Has anyone solved the issue with anydesk, that when https is enabled, no connection to anydesk network is possible?
I added all existing addresses to a new app, but this doesn't help
anydesk is trying to enable connection to random relay.*.net.anydesk.com addresses, which is working when https is disabled.
If you reenable it, the connection is breaking directly.
manual https diag is not showing anything, no https connection errors..
Only the info from anydesk, that the connection will not establish, when TLS will be intercepted...
Many thanks in advance and kind regards
@calimero All I can say is that the "wildcard format" is probably not accepted in a Trusted App. Subdomains are always trusted if top level ist trusted.
So, I'd try to only add "anydesk.com" to a Trusted App (or as Trusted Website).
THX!
@random Thanks for your response.
This was the first, I've added but that doesn't work for anydesk.
In the meantime I am a step further
the following IPs and URLs I have added and sometime Anydesk gets a connect, but still disconnects
Name: Anydesk
Description:
de: Anydesk
en: Anydesk
Domains:
anydesk.com
net.anydesk.com
relay-bbd5e383.net.anydesk.com
relays.net.anydesk.com
18.245.60.96
213.61.91.48/29
217.110.18.136/29
217.110.194.192/29
239.255.102.18
62.96.74.120/29
138.199.36.121
195.181.174.173
The more relay-????????.net.anydesk.com I found and add with URL and IP, the mor often I get a connection to the anydesk network.
But Anydesk itself doesn't provide their whole relay URLs, I only get them with TCPView, when I disable eBlocker https.
If it would be possible to add "relay-*.net.anydesk.com" it could be the easiest way to get it running.
Thanks and have a nice day
If it would be possible to add "relay-*.net.anydesk.com" it could be the easiest way to get it running.
This is implemented already! Sorry if I didn't make myself clear.
I try again: adding "anydesk.com" as a HTTPS Trusted App will also always trust "relay-XYZ.net.anydesk.com" as this is a subdomain. All subdomains inherit the trust of the top domain. 💡
So, if adding "anydesk.com" as Trusted is not yielding the effect you wish for, there must communication to other domains taking place. Adding more anydesk.com subdomains makes no sense but I'd rather look for other domains/IPs they might be using.
THX!
@random Hi Random and thanks.
This is not working for anydesk and they seem to make other validation check, which do not appear anywhere
The only thing I can see
https on (eB v3.2.3)
https off
If there is nothing more I can do, I'll try to gather all relay-* sites, until it will work and then provide the complete list of hosts and ip addresses I#ve found
Many thanks and kind regards
@calimero As said, adding more XX (in XX.domain.com) makes no sense if "domain.com" is trusted already.
So rather than gathering more relay-*.net.anydesk.com sites, I'd take wireshark to see what's really going on when eBlocker is disabled. Then put all target IPs/domains for wireshark into a Trusted App and switch eBlocker back on. I'd assume this approach would work well.
One more hint: You could also simply ask anydesk which IP/domains they use. The question is not uncommon as other protection software (like Symantec business products) do MITM as well - facing the same challenges as with eBlockerOS.
Good luck 🍀
THX!
@random I appreciate your input. Thanks!
Wireshark & additional firewall loggin helped me, finding a lot more of the hosts and ips, but it is still not working as desired.
Attached my yet found ips & hosts for others to test.
I will try to get some help from anydesk on this one and share it with you!
kind regards
Just a final thought: If you are using IPv6 with your client then whitelisting IPv4 might not be the way to go. So I'd (generally) recommend to disable IPv6 on the router to make sure IPv4 whitelisting has the desired effect.
THX!
A quick update on this topic and I think it can be closed now.
With help of an firewall and log analysis I found - hopefully the most, but not all - IPs and hosts, which are in use by anydesk and made an app which I sent in via mail!
Many thanks and kind regards