Re: vCloud firewalls: how to allow protocol 47 GRE...

CapAV · ‎07-16-2012

On a VM I have installed RRAS (Routing and Remote Access Service) Role within Windows and configure it as a VPN Server.

- When firewalling within vCloud Director is Off, all is working fine

- When firewalling within vCloud Director is On, I've authorized all outgoing traffic, plus incoming traffic on TCP port 1723. I doesn't work, so I assume (maybe wrongly) that the issue is that Protocol 47 GRE (General Routing Encapsulation) is not going through. The problem is I haven't found any way to let Protocol 47 GRE through beside disabling all firewalling within vCloud.

Is there something I am misunderstanding?

Or are there no simple solution and if so should I forget about RRAS and go for OpenVPN or whatever?

Thanks a lot for any potential help!

charliejllewell · ‎07-19-2012

Sadly I do not think the that GRE is supported with vShield 5 😞

https://twitter.com/michaelahaines/status/149796829490454528 (I know its old but its still for vShield 5 and I have seen nothing to suggest anything has been released yet. Might be worth tweeting Michael Haines to see where VMware are?)

CapAV · ‎07-19-2012

Thanks, good to know the issue is not only in my head

What I have done is to change the default rule to allow all traffic and then deny all TCP & UDP.

This is not fancy but it works (47/GRE DOES go through).

However I'm not very confident as I'm no security specialist, so I'm not sure if there is a risk by allowing all non-TCP/UDP traffic.

All

vCloud firewalls: how to allow protocol 47 GRE?