...Newbie Alert...

I have set up Untangle as a routing firewall in a test configuration to see if it can be used to replace my existing firewall. I have a couple of questions/issues.

Internet ---- Real Firewall (linux, openvpn, etc) ---- Real Internal Network ---- Untangle ---- Test Internal Network


1) When emailing the VPN client package the email contains a url from which the client package can be downloaded. This url will only work from machines on the Test Internal Network, and the Untangle box itself. I have ensured that the host name in the link is resolvable in from the Real Internal Network and even tried turning off the Untangle firewall.

If I hunt down the package in /usr/share/untangle/... and manually place it on a client (outside of the Test Internal Network but on the Real Internal Network) openVpn works just fine. Its just the email/download issue I'm wrestling with.


2) Using USB doesn't seem to work at all. It appears (though I'm no expert) that the sd and usb-storage modules are not even loaded, and there are no indications that a hot plug event occurred. Is there something that was missed/failed during the install?


3) Before moving the Untangle server out of test I would like to modify the OpenVpn server part to use my existing CA and client keys, certs, revocation lists, etc. I have about 30 existing road warriors, and 3 remote offices that I really don't want to have to simultaneously upgrade. Can anyone advise on the best (or a good) way to substitute the Untangle stuff so that I don't break anything in the front end interface.

I noticed that most of the PKI (seems to be) in /usr/share/untangle/conf/openvpn so I'm thinking of just trying to match files and replace them with hand edited versions that are in the style I see there.

Thanks in advance for any help and advise.

Tim,

Check Config -> Networking for assignment of a hostname, setting it to resolve publicly and using dynamic DNS is necessary. Click on HELP to bring up the wiki in a browser for immediate guidance.

On USB, try all interfaces. Sometimes one gets indignant.

Check Config -> Remote Admin for creating/importing a certificate.

You should not be tinkering at the command line if the GUI will do it for you. Anything done at the command line will be blown away by an upgrade, reinstall or reset to factory values.

Okay I have taken your advice/warning and decided just to use untangle's openvpn and reissue certs to all my existing clients.

However, I still cannot seem to get access to the client package from another machine.

I have tried to set up both regular clients and sites from this server...

vpnClient:
get email, click on link -> can't access page
change the url to use http (from https) -> same thing
change the url to use an IP -> same thing
manually ping server by both IP and name -> both successful

vpnSite:
get email
attempt "Setup Wizard Configure VPN Client" on 2nd untangle machine
enter hostname
enter password (cut from email)
-> "VPN client configuration could not be downloaded from the server. Please try again"

alter server to have "Hostname Resolves Publically" off
re- "Distribute Client"
get email
attempt "Setup Wizard Configure VPN Client" on 2nd untangle machine
enter IP
enter password (cut from email)
-> "VPN client configuration could not be downloaded from the server. Please try again"


vpnSite:
re- "Distribute Client" via USB
confirm writing of stuff to USB stick
attempt "Setup Wizard Configure VPN Client" on 2nd untangle machine
read USB
choose correct description from the dropdown list
-> "Cannot be downloaded from USB key please try again"

Please help.
Seem to have hit a wall.

P.S. Just to make sure I didn't have conflicting settings I even tried turning off everything on the Server except the OpenVpn and Router apps.

Just curious, can you access anything on Untangle from the real internal network at all? Like the portal, java client, etc..... From either the name or the ip?