Get my VPN secure on Windows 2000, $100 reward

I’ve used a VPN connection on Windows XP for a while. I have created rules in a software firewall to block all internet access when the VPN drops. If I don’t do this all the traffic starts going the normal route which is something I don’t like.

I’ve tried creating these same rules on a computer with Windows 2000. When I have the rules enabled I can connect to the VPN and almost open a website, but very soon the VPN connection goes down. Buhu. I have no idea why this is. But I’m sure someone on this forum is good at networks and can tell me what this is about. I want to be able to do the same thing in Windows 2000 professional as I was able to do in Windows XP, again, using any software firewall (preferably Comodo).

If you know these kinds of things and think you can help me, please send me a pm and we’ll get it to work. I’ll pay a fixed $100 reward if we can get it working. I can only pay through paypal or moneybookers.

If you know these things, get in touch!

Welcome to the forum jakkan,

No need to pay as we enjoy seeing people switch to Comodo and helping them getting everything up and running if we can.

Ok, does your log show anything as being blocked when you run the VPN. Also you might need to check and see what ports your brand of VPN uses. If you will post which one you are using then I can do a search to see which ports it uses.

That may not be the problem but one thing at a time to see if we can get it working.

jasper

Thanks for the welcome Jasper!

I’m using a pptp tunnel with the company PatrikWeb (www.patrikweb.com). I connect to IP 193.27.192.7 and I get IP 91.90.23.1-255.

Using a bunch of rules I don’t understand I have become able to connect to the VPN and stay connected, but I can’t communicate to the Internet.

When I try to update an application I get an error message I have never received before. “The server name cannot be converted to the IP address”. This may or may not be relevant.

Here are two log messages that are repeating over and over again:

Date/Time :2007-08-04 05:45:38
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.2.141, Port = nbname(137))
Protocol: UDP Incoming
Source: 192.168.2.141:nbname(137)
Destination: 192.168.2.255:nbname(137)
Reason: Network Control Rule ID = 16

Date/Time :2007-08-04 05:45:38
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.2.130, Port = nbname(137))
Protocol: UDP Incoming
Source: 192.168.2.130:nbname(137)
Destination: 192.168.2.255:nbname(137)
Reason: Network Control Rule ID = 16

I’m sorry to say I have no idea what I’m doing (:SAD) After seeing this I added a rule to allow TCP/UDP from ID 192.168.xxx.xxx to IP 192.168.xxx.xxx. Then I got this log message instead:

Date/Time :2007-08-04 05:51:04
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, IP = 209.85.135.103, Port = http(80))
Protocol: TCP Outgoing
Source: 192.168.2.105:1503
Destination: 209.85.135.103:http(80)
TCP Flags: SYN
Reason: Network Control Rule ID = 17

After getting that I couple of times I got a couple of these:

Date/Time :2007-08-04 05:55:44
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, IP = 72.14.221.91, Port = http(80))
Protocol: TCP Outgoing
Source: 192.168.2.105:1506
Destination: 72.14.221.91:http(80)
TCP Flags: SYN
Reason: Network Control Rule ID = 17

I hope this is solvable! However that is, thanks for trying!

First of all I noticed that you have at least 18 rules because rule #17 is the one doing the blocking on the last 2 log entries.

Ok, let’s try this first:

Make sure that all of the ALLOW rules are above the Block rules in the Network Monitor list.

Next look for a rule in the Network Monitor list of rules that ALLOWS ALL TCP/UDP OUT and move it to the top of your list. This should get rid of the blocked out entries in the log. If you don’t have an entry in your rules that allows all out then write one like this and put it at the top of your list.

ALLOW-check the checkbox to log entries
TCP/UDP
OUT
Source IP: ANY
Destination IP: ANY
Source Port: ANY
Destination Port: ANY

You might have to reboot the PC for the rule to take hold. Do this and to see if you get your internet back.

The first 2 entries are NetBios and those are from other machines on your network. We won’t worry about those rules for now.

jasper

OK. Let’s get rid of the 18 rules and start from step 1. Here is a screen shot of my new rules. Now communication with the internet is up again.

http://img103.imageshack.us/img103/7134/snag0003ek6.th.png

EDIT: Added logging to rule 0.

Ok, starting from scratch is probably the best.

What you need to do now is to setup a Trusted Zone. I am using V3 of the Comodo firewall so I don’t know the exact route to get to that section but I think I remember it is under the Tasks section. It looks like to me that your network IP addresses are using the 192.168.2.1-192.168.2.255 range so you need to setup the range using those addresses if I am correct. This should let you communicate with the router with no problems. Comodo will setup the Trusted Zone rules for you and put them at the top of the list. All you need to do is enter the range of your network IP addresses.

