I am still having connectivity issues with the Nortel VPN Client. If I connect the DSL modem directly to any of my computers, the client connects fine. When I go through the Untangle server, I see traffic on port 500 but nothing on 50 or 51. This issue was not present with my old Clarkconnect firewall. :confused:

Hey Carlos,

Hmm..
Is this an IPSec based VPN? Do you know if it is running in tunnel or transport mode? If I remember correctly, there is a control session on port 500 and data connections on port 50 and 51?

If you can enable 'remote support' in the config->support tab, I can get into your server and help debug.

Remote support has been activated.

I have sent Robert a PDF file describing this issue and how to fix it. I thought I set up the rules correctly but maybe I didn't.

OK for the record, here's how we fixed it. I transferred router/firewall functions back to the Wirespeed modem and placed the Untangle Server behind it in Transparent Mode. The Nortel client was happy with this arrangement and now connects properly.

I don't have this option, and I must redirect traffic through the Untangle box to a VPN server behind it at the protocol level, not port.

Any ideas?

I don't have this option, and I must redirect traffic through the Untangle box to a VPN server behind it at the protocol level, not port.

Any ideas?

Whats that mean? What are you trying to do?

Hello,

We are testing an Untangle installation at a branch office and are running into this same issue. It seems that attempting to pass IP protocols 50 and 51 or IP 47 through an Untangle router/firewall isn't happening for us. The VPN client connects fine when placed in front of the Untangle server, but will not function behind it. Does Untangle provide a way to pass IP protocols 47, 50, 51 (GRE, ESP, AH)?

Thanks for your time!

The VPN client connects fine when placed in front of the Untangle server, but will not function behind it. Does Untangle provide a way to pass IP protocols 47, 50, 51 (GRE, ESP, AH)?


I'm having a similar issue. Cisco VPN Client connecting using IPSec over UDP. I can connect to my corporate network fine, but can't access any resources behind it. This is with just the Router and Reports enabled.

I can access the VPN fine through my old FreeBSD machine that I previously used as my router.

I'm at home with Untangle between me and my DSL.
I use the Nortel Contivity Client to VPN into my work.

I was able to get my client working by configuring the Router to Redirect -> Port Forward ports 47, 50 and 51 to my work laptop. (Got those ports from this thread - thanks a bunch guys!)

I'm still testing so I currently have my traffic type set to 'any'. I'll be experimenting with tightening this up to the specific type I need.


~MrPage

I'm having a similar issue. Cisco VPN Client connecting using IPSec over UDP. I can connect to my corporate network fine, but can't access any resources behind it. This is with just the Router and Reports enabled.

I can access the VPN fine through my old FreeBSD machine that I previously used as my router.

I have seen this symptom on a regular basis when the PC is behind a router at someone's home. Double-check and see if you have Transparent Tunneling enabled for the connection in the Cisco VPN Client. 99% of our PCs are configured with this as the default and according to the documentation I have this is supposed to be the default when you install, but our installer does not enable this option.

Hi

Has anybody got this working yet? I need to be able to connect to a corp vpn from inside my untangle in router mode. Using Nortel Contivity client 4.65. I need to be able to use 3 or 4 clients at once so I don't think I can use port forward as suggested above. I have had trouble with this client on other occasions and if I had anything to do with it I would scrap it. It works fine through dd-wrt linksys if that is of any help. Maybe I could make a route through that around the Untangle for the vpn only. Could that work? I would rather not have to try that though.

Any way thanks for a great product.
Don

Under Untangle 5.2, you set up a Bypass Rule for the VPN Clients. It comes preloaded and only needs to be activated. You go to the Network Config -> Advanced -> Bypass Rules and enable it there. This allows unrestricted IPSEC traffic out through the Untangle server.

Thanks for the quick reply.

I have that setup but it still fails to connect. Do I need to add some bypass rules or something? I have had this client have issues in the past. They seem to do non standard ipsec.

Don

I have tried a bypass rule for ports 47, 50 and 51 with no luck. I may not have the setting for that right. Is it possible to see the settings for the builtin bypass rule?

Thanks,
Don

Are you using IPSEC over TCP maybe? I was having the same problem until I remembered we were using IPSEC over TCP 10000. Setup another bypass rule, enabled and all is well now.

Thanks for the reply. 10000 made no difference. Are you using the Nortel client?

Don

Nope, using Cisco client. I did some googling on Nortel VPN Client ports and found a few references to UDP 4500, might want to add a bypass rule for that one if you haven't already.

Thanks again. I haven't seen 4500 mentioned for nortel but will try it.

Is there a way to add iptables rules to untangle? Most of the stuff I am finding about the client refers directly to iptables. Would there be a how to or something?

Thanks,
Dom

Turns out Nortel uses port 10001 for nat traversal. I had 10000-20000 forwarded to voip. Much easier to see in hind sight.

Don

Ahhh, figures they have to use something non-standard. :D

Good to hear you got everything taken care of.