Hi,

After Outpost Pro RC1 upgraded to 1.0.420.1815, I started to encounter problems with connecting to my work's network using Contivity VPN Client. The client attempts to login but keeps losing the connection and the following entries appear in the blocked list :-

Reason Application Remote host port Direction Protocol
Learning Mode EXTRANET.EXE 10.143.103.2 QOTD Outbound TCP
Learning Mode EXTRANET.EXE n/a n/a Outbound ESP

I have tried marking this application as Trusted, allowing all TCP communication and reinstalled Outpost and started a brand new configuation. I have also allowed unknown protocols under Global App and system rules, but so far no luck.

I also noticed that when you set up rules for an app you can only specify TCP and UDP protocol, in the previous version you were able to also select IP and Unknown.

Rgds, Jcb

I dont know a way around this problem and I doubt that the other Mods do.
Please wait for Danil, he can ask a programmer for help.

Originally posted by Jcb


I also noticed that when you set up rules for an app you can only specify TCP and UDP protocol, in the previous version you were able to also select IP and Unknown.

Rgds, Jcb
Hi Jcb,
like WizzOzz said, this is unfrequently appearing bug, which isn´t solved jet. To your second point. The IP and Unknown is now only available in the global and system rules. If you could show up an example for what you need the IP and Unknown for application rules it would be helpfull.
Best regards

I don't know if this helps, but long ago, in such circumstances, I would shutdown OP, connect what I wanted to make a connection and than run OP again.
For me the added GRE support helped a lot, this trick is not needed anymore (I don't even know if it still works...):rolleyes:

Hi v_profiler,

The only time I ever used allow Unknown in an app rule was for the Contivity VPN Client software. I later had to allow Unknown Protocol in the Global Settings to allow Lotus Notes to send email, so I do not really have any need for these type of rules.

Hi Meneer,

I switched to 'Allow Most Mode' and I could connect via VPN and use Lotus Notes and telnet to all my unix systems.

As soon as I switched to 'Rules Wizard Mode' I could not access anything. All I got in the Blocked list was 'Learning Mode' against each Application that I run (telnet,ping,notes).

:confused:

I gave up on getting 1.0.420.1815 to run. Went back and reinstalled 1.0.1220.2238.

Porter

I gave up on getting 1.0.420.1815 to run. Went back and reinstalled 1.0.1220.2238.
Porter Rockwell, Jcb, please

If you have 1.0.1220
1) Uninstall 1.0.1220
2) Reboot
3) Install 1.0.1420
4) Reboot
5) follow the instructions below

If you have 1.0.1420
1) Select File->New Config
2) Go to Options->System->System rules and make sure that both "Allow GRE checked" and "Deny Unknown protocol" checked.
3) Switch to Rules Wizard and try to reprodcue the problem "VPN blocked"
4) Please inform us about results

Thank you

What do you mean by "2) Go to Options->System->System rules and make sure that both "Allow GRE checked" and "Deny Unknown protocol" checked."
Here are my choices.(see screenshot) No GRE.
chris

Here are my choices.(see screenshot) No GRE.
chrisclu, you missed "1) Select File->New Config".

Here's my default new config screen, GRE is included as you will notice.
What are these new rules? They certainly are not the default settings.

Thanks Mikhail,
Building new one now. Sure wish I could have imported my active content rules.
chris:eek:

Mikhail,

Using 1.0.1420, new config with 'Allow GRE Protocol' and 'Deny Unknown Protocol' checked. I get the following log entries when I try to connect with VPN client :-

03/03/2002 01:07:20 EXTRANET.EXE 00:00:00 0 bytes 122 bytes UDP cache.net DNS LocalHost 1071 Outbound Allowed Allow DNS Resolving
03/03/2002 01:07:22 EXTRANET.EXE 00:00:00 2248 bytes 1166 bytes UDP ras.uk.com 500 LocalHost 500 Outbound Allowed Allow activity for application EXTRANET.EXE
03/03/2002 01:07:42 EXTRANET.EXE 00:00:22 0 bytes 0 bytes ESP n/a n/a n/a n/a Outbound
Blocked Deny Unknown Protocols

If I uncheck 'Allow Unknown Protocol' I get the following log entries :-

03/03/2002 01:08:42 EXTRANET.EXE 00:00:00 2456 bytes 1262 bytes UDP ras.uk.com 500 LocalHost 500 Outbound Allowed Allow activity for application EXTRANET.EXE
03/03/2002 01:08:46 EXTRANET.EXE 00:00:21 0 bytes 0 bytes ESP n/a n/a n/a n/a Outbound Blocked Learning Mode

I have managed to connect if I add the following to my trusted zone :-

work's dns server
work's ras server
Any Notes server I want to use
Any Unix systems I want to use

I tried with just the dns/ras servers in Trusted Zone but I always get a Blocked Learning Mode when I try to connect to a server not in Trusted Zone (didn't matter which product I tried to connect with).

Now while this method gets me around the problem, it's a real pain as I need to maintain the list of systems in my Trusted Zone.

Now while this method gets me around the problem, it's a real pain as I need to maintain the list of systems in my Trusted Zone
Let's find what out is wrong together. Please

1) Go to Options->System->System rules and make sure that both "Allow GRE checked" and "Deny Unknown protocol" checked.

2) Make sure that you have the Debug plug-in installed. To check it, please right click on the Outpost icon in the system tray (by default it is a question mark within a dark blue circle) and see if you have “Debug” and “Report a bug” on the context menu. If you do not have these menu items, please download http://www.agnitum.com/download/OutpostDebugInstall.exe , install it and reboot your PC.

3) Switch to Rules Wizard and try to reprodcue the problem "VPN blocked" - (EXTRANET.EXE is blocked)

4) Right click on Outpost’s icon in the system tray and select “Report a bug”.

5) The Outpost Debug plug-in will extract the needed debug information, zip it and will launch your e-mail client with the information as an attachment.

6) Please also include the URL of the thread where this problem was discussed.

Thank you

Mikhail,

Debug information emailed as requested.

Thanks, Jcb

I can now connect to my work's network with the Contivity VPN Client.

At Mikhail's request I created a system rule to allow IP protocol of type ESP.

Thanks for all your help Mikhail.

Rgds, Jcb

(this rule also works with OP Pro v1.0.1511.1038)

Please can you post the exact settings on how you got VPN Contivity working with Agnitum Outpost.

I am on Outpost version 1.0.1817, Windows XP and Contivity Version 4.65.09.

I am unable to get this combination to work trying all the changes (ESP, Unchecking Deny Unknown Protocols etc.) in this thread.

Please see this thread (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=6108) for updated information.

I don't know if this will make any difference but I also use Nortel Contivity VPN and had to set the OP policy to Allow Most (I normally use the Block Most policy) in order to get it to connect to our corporate network. I too was trying to find a way of getting the VPN client to go through the Block Most policy and I think I found out how to do it. I noticed that in the logs ports 500 and 4500 were being blocked so I simply added those ports to the Global Setting and voila!