How to connect to LAN via XyWall 110 VPN?

NickArt
NickArt Posts: 7
First Comment
edited April 2021 in Security
Hello there

Sorry in the advance for this newby question:

I have a VPN set up on the XyWall 110 but when I try to access the LAN network I simply can't. Essentially I'm trying to access a NAS server via the VPN like you'd access a NAS while being directly connected to the LAN.
I suppose I need to change something in the security policies settings, but being relatively new to this I don't exactly know how.

If somebody more knowledgable than I could tell me what I'd need to change?

Cheers

Nick

All Replies

  • PeterUK
    PeterUK Posts: 2,653  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Your logs should show you what is blocked to make a VPN to LAN1 rule.

  • PeterUK said:

    Your logs should show you what is blocked to make a VPN to LAN1 rule.


    Okay, I see a lot of messages of dropped packages, any idea what I'm looking for?
    I suppose I should try to have my device connected via VPN to try and access the NAS on the LAN for example?
  • PeterUK
    PeterUK Posts: 2,653  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited October 2019
    yes do a test connect then check the logs also add source/destination interface.

    you be looking for the IP to the NAS

  • I've been very busy yesterday and I have figured out what the problem was: It was easily solved by adding a security policy that allowed traffic from ipsec vpn to Lan1.

    Now on the other hand I have discovered that I had some very dubious security policies that allowed for anybody to access my firewall and NAS log on screen from the internet (A friend in a different country double checked for me and by using the public ip and specific ports he could get on to the log on screen for the firewall and the nas. So I deactivated those.

    Now on my macbook this works fine. I am able to access the NAS and other things via the browser or the connect to network drive option by giving the local ip, however, on my windows 10 surface while access via the browser works, adding the NAS as a network drive somehow does not. Any idea on what the issue could be?

    Regarding security policies: One policy bothers me a little: If I deactivate it or remove any of the default allowances (which are AH, NATT, HTTPS, IKE GRE ESP) the vpn stops working. It's policy 14 in the picture:

    I checked and I can't access either the NAS or the Firewall with the public IP, but that rule still strikes me as odd: What does it exactly do?


    Cheers

  • PeterUK
    PeterUK Posts: 2,653  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    You can remove HTTPS as your using ipsec this will stop anyone getting to the firewall log on screen.

  • With the rules as are I and others can't access the log on page of the firewall or the NAS.

    If I remove https, it somehow doesn't let me connect to the vpn anymore.

Security Highlight