- NG Firewall firmware versions 4.2.x, 5.0.x, 5.2.x
- netfence firmware versions 4.2.x
Any type of VPN tunnel can successfully be established but no traffic is forwarded into or out of the tunnel.
There are three common reasons for this problem:
1. No firewall service is defined on the NG Firewall gateway that hosts the "VPN service". VPN tunnels are terminated before the firewall service. If no firewall service is running on the system, traffic arriving on the netfence gateway cannot be forwarded into the network.
2. A firewall service is running but no rule allowing traffic out of or into the VPN tunnel is configured in the firewall rule set.
3. The rule allowing traffic into the VPN traffic uses the connection type ProxyDyn. This prevents the traffic from being routed into the VPN tunnel correctly.
Introduce a firewall service on the netfence gateway that is hosting the "VPN service". Make sure to define a firewall rule that allows VPN traffic. Do not use "ProxyDyn" as connection type - use "Client" instead.