AnsweredAssumed Answered

Traffic from network directed at VPN clients

Question asked by Matt Snead on Mar 9, 2018
Latest reply on Mar 12, 2018 by Matt Snead

Gaia R77.30, Windows 7, using Endpoint Connect

 

I have an interesting problem here. I was trying to setup VPN access for our police department to access our security cameras. However, the picture from the camera never shows up. Through almost 12 hours of troubleshooting, I've finally figured out that the way the software works, is it initiates a connection to the video recorder, tells it the camera it wants, and then sets up a (somewhat random) listening port. The video recorder itself then sends UDP/RTP packets from itself to the client to that port.

The problem is the traffic never makes it to the client. I assume this is because the client is NATed and doesn't have port forwarding rules setup, but static port forwarding rules are not going to be an option. I'm wondering if there is something in the firewall configuration that can make this happen. I found the option, "Enable Back Connections (from gateway to client)" under global props -> Remote Access. No idea what that's actually doing though, and it hasn't rectified the problem.

I see the traffic in the logs, and appears that it's even encrypting it to send over the tunnel. But from my wireshark logs on the client, I'm not seeing any traffic hit that port.

 

edit: What's weird is it works fine on an iPhone, iPad (hotspotted to iPhone as well), Android tablet, and Windows 10.  Now on all of the mobile devices I mentioned, it's using a special app for the cameras which may behave differently.  But on windows 10 I'm using the same web interface version as with Windows 7.   All of these are using the checkpoint capsule vpn app for connectivity.  So I don't know what that is doing to make it work, but I'd like to impersonate it on Windows 7 :).

Outcomes