SonicWALL SSL-VPN and Tunnel All Mode

I must remember this one.  Scenario: you have setup SonicWALL’s SSL-VPN to accept external NetExtender client connections.  You have configured the clients in “Tunnel All Mode” which means the external device will browse the Internet from the IP of the SonicWALL (useful for when you’re at a public hotspot or other connection-inhibiting location).  Everything connects properly and yet you cannot browse the Internet.  The fix is simple.

Go to Local Groups, edit the SSLVPN Services group.  Go to the VPN Access tab.  Add the entry WAN RemoteAccess Networks.

You’re welcome.

Don’t Forget the RTP Stream!

It’s been a rough day for SIP. Out of nowhere my Asterisk server stopped working properly. I suspected the SonicWALL and began a 2 hour long process of generating the configuration from factory defaults. I did this because a SonicWALL technician in his Indian accent chastised me for loading Beta firmware without having good backups. He blamed this for having a malfunctioning CFS policy. Anyway, I loaded new configuration and as it was it had no effect on the symptoms. Specifically, there was 1-way or no audio and the call disconnected right at about 30 seconds. 

Every Asterisk forum and support post always describes the cause of this issue to be bad NAT-ing. However nothing had changed. I loaded the same configuration into the SonicWALL as was before the wipe. 

Ultimately after much searching I came across a working solution. I added RTP ports UDP 10000-20000 to the firewall. Also I opened up the firewall to All incoming connections instead of my SIP trunk providers IP address. Possibly they changed the IP address for the media gateway but only a call to tech support would determine that. Fortunately I’ll do that tomorrow. 

Side note that I also went through a couple hours worth of free SMTP quota in about 3 seconds. I turned on email alerts on the default SonicWALL configuration. I also had Geo-IP filter engaged for a measly few 12 of the baddest countries in the malware world. Let’s just say it’s a dangerous Internet out there. My SonicWALL sent an email every time someone tried to connect and was blocked yet the Geo-IP filter. 

VMware Can’t Add NFS Datastore

This problem took me over a month to figure out.  However, with the help of a fellow tech guy (shout out to Michael Groff, thank you bro), it’s finally put to rest.

Symptoms: VMware ESXi server will not connect to a FreeNAS NFS share no matter what.  When trying to add it, VMware immediately displays a “failed” error.

Cause: About a month ago, I had an existing datastore connected with the name of “BACKUP” that was an iSCSI share from a Synology NAS.  This single drive finally failed and needed to be replaced.  Since the drive failed, I did not specifically delete the datastore from VMware, although it did not show anymore.
This was ultimately the problem.  While VMware didn’t show the datastore, I was trying to add a new datastore also called “BACKUP” (trying to remain consistent here) but somewhere in VMware the name still existed.  Unfortunately I’ve lost the link to the website where the fix was found, but it’s so simple that I still remember it.

Resolution: Connect to VMware ESXi using SSH and run the command esxcfg-nas -d <datastore name>
It will generate an error such as “Datastore not found; but we deleted it anyway”.  After that, you should be able to add your NFS datastore again.