HTTP doesn't pass through PepVPN


#1

I have two Surf SOHOs running firmware 7.0.0 connected via a PepVPN. I can access everything on the other LAN from either LAN except for HTTP.

Each LAN has a Web server plus the administration Web server in the SOHO. If I attempt to connect to any Web server on the other LAN I immediately get back a TCP RST packet. All other protocols that I have tried work fine.

Neither SOHO has any Internal Network Firewall Rules or Outbound Firewall Rules. One has a default Inbound Firewall Rule that denies all traffic, the other has rules that allow HTTP and FTP to one internal IP address plus a default rule that denies all traffic.

Why is HTTP traffic blocked through the PepVPN?


#2

Enable logging on your deny rules. Then look in the event viewer. Hope this gets you pointed in the right direction


#3

The only deny rules were the default rules in Inbound Firewall Rules which don’t offer a logging option. I changed both to Allow, that made no difference.


#4

Add another rule just above the default rule that is identical to the default rule - enable the logging on it.

If you have port 80 forwarders in both locations, that could also potentially cause an issue? Which side would the tunnel consider local? I would imagine those forwarders are meant for wan to LAN. The tunnel should not require any forwarding since there is no NAT involved, right? Maybe some local DNS entries with the local LAN IP addresses might be the answer.

Let me know which path you want to journey down first. I would start with new default firewall rules with logging enabled (copy of the default rule with logging checked). That will give you an idea as to which firewall the router is trying to traverse (without success). It is either inbound, outbound, or internal. My bet is that the traffic is trying to use NAT loopback when using a public DNS but there is an internal rule (possibly outbound) denying and dropping (or reseting) the connection.


#5

This sounds more like a problem with the firewall on the web server, not the VPN.