Friends, I’m using a VPN connection, it’s working well, it uses PPTP protocol for tunneling, I made this connection using “create a new connection” wizard and granted it trusted application status when it asked for internet connection.
But my problem is: firewall events are consistently showing that GRE protocol for the IP address of this VPN connection are being blocked! Which could mean 128 bit encryption tunnel isn’t created properly or not created at all by this VPN !! Despite of the fact that it’s connecting well and also showing IP address of VPN host on IP checking websites.
So can you tell me procedure of allowing GRE protocol for this connection ?
You need to make a Global Rule to allow fro GRE traffic. Go to Firewall → Advanced → Network Security Policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: IP
Direction: In
Description: Incoming GRE
Source address: Any
Destination Address: Choose MAC or Single IP address (only when it is fixed) or Host Name
IP details: IP protocol : GRE
Then push Apply → Ok. Now look at the Global Rules and make sure the new rule is somewhere above the basic block rule(s) at the bottom (red icon(s)). When needed you can drag the rule.
Thanks for your prompt reply ??? ! Done as you told me. Added protocol first for single IP address but it didn’t work, firewall events till showed GRE protocol blocked. After doing some research on my own I found that I didn’t have fixed single address so I edited that protocol to host address but still no change. Firewall events are still showing GRE protocol blocked. I don’t know the Mac address of my VPN provider. So I didn’t apply my guess work there. What I should do the next ? Change my firewall !? :-\ Please help Comodo. I guess there is some bug in your product regarding GRE protocol.
For MAC address you need to fill in the MAC address of your network adapter.
To look up the MAC address, also known as Physical address in Windows, do the following.
Go to Start → Run → type cmd in the run field → enter → now you come in a black box/DOS type of environment → type “ipconfig /all” without the quotes → enter → now look up the active network adapter in the list and see what the Physical address is.
Make sure this rule is above the basic block rule(s), with the red icons, at the bottom.
