Heya All,

Can Untangle do a site-to-site 'permanent' type VPN between two Untangle boxes? If so, can it do it between an Untangle box and some other vendor's firewall such as a Check Point or a Cisco PIX? I've looked in the client config settings for the OpenVPN module but it seems that its all client based, no server-to-server seems available.

Regards,

Chum

Your first statement is correct. You can setup the site to site OpenVPN with two Untangle servers. Here is the wiki page:
http://wiki.untangle.com/index.php/OpenVPN

Currently, the OpenVPN does not support site to site with any other products and vendors, since other vendors are using IPsec.

I will just add to this thread as it seems the right place.

I'm trying a site to site VPN. On the server side, the system copies the key to the USB flash drive no problem. On the client side, it reads the key and sees the correct name for the VPN I've configured, but then tells me "The client configuration could not be downloaded from the key. Please try again."

I've tried repeatedly and it does not work. Suggestions?

Bump... I'm trying this on 4.2. Any ideas?

Bump... I'm trying this on 4.2. Any ideas?

could you check the files on the usb? there should be a folder named untangle-data > openvpn > 3 files

Yes... 3 files under C:\untangle-data\openvpn
- config-system1-testbox2.zip
- eg-system1-testbox2.stamp
- setup-system1-testbox2.exe

hi bossman351.

were both of the boxes have the same version ? On the untangle ( server site), what did you set on the network address?

addition:

under OpenVPN > VPN Client /Site > VPN Site

The first 5 or 6 times they were the same version. The last time I set up the remote site as a V5 box. Public addresses were in the same Class C subnet. Private addresses on the server were 10.x.x.x and on the client there was only one interface.

bump

hi bossman35.
are you still having problem with this? you could send us your activation key at support@untangle.com and verify "Allow secure remote support ...." is selected under Config > Support.

Both boxes needs to be online so we can look at it :)

Hi

after install OpenVPN server i have usb read problem. Server succesfully export the key but client not install correctly. My Openvpn server not has published DNS record. When i sniff with tcp dump on server (while click on read usb and install on vpn client) external IP i saw server search for host name on net.
I changed my host name to real IP on networking menu host name tab and export key again.
After this exporting client succesfully read and install keys.

You probably had the hostname set to resolve publicly with a name that is either not legal or not published. Check CONFIG -> REMOTE ADMIN.

Hi all

i had a problem with side to side vpn.

I install open vpn and untangle with following wiki steps.

Problem is;
I have 2 local networks. one of head office(Lan A) one of them branch office (Lan B).
Lan A has directly connected to internet. Lan B is connected behind DSL router. On DSL router i disabled firewall module

After installing open vpn module and adding rule to both side shown http://forums.untangle.com/attachment.php?attachmentid=282&d=1208828846 i saw connection on server side eventlog. And i can succesfully pinging from branch office UT to head office UT External and internal IP.

But pinging from branch office internal subnet to head office internal subnet unsuccesfully.

For following ICMP packet on interface tcpdump tools used. According to result icmp packet sending result i can see on branch office tun0 interface but i don't observed any packet on head office tun0 interface.

Shortly icmp packet from LAN B heading to UT Branch office VPN tunnel but nothing observed at the end of tunnel.

routing records Branch Office Untangle Server

NOTE: 192.168.5.0/24 is internal interface of branch office and
10.22.26.0 is internal interface of head office

Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.16.1 172.16.16.6 255.255.255.255 UGH 0 0 0 tun0
172.16.16.6 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.22.26.0 172.16.16.6 255.255.255.0 UG 0 0 0 tun0
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 dummy0
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 utun
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0


What is the point i missed?

thanks in advanced.

additona notes

both of UT servers in routing mode.

thanks

Ok At the last i solved problem with same way timcase
http://forums.untangle.com/showthread.php?t=1654

My fault is misunderstooding entry of "http://wiki.untangle.com/index.php/OpenVPN" under "Configuring Untangle Server as a VPN Server" section.
"In the site name text box, specify a descriptive name of the site (for example, san_mateo_sales_office), and do not change the default IP address."

When i changed this ip with may branch office internal adress and restart both of them problem is solved.

I hope it helps to another.

Thank you for giving me a swift kick in the pants. We have known that was incorrect, and have slipped in correcting the documentation. Its fixed now. THANK YOU!