How to make Comodo accept connections from my VPN (Open VPN)

Hi!
I have recently installed Open VPN Server on my machine ( so that I can share what ever I want with my friends among our virtual private network). So, my system essentially runs as a server for the VPN. Comodo Firewall is running in Block All mode. So, I have defined a new trusted network zone with IP range 10.8…0.0 to 10.8.0.255.

 But still when a client tries to connect to the Open VPN Server (my system) , Comodo Firewall  is looking at the real IP of the system (VPN client) and not considering it as with in a trusted network. Could you tell me how to make Comodo recieve connections from my VPN clients ?

Thanks and Regards,
Samba

A little update!
I have just installed Comodo Easy VPN, and the same problem exists with Comodo’s VPN as well.
I could ping from the my machine to another (no firewall is installed on that machine), but when I ping from that machine my machine is invisible.

I preferred that setup for other systems on the internet,but since the second system I’m referring to is with in a trusted network, I expect comodo firewall should let the connection come in. I think firewall should allow systems in private networks communicate with each other and block other systems in the internet based on whether the network is accepted by the user as the trusted or not!

I hope I’m not asking what is not possible!

Thanks and Regards,
Samba

Hallo saasira,

CIS default config block inbound ping request.

Likewise setting CIS Firewall Security Level to Block all Mode should prevent any connection.

Maybe right-clicking on CIS tray icon and setting Firewall Security Level to Safe Mode could provide a different result.

Hi Gibran,
Sorry for not giving clear information! My Firewall Security is in Safe mode, but in Stealth Ports wizard I have selected to Block All Incoming Connections. But I have both the Open VPN Adapter and Comodo Easy VPN Adapter registerd as trusted network and here is what I see from the Global Rules tab of Network Security Policy wizard:

Allow All Outgoing Requests If The Target Is In [Comodo VPN]
Allow All Outgoing Requests If The Sender Is In [Comodo VPN]

Allow All Outgoing Requests If The Target Is In [Open VPN]
Allow All Outgoing Requests If The Sender Is In [Open VPN]

not only ping ,but access on any port is allowed, in fact it is as if the system is not alive!
If you need more information I can provide that too!

I hope there is a solution to this problem!

Thanks and Regards,
Samba

Not sure what could cause this scenario. ???

It is likely some other member will be of more help. :-[

Meanwhile it could be possible to sort off any rule issue by temporarily disabling CIS firewall to carry a ping test.

I have made sure that not only ping but every type of connection works if I set Stealth Ports to “Alert me on Incoming Connections, stealth my ports on a per-case basis” option. When I disabled the firewall I could able to telnet and ping my machine by the private IP address.It looks like Firewall is blocking even connections from trusted networks.

Can you post a screenshot of your global rules and your CIS firewall events when the Comodo EasyVPN does’t allow pings and telnet sessions?

Maybe there could be some clue to possibly find a workaround.

I’m attaching Global Rules screen shot here…

[attachment deleted by admin]

Here is the Firewall Events Screen shot…

Edit: Removed attacment.

It looks like openvpn.exe inbound traffic is blocked.

You could try to add an ALLOW TCP IN from source IP any Port ANY to destination IP ANY port 1194

Also it looks like uPNP traffic is blocked.

Hi ,
thanks for your help so far! I have added the rule that you mentioned for openvpn.exe to allow incoming connections from any IP source port any destination port 1194.

But no improvement… the problem still remained.
By the way you mentioned that upnp is blocked. Can you tell me how to unblock it,and any consequences for enabling uPNP?

Thanks and Regards,
Samba

Did you add Allow TCP IN from Source IP any Port ANY to Destination IP ANY port 1194 to the firewall global rules too?
Even if there is no progress maybe there will be a new blocked entry in the log.

In order to avoid privaciy issues please compress and password protect the log screenshoot.

uPNP is meant to automatically forward ports from the router to your PC as requested by supported applications. Although user-friendly uPNP can be insecure.
If uPNP is explicitly disabled in the router some applications (eg P2P) need the router port forwarding to be configured manually.

uPNP is based on multicast. The following zone will allow to easily set appropriate rules to support multicast (and uPNP)

Zone: [Special & Local Multicast] is defined as
-----------------------------------------------------------------------------------------
[0]	IP In [224.0.0.0-224.0.0.255]
[1]	IP In [239.0.0.0-239.255.255.255]

Thanks a lot Gibran! Now it worked!
there were two things that were necesary to get things work as expected:

      1. the first tip in your previous post to put a Global rule to allow TCP IN from Source IP Any  Port Any to Destination IP ANY Port 1194 has enabled the Open VPN client to establish a connection with the Open VPN server.

2. I did a mistake yesterday by not posting a screenshot of Network zones;or else you would have have figured that out last night itself ; anyway coming to the point … I have my Open VPN Network zone configured
   as 10.8.0.1 -255.255.255.252; which I think is blocking the clients to contact 10.8.0.0 which would be the DNS server for my Open VPN setup. So changing that to 10.8.0.0 -10.8.0.255 (limiting the subnet range, for safety)
   has made the trick; now I’m able to connect to and fro with in my subnet (open VPN network).

      Thanks a lot for your help with which I would not have achieved this!
   

Regards,
Samba.

You are welcome

I’m glad I was of help, IMHO it was a joint effort as you efficiently addressed the missing steps :-TU