Hi, I installed Comodo Firewall the other day in lieu of the older Kerio Personal Firewall. I’m running Windows XP Pro with SP2 and all updates. My AV is the Kaspersky AV being distributed by AOL.
I use the UltraVNC remote desktop application running over the Hamachi VPN to access client sites to do remote support.
Today is the first day I have used this with the new firewall. Everything has been working fine prior to the installation of Comodo.
What happens is that I am able to connect to the Hamachi VPN “network”. That is, if you’re not familiar with Hamachi, I can connect through Hamachi’s mediation servers to the client’s machine from my machine at home using the Hamachi “pseudo IP address” in the 5.0.0.0 range. My machine establishes a connection to the Hamachi mediation server, the client’s machine does likewise, and the mediation hooks us together, then drops out of the picture. This allows me to access shared folders on the client’s machine.
In addition, I am able to run the UltraVNC server on the client’s machine and connect to it via the UltraVNC Viewer on my machine. This gives me complete control of the client’s desktop.
The following has occurred now several times in a row, so it is entirely repeatable.
I connect to the client’s machine via Hamachi, and open up a shared folder to verify that I have contact with the machine. I then close that open folder.
I run the UltraVNC Viewer and connect to the client’s desktop. I begin working on the desktop doing various tasks such as opening Windows Explorer, moving files, installing programs, whatever. For example, the last thing I was just doing was watching Windows Defender doing a scan of the client’s system.
After about five minutes, the UltraVNC Viewer windows freezes. Shortly after, the Viewer window closes. After that, if I click on the Hamachi connection to the client, I wait a long time (which means there is no connection occuring) and then Windows tells me I cannot connect to that resource. If I attempt to connect via UltraVNC, I cannot connect to the UltraVNC server. Since I can’t open a folder via Hamachi, it is clear that the Hamachi VPN connection has been terminated or damaged.
Hamachi and UltraVNC have been working fine for some weeks, so I am fairly sure it is not a problem with the applications themselves.
I have of course added both Hamachi and UltraVNC to the Firewall rules as trusted applications. I also this evening added firewall rules to allow port 137 and 138 for the 5.0.0.0 IP range, just in case that had something to do with it. That appears to have been unnecessary and ineffective to resolve the problem. Hamachi is allowed to do TCP and UDP both in and out to any destination and port. UltraVNC server and viewer are allowed to do TCP and UDP both in and out to any destination and port, with the destinations limited to the 5.0.0.0 range (to prevent anybody from accessing the UltraVNC server running on my machine except over Hamachi). On the client side, they are behind a Netgear router with SPI firewall and NAT. There is one port open to allow me to use the UltraVNC Repeater capability to access other UltraVNC servers on the client’s network. Since the Hamachi connections are both outbound to the Hamachi mediation server, there are no other firewall issues on the client side. There SHOULD be no firewall issues on MY side.
Does anybody have any idea what might be going on? In particular, I find it odd that this appears to be somehow time dependent, in that the connection stays up for a particular period of time, perhaps five or ten minutes, and then dies.
If I can’t resolve this quickly, I’ll have to uninstall Comodo Firewall and go back to Kerio. I’d rather have Comodo as it is better at defeating firewall leaks than the old Kerio version I’m using and generally a more up-to-date firewall.