[Solved] Anydesk Remote Support not working with https enabled

11 Posts
2 Users
5 Reactions
36 Views
(@calimero)
Member
Joined: 6 Jahren ago
Posts: 537
Topic starter  

Has anyone solved the issue with anydesk, that when https is enabled, no connection to anydesk network is possible?

I added all existing addresses to a new app, but this doesn't help

 

image

anydesk is trying to enable connection to random relay.*.net.anydesk.com addresses, which is working when https is disabled.

If you reenable it, the connection is breaking directly.

manual https diag is not showing anything, no https connection errors..

Only the info from anydesk, that the connection will not establish, when TLS will be intercepted...

Many thanks in advance and kind regards

Client OS
Browser
eBlocker hardware
Client OS version

   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2103
 

@calimero All I can say is that the "wildcard format" is probably not accepted in a Trusted App. Subdomains are always trusted if top level ist trusted.

So, I'd try to only add "anydesk.com" to a Trusted App (or as Trusted Website).

THX!


   
ReplyQuote
(@calimero)
Member
Joined: 6 Jahren ago
Posts: 537
Topic starter  

@random Thanks for your response.

This was the first, I've added but that doesn't work for anydesk.

In the meantime I am a step further

the following IPs and URLs I have added and sometime Anydesk gets a connect, but still disconnects

 

Name: Anydesk
Description:
de: Anydesk
en: Anydesk
Domains:
anydesk.com
net.anydesk.com
relay-bbd5e383.net.anydesk.com
relays.net.anydesk.com
18.245.60.96
213.61.91.48/29
217.110.18.136/29
217.110.194.192/29
239.255.102.18
62.96.74.120/29
138.199.36.121
195.181.174.173

The more relay-????????.net.anydesk.com I found and add with URL and IP, the mor often I get a connection to the anydesk network.

But Anydesk itself doesn't provide their whole relay URLs, I only get them with TCPView, when I disable eBlocker https.

If it would be possible to add "relay-*.net.anydesk.com" it could be the easiest way to get it running.

Thanks and have a nice day


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2103
 

@calimero

Posted by: @calimero

If it would be possible to add "relay-*.net.anydesk.com" it could be the easiest way to get it running.

This is implemented already! Sorry if I didn't make myself clear.

I try again: adding "anydesk.com" as a HTTPS Trusted App will also always trust "relay-XYZ.net.anydesk.com" as this is a subdomain. All subdomains inherit the trust of the top domain. 💡

So, if adding "anydesk.com" as Trusted is not yielding the effect you wish for, there must communication to other domains taking place. Adding more anydesk.com subdomains makes no sense but I'd rather look for other domains/IPs they might be using.

THX!


   
ReplyQuote
(@calimero)
Member
Joined: 6 Jahren ago
Posts: 537
Topic starter  

@random Hi Random and thanks.

This is not working for anydesk and they seem to make other validation check, which do not appear anywhere

 

The only thing I can see

https on (eB v3.2.3)

image

 

https off

image

 

If there is nothing more I can do, I'll try to gather all relay-* sites, until it will work and then provide the complete list of hosts and ip addresses I#ve found

 

Many thanks and kind regards


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2103
 

@calimero As said, adding more XX (in XX.domain.com) makes no sense if "domain.com" is trusted already.

So rather than gathering more relay-*.net.anydesk.com sites, I'd take wireshark to see what's really going on when eBlocker is disabled. Then put all target IPs/domains for wireshark into a Trusted App and switch eBlocker back on. I'd assume this approach would work well. 

One more hint: You could also simply ask anydesk which IP/domains they use. The question is not uncommon as other protection software (like Symantec business products) do MITM as well - facing the same challenges as with eBlockerOS.

Good luck 🍀

THX!


   
ReplyQuote
(@calimero)
Member
Joined: 6 Jahren ago
Posts: 537
Topic starter  

@random I appreciate your input. Thanks!

Wireshark & additional firewall loggin helped me, finding a lot more of the hosts and ips, but it is still not working as desired.

Attached my yet found ips & hosts for others to test.

I will try to get some help from anydesk on this one and share it with you!
kind regards

 


   
Random reacted
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2103
 

@calimero Here is what perpexity has to say:

Screenshot 2025 08 14 175201

To solve AI recommends

Screenshot 2025 08 14 175234

Not sure whether this is helpful - but maybe it's worth a try.

THX! 


   
CalimerO reacted
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2103
 

Just a final thought: If you are using IPv6 with your client then whitelisting IPv4 might not be the way to go. So I'd (generally) recommend to disable IPv6 on the router to make sure IPv4 whitelisting has the desired effect.

THX!


   
CalimerO reacted
ReplyQuote
(@calimero)
Member
Joined: 6 Jahren ago
Posts: 537
Topic starter  

@random again thanks for all your thoughts and input.

your last 3 additional IPs I missed and added them to my App

IPv6 is completely disabled in my infrastructure.

 

Still not successfull, but I won't give up 🙂

Thanx and regards


   
Random reacted
ReplyQuote
(@calimero)
Member
Joined: 6 Jahren ago
Posts: 537
Topic starter  

A quick update on this topic and I think it can be closed now.

With help of an firewall and log analysis I found - hopefully the most, but not all - IPs and hosts, which are in use by anydesk and made an app which I sent in via mail!

Many thanks and kind regards


   
Random reacted
ReplyQuote

Nach oben scrollen