I’ve been using Comodo Internet Security for a long time but have never been able to quite get this working.
Here is my setup:
I have a virtual machine running with Windows 7 installed to act just as a VPN server to allow access to my home network. I can access anything on my LAN just fine but whenever I try to get on the internet, whatever device I’m using just says something along the line of “Bad DNS Request”. The only reason I am using a VPN (VirtualBox) is because I am using Comcast’s ■■■■■■ modem/router combo that doesn’t allow VPN connections through the firewall even if you forward all the correct ports, so I have to set the VM’s adapter to bridged mode with a static IP and set that IP as the DMZ in the router. If I disable Comodo’s firewall completely I can access all my local devices and still have an internet connection over LTE on my phone, however since the VM is set as the DMZ I DEFINITELY want a firewall running.
Basically all I want is to be able to connect to my home network through a VPN and still have an internet connection on whatever device I’m using. I’ve tried setting global rules in the firewall to allow WAN access to VPN clients but nothing I have tried works. Can someone help me with creating a working rule that allows my devices both LAN and WAN access, or maybe recommend a better solution to this setup. I do have an Ubuntu server running on my network acting as a file server, MySQL server, etc and I could use that instead of my desktop hosting a VM for remote connections.
What VPN server software are you running inside the the guest windows 7 VM? Also run a wireshark packet capture inside the guest VM with comodo firewall disabled, make a connection to the VPN, then do the same with the firewall enabled with a different packet capture. You can compare the two packet captures to see what is being blocked.
Also which version of Virtualbox are you using? 4.3.x or the new 5.x branch, reason I ask is because starting with version 5, Virtualbox virtual networking uses NDIS6 protocol which means host firewalls interfere with incoming connections to the guest vm in bridge networking mode. But on versions <5.x you can access services/servers running in a guest VM without having to make exceptions/opening ports with the host software firewall. Speaking of host firewalls, do you have comodo installed on the host, the guest, or both?
I’m using VirtualBox v4.3.24 and Comodo is installed on both the host and guest. Specifically CIS is installed on the host and just the firewall on the guest. Then UFW is running on my Linux box. The configuration for the host seems fine since everything works perfectly when the guest OS’s firewall is disabled. I can run wireshark tomorrow to get the packet comparison and post the results. I’m wondering if it wouldn’t be a better solution to just add entries on the guest firewall allowing the MAC’s for both my phone and laptop to be completely unfiltered? I think that is the only thing I haven’t tried. I read a tutorial online that was talking about creating a separate network zone for the VPN and then allowing the VPN zone and Home #1 to communicate but after spending 45min following that it still didn’t work. Not to mention it doesn’t seem like that would fix it since I have LAN access to everything even when the firewall is running, just not WAN.
The other effect I was hoping for is to get around certain networks that block specific websites on their network, but aren’t configured to block VPN. I’ve worked at places that block Google, Yahoo, MSN and Bing (for whatever unknown reason) so I can’t even research anything. I’m assuming that if I use a VPN connection that it will use my home’s DNS servers and search domains? i.e. Comcast.
Ok good we can rule out comodo on the host causing issues and focus on setting up comodo in the guest.
I'm wondering if it wouldn't be a better solution to just add entries on the guest firewall allowing the MAC's for both my phone and laptop to be completely unfiltered? I think that is the only thing I haven't tried. I read a tutorial online that was talking about creating a separate network zone for the VPN and then allowing the VPN zone and Home #1 to communicate but after spending 45min following that it still didn't work. Not to mention it doesn't seem like that would fix it since I have LAN access to everything even when the firewall is running, just not WAN.
Creating firewall rules based on MAC address will not work when connecting from outside your network as the MAC address is replaced by every router along the path.
Yes when you connect through a VPN tunnel you use the VPN endpoint DNS servers unless you specifically set DNS IP address in the network adapter properties as all requests will be sent to the VPN.