Do this part then we will work on the VPN connection to get that working if it doesn’t already work after this.

jasper

That’s done now. I’ve added those addresses as a trusted zone and there are now two more network control rules.

Do this part then we will work on the VPN connection to get that working if it doesn't already work after this.

The VPN connection works. Now we just need to get my computer to stop communicating with the internet when the VPN connection drops.

Big thanks for all the help so far!

Glad to see that you are up and running again.

When you are not on the internet or a program is not connecting to the internet for updates and the like the firewall will automatically stop all incoming communications with your PC from the outside unless you specifically write a rule to allow it.

If you simply want to stop the Network card from getting any communications then you can right-click on the network connection down in the systray, if it has an icon there, and disable the connection then reenable it when you want to use the VPN.

You can also right-click the firewall icon in the systray and choose “Block All” but keep in mind that programs that need to get updates from the internet will get blocked and you might get a ton of pop-ups from doing this.

If you are going to browse the internet with IE or any browser or let your programs update, though, then you would need to leave everything enabled and you will be safe. The ports that the VPN connection use will get closed automatically once you have closed the VPN connection from your machine. You will still see NetBios connection attempts being blocked in the log (the port 137 blocks in your log) and that traffic is from other PC’s on your network trying to see who is on the network, to keep it simple, and that traffic is normal on any network and can be ignored because it has been blocked.

Hope I explained that well enough. You are safe the way you are right now and things will run smoother by leaving it as is.

jasper

Thanks Jasper for that nice post! If it is possible I really would like the software firewall to disallow any communication with the internet when the VPN is not on, even software updates and stuff. If you know how I can do that, then it would be great if you could let me know.

Thanks!

Two options that I can think of:

1. All you would have to do is right-click on the firewall icon in the systray and select “Block All” and that will stop anything from going out or coming into your PC once you are done with the VPN. You would then have to go back and choose “Custom” again to enable the firewall when you wanted to use the VPN again.

2. Go to your Network connection icon in the systray, right-click it, and choose “Disable”.This actually turns off the hardware Network Interface Card(NIC) on your PC. The icon will probably disappear on this one so to reenable it you might have to go to: Start>Settings>Network Connections>right-click and choose “Open” then choose the NIC connection and right-click on it and choose “Enable”. This should put it back in the systray.

Keep in mind that if you do one of the above rules then you are not going to be able to connect to anything on the network and vice-versa.

jasper

Thanks for all the help jasper! You are very very kind and considerate!

The solutions you suggest won’t really take care of what I’m intending though. I’ll try to better explain what I want to do:

I want all traffic to be blocked automatically when my VPN goes down unexpectedly, because of connection issues either with my home ISP or at the VPN server or somewhere in between. As it is now, this scenario occurs occasionally:

I sit in front of the computer and do work. Then my son wants to play something or my wife asks me to take care of the dishes or I have something else I want to do. I take a break from work and leave my computer on. During this time the VPN goes down. My computer sends information without security. If I’m doing something for which I don’t directly need anything on the VPN I don’t even notice that the VPN has gone down and I continue using the computer for the rest of the day sending information insecurely.

I don’t know if you can tell by this that I don’t know anything much about networks. But to me this feels like a valid security leak and if it’s possible I’d like to fix it. I was able to fix it in Windows XP without problems, but I’d rather use the VPN on Windows 2000. Don’t ask why because I have no other answer than that I just prefer it.

Problem fixed! Thanks for the help! I talked to our VPN provider and they advised us to try his openVPN solution instead. That worked very well. Thanks for all the very very kind help!

Sorry that I didn’t understand your original problem of keeping your VPN connection alive. Glad you got it resolved. At least everything is working correctly now.

Have a good one.

jasper

Jakkan, seems to me that you are spamming alot
of forums with this same offer for 100 hundred dollars!!
and bamm all fixed!! what gives??
here
http://outpostfirewall.com/forum/showthread.php?t=20947
and here

I don’t think this is spamming judging from the date and time of each posts from the Wilders forum, it’s about the same. There’s nothing wrong with posting a question on multiple forums - it’s even better to seek as much help as possible.

Soya seems like spam to me
the list goes on and on… (:NRD)
http://forums.zonelabs.com/zonelabs/tracker?user.id=105677

I don’t know…I mean ZoneAlarm is a different story altogether; you may have to ask the same question 5 times before their forum support will answer. ;D

aint that the truth!! (:WIN)