This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OpenVPN and UDP Flood Protection

I'm having an issue with the Sophos UTM, where I have a firewall rule that allows a client behind the firewall to connect to an OpenVPN server (I allow connections to UDP port 1194). Everything works great. However, when I enable UDP Flood Protection, the OpenVPN bandwidth drops by orders of magnitude (from over 100 Mbps to less than 3). I can see in the IPS logs that that the IPS flags a "UDP flood detected" to the IP and port of the OpenVPN server. I've added an exception to the IPS to ignore the OpenVPN service (port 1194), but it still flags it.

Am I missing something in the configuration?

This thread was automatically locked due to age.

Parents

0 martin_sh over 9 years ago

UPDATE:
Refining the exception by adding "Going to" the local computer IP using "AND" (though it worked yesterday) doesn't work (and it probably is not supposed to work). The logs of yesterday made me come with that idea; however, today the logs show udp flood traffic going to my external IP.
Now I have to select between these two options:
1. Create the exception with just two services, "VPN in" and "VPN out"
2. Same as in option 1, but also add a broad subnet of VPN server.
Which option is better?
Thank you,
Martin
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 martin_sh over 9 years ago

UPDATE:
Refining the exception by adding "Going to" the local computer IP using "AND" (though it worked yesterday) doesn't work (and it probably is not supposed to work). The logs of yesterday made me come with that idea; however, today the logs show udp flood traffic going to my external IP.
Now I have to select between these two options:
1. Create the exception with just two services, "VPN in" and "VPN out"
2. Same as in option 1, but also add a broad subnet of VPN server.
Which option is better?
Thank you,
Martin
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data