cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
357
Views
0
Helpful
0
Replies

Vpn tunnels on RV220W a remote backdoor into network?

Jeff Gindall
Level 1
Level 1

Hi all,

I need to modify a RV220W-based setup (latest firmware) in order to apply some restrictions on VPN and it seems VPN tunnels totally bypass the firewall on this model. No matter how the firewall is configured, even with a single rule blocking all incoming WAN traffic, traffic originating from VPN tunnels is simply accepted and goes straight in.

In summary, so it seems, you can restrict all the WAN and inter-VLAN traffic you want, incoming traffic from VPN tunnels always happily makes it through to any LAN destination, including to the router's management console itself. This is equivalent to granting a remote tunnel user a complete backdoor into the network, regardless of any local restrictions you put in place ... a pretty serious flaw if you ask me.

Oddly enough, the opposite seems to work: defining a blocking firewall rule LAN->WAN specifying remote IPs does block outgoing VPN tunnel traffic.

Looking forward to similar experiences or solutions, KR

0 Replies 0