USG40 IPSec VPN : some TCP protocols are blocked

flefebureflefebure Member Posts: 3  Freshman Member
Hi,
We have an  Ipsec Gateway is configured on a USG40W behind a VDSL router.

I connect to this VPN from an Ubuntu laptop with Shrew VPN client.
Many protocols have no problems, eg SSH, Telnet, HTTP/S over various ports, Mysql ..
But I have problems (connections hangs) with :
   Oracle databases (TCP1521)
   GIT server over SSH (SSH access to the server is OK)
   the USGW40 admin page (after login hangs on https://xxx.xxx.xxx.xxx:4443/cgi-bin/zysh-cgi)


Any idea?
Franck

Comments

  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 256  mod
    Hi @flefabure,
    Once the VPN is established, the IP layer routing should be okay to forward the packets to Intranet.
    If it is fail on specific service port, it could be affect by security policy rule.
    Can you check the security rule log on USG. is there any packets blocking log?
  • flefebureflefebure Member Posts: 3  Freshman Member
    edited May 22, 2018 10:36PM
    Hi @Zyxel_Cooldia, thanks for your answer,

    I meet the problems connected from my home's ADSL.
    Today I'm at the office, with the same laptop, so to answer your question, I try to reproduce the problem with theses steps :
      - disconnect laptop from the office's LAN
      - connect it to Internet through a 4G connection (with my mobile internet sharing)
      - mount the VPN
      - access one of the blocking resource.

    ==> They are now all accessibles ! problem seems gone.
    It's weird because when I'm at home the problem is totally reproducible

    So it doesn't look like a firewall problem. That sounds like something like MTU problem, or related (but I'm not a network specialist)

  • Zyxel_CooldiaZyxel_Cooldia Zyxel Official Agent Posts: 256  mod
    Hi @flefebure,
    Do you have packets capture on server side(Service side packets trace) when you use VPN to connect Oracle databases and GIT server from home?
    Just want to confirm does the server receive the specific port connection packets from VPN client.


Sign In to comment.