If you are using Windows 7 Firewall with outbound traffic restrictions, you may run into problems if you attempt to use a VPN service, receiving Error 809. I block all outbound traffic that does not match an existing rule by default, and ran into some trouble attempting to connect to my VPN.
(NOTE: The instructions below assume some familiarity with modifying rules in the Windows 7 Firewall. If you need some further direction, see this guide, and start at step #4.)
To use an L2TP - based VPN, you must create a rule to allow outbound UDP connections on port 1701. You should apply this to the Private and Public profiles (Domain should not be necessary - but if this fails, try Domain as well).
To use a PPTP - based VPN, the same applies, however you must allow TCP port 1723.
To use an IPSec - based VPN, the same applies, however you must allow UDP port 500.
Some router / protocol combinations may also require that you modify router settings to allow them. My D-Link DIR-625 has a specific "tick-box" to allow certain protocols, such as PPTP. Your best bet if you use a router is to consult your router manual / your router's settings if opening your port locally is not successful.
Friday, February 25, 2011
Friday, February 4, 2011
avast! Web Shield and VPN - bypasses VPN connection
I recently changed antivirus programs from Panda Cloud to avast! antivirus. Suddenly, my browser was being allowed through the firewall without any issue no matter what network I was using, despite all the steps I had taken in the guide here. I was baffled, and in fact I didn't connect the installation of avast! with the problem (note to self: when things suddenly stop working, ask self - what changes have I made recently?)
Turns out the avast! program essentially acts as a proxy, passing all HTTP traffic through avast! and then to the Internet - bypassing any rule you have to block the browser from doing so.
Since Windows Firewall allows all outbound connections that do not match a rule - it's gonna get out. So - if you use an antivirus program with a "Web Shield" or similar functionality - you may want to consider disabling that function to prevent leaking one's true IP address.
...of course, that decision is fraught with its own perils...browse carefully!
Turns out the avast! program essentially acts as a proxy, passing all HTTP traffic through avast! and then to the Internet - bypassing any rule you have to block the browser from doing so.
Since Windows Firewall allows all outbound connections that do not match a rule - it's gonna get out. So - if you use an antivirus program with a "Web Shield" or similar functionality - you may want to consider disabling that function to prevent leaking one's true IP address.
...of course, that decision is fraught with its own perils...browse carefully!
Subscribe to:
Posts (Atom)