On a VM I have installed RRAS (Routing and Remote Access Service) Role within Windows and configure it as a VPN Server.
- When firewalling within vCloud Director is Off, all is working fine
- When firewalling within vCloud Director is On, I've authorized all outgoing traffic, plus incoming traffic on TCP port 1723. I doesn't work, so I assume (maybe wrongly) that the issue is that Protocol 47 GRE (General Routing Encapsulation) is not going through. The problem is I haven't found any way to let Protocol 47 GRE through beside disabling all firewalling within vCloud.
Is there something I am misunderstanding?
Or are there no simple solution and if so should I forget about RRAS and go for OpenVPN or whatever?
Thanks a lot for any potential help!
Sadly I do not think the that GRE is supported with vShield 5 😞
https://twitter.com/michaelahaines/status/149796829490454528 (I know its old but its still for vShield 5 and I have seen nothing to suggest anything has been released yet. Might be worth tweeting Michael Haines to see where VMware are?)
Thanks, good to know the issue is not only in my head
What I have done is to change the default rule to allow all traffic and then deny all TCP & UDP.
This is not fancy but it works (47/GRE DOES go through).
However I'm not very confident as I'm no security specialist, so I'm not sure if there is a risk by allowing all non-TCP/UDP traffic.