Print over the vpn

Julien · July 29, 2023, 12:41:49 AM

Hello everyone,

We have set up a site-to-site Wireguard VPN to our datacenter. The LAN interface is configured to allow ports 443, 80, 53, and 9100 for printing Konica devices.

However, when the users attempt to print from the remote location to the office, it doesn't work. Printing only functions when we add the rule "any to any."

Could someone advise why this is happening and what I might be missing here? Thank you!

slackadelic · July 29, 2023, 04:35:33 AM

Is the tunnel NATing traffic?

Julien · July 29, 2023, 11:28:14 AM

Quote from: slackadelic on July 29, 2023, 04:35:33 AM
Is the tunnel NATing traffic?

The tunnel interface firewall rules is allowing any to any of this what you mean.

slackadelic · July 30, 2023, 01:13:04 AM

Have you done tcpdump captures on the interfaces in question to make sure the traffic is passing how it should?

dmark · July 30, 2023, 09:08:23 PM

Printer drivers often try to get the status of the printer via SNMP (UDP/161). So you could try to allow this protocol.

Julien · July 31, 2023, 09:21:01 PM

Thank you for your answer
I see we have on the printer Alias the next ports 137/138/139/161/162/427/9100/9220/9500
Still killing the printer during the print
When the users print I don't see anything on the LAN interface being blocked.

dmark · August 01, 2023, 06:01:46 PM

If snmp does not help you should analyze the traffic with tcpdump and/or wireshark.

Julien · August 20, 2023, 01:55:45 PM

We managed to find the blocked port on the firewall live vieuw
Thank you everyone

Print over the vpn

Julien

July 29, 2023, 12:41:49 AM

slackadelic

July 29, 2023, 04:35:33 AM #1

Julien

July 29, 2023, 11:28:14 AM #2

slackadelic

July 30, 2023, 01:13:04 AM #3

dmark

July 30, 2023, 09:08:23 PM #4

Julien

July 31, 2023, 09:21:01 PM #5

dmark

August 01, 2023, 06:01:46 PM #6

Julien

August 20, 2023, 01:55:45 PM #7