Ewon provides industrial-grade routers with VPN functionality for third parties to support internal infrastructure.
For adam:ONE® Zero Trust connectivity users, these connections will fail by default for these potential reasons:
- The default policy is usually a Holding Tank Quarantine
- A deny-all policy does not include
talk2m.comas an allowed domain (with subdomains) - DTTS® (Don’t Talk To Strangers) prevents the ewon device from making an UDP port 1194 connection directly to an IP without using DNS
Steps to resolve
-
If one doesn’t exist already, build an IoT Allowlist (Whitelist) rule that includes
talk2m.comand allows subdomains -
If one doesn’t exist already, build an Allowlist Policy (with the IoT rule enabled)
-
Locate the ewon device on the Dashboard → Devices and edit to use the IoT policy
-
Use
mytools.management/logtraffic log (top left drop-down) to observe the ewon device attempting to make UDP port 1194 connections and note the failing destination IP address -
Create an Enabler under Dashboard → My Rules → Enablers (tab) that allows this traffic through, it would looks similar to this:
-
Turn the Enabler ON in the IoT policy
