[Solved] Anydesk Remote Support not working with https enabled

@calimero All I can say is that the "wildcard format" is probably not accepted in a Trusted App. Subdomains are always trusted if top level ist trusted.

So, I'd try to only add "anydesk.com" to a Trusted App (or as Trusted Website).

THX!

@random Thanks for your response.

This was the first, I've added but that doesn't work for anydesk.

In the meantime I am a step further

the following IPs and URLs I have added and sometime Anydesk gets a connect, but still disconnects

Name: Anydesk
Description:
de: Anydesk
en: Anydesk
Domains:
anydesk.com
net.anydesk.com
relay-bbd5e383.net.anydesk.com
relays.net.anydesk.com
18.245.60.96
213.61.91.48/29
217.110.18.136/29
217.110.194.192/29
239.255.102.18
62.96.74.120/29
138.199.36.121
195.181.174.173

The more relay-????????.net.anydesk.com I found and add with URL and IP, the mor often I get a connection to the anydesk network.

But Anydesk itself doesn't provide their whole relay URLs, I only get them with TCPView, when I disable eBlocker https.

If it would be possible to add "relay-*.net.anydesk.com" it could be the easiest way to get it running.

Thanks and have a nice day

@calimero

Posted by: @calimero

↑

If it would be possible to add "relay-*.net.anydesk.com" it could be the easiest way to get it running.

This is implemented already! Sorry if I didn't make myself clear.

I try again: adding "anydesk.com" as a HTTPS Trusted App will also always trust "relay-XYZ.net.anydesk.com" as this is a subdomain. All subdomains inherit the trust of the top domain. 💡

So, if adding "anydesk.com" as Trusted is not yielding the effect you wish for, there must communication to other domains taking place. Adding more anydesk.com subdomains makes no sense but I'd rather look for other domains/IPs they might be using.

THX!

@random Hi Random and thanks.

This is not working for anydesk and they seem to make other validation check, which do not appear anywhere

The only thing I can see

https on (eB v3.2.3)

https off

If there is nothing more I can do, I'll try to gather all relay-* sites, until it will work and then provide the complete list of hosts and ip addresses I#ve found

Many thanks and kind regards

@calimero As said, adding more XX (in XX.domain.com) makes no sense if "domain.com" is trusted already.

So rather than gathering more relay-*.net.anydesk.com sites, I'd take wireshark to see what's really going on when eBlocker is disabled. Then put all target IPs/domains for wireshark into a Trusted App and switch eBlocker back on. I'd assume this approach would work well. 

One more hint: You could also simply ask anydesk which IP/domains they use. The question is not uncommon as other protection software (like Symantec business products) do MITM as well - facing the same challenges as with eBlockerOS.

Good luck 🍀

THX!

@random I appreciate your input. Thanks!

Wireshark & additional firewall loggin helped me, finding a lot more of the hosts and ips, but it is still not working as desired.

Attached my yet found ips & hosts for others to test.

I will try to get some help from anydesk on this one and share it with you!
kind regards

@calimero Here is what perpexity has to say:

To solve AI recommends

Not sure whether this is helpful - but maybe it's worth a try.

THX! 

Just a final thought: If you are using IPv6 with your client then whitelisting IPv4 might not be the way to go. So I'd (generally) recommend to disable IPv6 on the router to make sure IPv4 whitelisting has the desired effect.

THX!

@random again thanks for all your thoughts and input.

your last 3 additional IPs I missed and added them to my App

IPv6 is completely disabled in my infrastructure.

Still not successfull, but I won't give up 🙂

Thanx and regards

A quick update on this topic and I think it can be closed now.

With help of an firewall and log analysis I found - hopefully the most, but not all - IPs and hosts, which are in use by anydesk and made an app which I sent in via mail!

Many thanks and kind regards