  I am on version V2.5.2.4

Thanks in advance,

Having no VPN, I performed a block on telnet (port 23). After verifying that my PC could telnet to lord.stabs.org (no idea what it is, but was on a list of "places to telnet"), I set up a block on telnet for my PC.  After 'Adding' the block and clickiing 'Apply', telnet would no longer open a connection. After removing the service block, telnet works again.  I should confess that in the past I have been in a hurry and neglected to click 'Apply' or did not notice that although I set the service block to "Always", it got put back to "Never" and I had basically applied nothing. For me, User Error is a daily occurance.

 

Conclusion: Blocking VPN may not be as simple as blocking telnet.  What I would do is collect the Orbi WAN/LAN traffic while opening a VPN session and see where it goes and what ports are being used.

Message 2 of 4
0 Kudos
Reply
chivolet
Aspirant
Aspirant
‎2021-02-09 12:07 PM
‎2021-02-09 12:07 PM

Re: Block services not working

Thanks CrimpOn for attempting to recreate it.  Not sure how you captured the Wan/Lan traffic unless you did it off of a switch. My Orbi doesn't give you that option other then grabbing logs for "Attempted access to blocked sites and services".  The log did show it was blocking the VPN but I was still able to establish a VPN and go wherever I wanted to go using global protect,  pulse secure,  and HOXX vpn.  Tunnelblick seems to be the only one that stopped working.  I have added as many TCP/UDP ports I can find to put in the services, I have tried the services blocking on always, per schedule, turned it off and then back on.  I just updated to the latest code thinking it may be a code issue but nothing has changed.  I don't think this box fully supports blocking services even though it is listed in the documentation for VPNs.   

I ran through your test with telnet and had the same finding.  That does work like a champ.

Message 3 of 4
0 Kudos
Reply
CrimpOn
Guru Guru
Guru
‎2021-02-09 03:52 PM
‎2021-02-09 03:52 PM

Re: Block services not working

@chivolet wrote:

Thanks CrimpOn for attempting to recreate it.  Not sure how you captured the Wan/Lan traffic unless you did it off of a switch.

Although I have no solution to the problem, at least I can explain how to capture LAN/WAN traffic.

On the Orbi debug page (http://orbilogin.net/debug.htm) there is a check box to "Enable LAN/WAN packet capture".

Then, click on "START CAPTURE". Perform whatever tests you want.  Then click on "SAVE DEBUG LOG".

This will create a file in the PC Download folder called Debug.zip that has all sorts of stuff in it.  The files I want are LAN.pcap and WAN.pcap which can be opened by a lot of networking programs.  I use Wireshark (a) because it's free, and (b) because it has a lot of display filter options.

Message 4 of 4
Reply
Top Contributors
See All
Discussion stats
  • 3 replies
  • ‎2021-02-02 06:58 AM
  • 1374 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7