Kill states created by nat?
-
@Bob-Dig tried that, the "x" doesn't kill the vpn, i guess it doesn't see the nat connection :(
-
You should still be able to kill the LAN side part of the connection. You should be able to kill the WAN state too but you might not be able to if you have filtered the table and you are trying to kill all listed states.
-
@stephenw10 it does kill probably the lan part, but the vpn is still working good and uninterrupted
-
It's possible the UDP VPN traffic is re-openning the LAN state outbound. You should be able to see that in the state table.
If that is the case you could add a floating block rule outbound on LAN to prevent it opening the state that way.
Steve
-
@stephenw10 nono, the rule blicks new connections right. But those started by the wan ip dont ket killed. Is there a way to kill them?
-
It shouldn't matter if the LAN state is killed and cannot be re-created.
-
@stephenw10 s9 what do i do? Besides flushing all states or nat
-
Add a floating outbound block rule on LAN that specifically matches the VPN reply traffic. So maybe UDP with source port 1194 if it's OpenVPN. Or maybe using the server IP address as source.
But as I said check the state table to make sure that's what is happening. You should be able to see a difference between a states created by the traffic from the LAN client and one that's opened by the reply traffic from the server.
-
@stephenw10 its not openvpn, it globalprotect, its a company 0c with multiple servers :(
-
Well use the client as destination then. What ports is it using? If they are fixed you can include that to be more specific.
But check it really is re-opening states from WAN first.
