Wireless Access

last person joined: 7 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Zero VPN issue

This thread has been viewed 0 times

  • 1.  Zero VPN issue

    Posted Oct 08, 2018 01:35 AM

    We have configure Aruba Controller with Mac address authentication. Mean anyone can connect with SSID but internet will not work. We have seen some user using ZERO VPN application to bypass mac address authentication, and they are using internet without Mac address authentication. 

    How we will stop illegal access of internet with ZERO VPN. Your kind response is awaited.  

     



  • 2.  RE: Zero VPN issue

    EMPLOYEE
    Posted Oct 08, 2018 01:43 PM
    @MAdnan wrote:

    We have configure Aruba Controller with Mac address authentication. Mean anyone can connect with SSID but internet will not work. We have seen some user using ZERO VPN application to bypass mac address authentication, and they are using internet without Mac address authentication. 

    How we will stop illegal access of internet with ZERO VPN. Your kind response is awaited.  

     

    Mac authentication is considered weak due to the ease of spoofing a known working mac. If network access needs to be secured/protected, the recommendation would be to augment with WPA2.



  • 3.  RE: Zero VPN issue

    Posted Oct 11, 2018 01:46 AM

    Mac address authentication is requirement of our organization. We can't not use WAP2 authentication because user share Password. We need a solution to stop zero VPN application. Please guide us to solve this issue.



  • 4.  RE: Zero VPN issue

    EMPLOYEE
    Posted Oct 11, 2018 05:34 AM

    You need to find out what firewall protocols the Zero VPN application uses and then use firewall rules to block it.



  • 5.  RE: Zero VPN issue

    Posted Oct 13, 2018 12:53 AM

    How we will know which firewall protocol ZERO VPN application are using? 



  • 6.  RE: Zero VPN issue

    Posted Oct 15, 2018 02:13 AM

    Is there anyone who help me?? waiting for response



  • 7.  RE: Zero VPN issue

    EMPLOYEE
    Posted Oct 15, 2018 03:33 AM

    Let's start from the beginning:

     

    The users who fail mac authentication, do they obtain an ip address?

    What is the user role when they fail mac authentication?



  • 8.  RE: Zero VPN issue

    Posted Oct 17, 2018 12:15 AM
      |   view attached

    The users who fail mac authentication, do they obtain an ip address?

     

    Yes, They get IP address.

     

    What is the user role when they fail mac authentication?

     

    user logon role. 

     

    screenshot is attached. 



  • 9.  RE: Zero VPN issue

    Posted Oct 17, 2018 03:34 AM

    Uhm, seems like your logon-role is allowing svc-natt (UDP 4500) which is common when using VPN (along with SSL/443).

    Deny svc-natt and see what happens.

     



  • 10.  RE: Zero VPN issue

    Posted Oct 18, 2018 12:41 AM

    I did the same to tell me. but still Zero VPN application is working. i cant understan how will i stop it. please help



  • 11.  RE: Zero VPN issue

    Posted Oct 18, 2018 02:47 AM

    Hmm, Okay first we need to see that you are actually in the "correct" role when failing mac auth.

    Please show us the output of "show user" with your user.

     

    Please also show us your new edited logon role.

     

    Another thing is that you can see which ports are used with zero VPN if you know the destination IP of the Zero VPN server.

    Connect to zero VPN with your failed client and write this in the controller

    "show datapath session table | include x.x.x.x"

    where x.x.x.x is the zero vpn server and give us the output.



  • 12.  RE: Zero VPN issue

    Posted Oct 18, 2018 05:57 AM

    we have more then 4K users, i cant share show user output. logon rule screenshot and show datpath outputs are attached. i just hide my live ip in output of show datapath.