Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3155 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

l2tp problem spoofed packets

Danik
Hello

I have a problem after astaro updated to version 8.201, VPN L2TP problem.

Clients can connect to VPN but can't access any port ... can't ping the internal IP's


The firewall show this message when the client tries to connect to an destination port:

14:56:53 Spoofed packet TCP 192.168.1.3:52185→192.168.1.22:22 len=53 ttl=64 tos=0x00

Please help ...

PS: Sorry for my bad english


This thread was automatically locked due to age.
  • 0
    There is a known issue in 8.200/201 with spoofed packets from clients connected using an Astaro wi-fi AP.  I've also seen one other report of this affecting VPN connections.  The only workaround that I'm aware of is to go to WebAdmin>>Network Security>>Firewall>>Advanced Tab and turn off spoof protection for now.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    thanks, it works but won't be there any problems?
  • 0
    It will decrease your security slightly, but keep in mind that Astaro uses multiple techniques to protect you (firewall rules, flooding protection, IPS etc.).  This is only a temporary solution until the problem is fixed, hopefully in the upcoming 8.202 up2date patch.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Sorry to dig up an old thread, but was this problem ever fixed?

    I've updated an ASG220 from 7.511 to 8.300 yesterday, and starting today not one of our PPTP-VPN users was able to connect to our Terminal server via RDP.

    The Firewall-log showed that all attempts were dropped because of "Spoofed Packets"...as soon as I disabled Spoof Protection they were able to connect.
  • 0
    doalwa, can you confirm that the Host definition for your Terminal Server has 'Interface: >' and that it is not bound to a specific interface?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Same problem with latest UTM9 here. If I connect via PPTP with a static RAS IP 172.16.253.99 and Spoof Protection is enabled at "Normal" or "Strict", then every traffic to the internal office net 172.16.0.0/16 is dropped due to spoof protection.

    In "Strict" mode even connections from local clients to other firewalled nets are dropped due to spoof protection.

    What I am doing wrong?
Cookie Information Banner