Untangle isn't DNS server but OpenVPN needs to see internal network

smclellan · 07-08-2009, 04:36 PM

First off, Untangle is an excellent product. However, I already have a DHCP server and a DNS server on my network and do NOT want or need to change to allow Untangle to act as those servers. Untangle is set as a gateway with two WAN connections. I can connect to VPN using the distributed OpenVPN client on Windows XP. I can ping the IP addresses of the hosts that use the Untangle server as their gateway, but I cannot change the gateway on all the hosts to the Untangle server for various reasons. How can I access ALL the hosts on my internal network regardless of their gateway?

dmorris · 07-08-2009, 05:25 PM

smclellan, welcome to the forums.

just turn of DHCP and DNS inside config->networking if you have DNS and DHCP servers.
(or just turn off DHCP - the DNS server won't do any harm.)

For hosts not using untangle as their gateway you can't talk to them via VPN over untangle because their reply packets won't go to untangle so untangle can't route them back to the remote client. you may be able to add a route on your other gateway to try and get the packets destined for the openvpn address pool over to the untangle gateway.

hope that helps!

smclellan · 07-08-2009, 06:19 PM

The DHCP and DNS are turned off in Untangle. I will try to set a route on the other gateways for VPN traffic to come back out of the Untangle gateway.

smclellan · 07-09-2009, 03:49 PM

Well played dmorris... well played. That was just what the doctor ordered. I set a static route for 172.16.0.0/24 (the default VPN addresses that Untangle OpenVPN assigns) to point back to the internal network on all my gateways and now everything seems to work pretty well.

dmorris · 07-09-2009, 04:37 PM

nice!

nabicom · 07-09-2009, 06:44 PM

Not sure if it relates to above but I have a similar problem as follows:
I have a site to site vpn between 2 untangle servers site 1(host) and site 2(client).
- Site 2 can connect to all workstations on site 1. But when connecting to a windows 2003 server (not domain, just application server) cannot even ping from site 2.
- Curious though is that from site 2 server can ping up to the windows server 2003 but from a client connected to site 2 server cannot. gateway of windows is site 1 untangle server.

Any ideas?

BryanFry · 08-21-2009, 08:21 PM

Quote:

Originally Posted by smclellan

Well played dmorris... well played. That was just what the doctor ordered. I set a static route for 172.16.0.0/24 (the default VPN addresses that Untangle OpenVPN assigns) to point back to the internal network on all my gateways and now everything seems to work pretty well.

I am having a similar problem, but setting the static route doesn't seem to fix the problem (although I was hopeful). Any other suggestions?

WebFooL · 08-22-2009, 01:48 AM

Hi BryanFry and welcome to the forum,

Can you do a tracert from a client on the networks to a VPN ip ?
And then from a VPN Client a tracert to a Inside resource.

And post a simple network layout so that we can help you.

And it might be good to start your own thread.

BryanFry · 08-22-2009, 06:52 AM

This thread perfectly describes the problem we are having -- we can access everything inside the network via IP, but not by name.

Basic network layout:

Code:

                                   Internet
                                        |
                                   UT Box  (192.168.10.1 and 192.168.11.1)
                                       /\
                                      /  \
                                     /    \
                         Win2000Server    Win2003Server
                       192.168.11.2            192.168.10.2
                            /                           \
                           /                             \
      About 25 computers                          About 25 computers
     192.168.11.X                                          192.168.10.X

Both of the servers run their own DHCP/DNS services. The tracert does what I would expect it to do:

From outside (172.16.0.5) to inside (192.168.10.20):

Code:

172.16.0.1
192.168.10.20

From inside (192.168.10.74) to outside (172.16.0.5):

Code:

192.168.10.1
172.16.0.5

Thanks for your prompt help!

WebFooL · 08-22-2009, 08:36 AM

Then the route workt.
Have you exported the DNS and then enabled DNS override?
And do a check from the DNS server and see if that can tracert to a VPN ip.

07-08-2009, 04:36 PM	#1 (permalink)
smclellan Newbie Join Date: Jul 2009 Posts: 3	Untangle isn't DNS server but OpenVPN needs to see internal network First off, Untangle is an excellent product. However, I already have a DHCP server and a DNS server on my network and do NOT want or need to change to allow Untangle to act as those servers. Untangle is set as a gateway with two WAN connections. I can connect to VPN using the distributed OpenVPN client on Windows XP. I can ping the IP addresses of the hosts that use the Untangle server as their gateway, but I cannot change the gateway on all the hosts to the Untangle server for various reasons. How can I access ALL the hosts on my internal network regardless of their gateway?

08-22-2009, 01:48 AM	#8 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 2,933	Hi BryanFry and welcome to the forum, Can you do a tracert from a client on the networks to a VPN ip ? And then from a VPN Client a tracert to a Inside resource. And post a simple network layout so that we can help you. And it might be good to start your own thread. __________________ "Of all the things I've lost, I miss my mind the most" Untangle Reseller (Sweden) WebFooL@fakenews.se http://fakenews.se/ Need space to Upload content for you forum post?

08-22-2009, 06:52 AM	#9 (permalink)
BryanFry Newbie Join Date: Aug 2009 Posts: 4	This thread perfectly describes the problem we are having -- we can access everything inside the network via IP, but not by name. Basic network layout: Code: Internet \| UT Box (192.168.10.1 and 192.168.11.1) /\ / \ / \ Win2000Server Win2003Server 192.168.11.2 192.168.10.2 / \ / \ About 25 computers About 25 computers 192.168.11.X 192.168.10.X Both of the servers run their own DHCP/DNS services. The tracert does what I would expect it to do: From outside (172.16.0.5) to inside (192.168.10.20): Code: 172.16.0.1 192.168.10.20 From inside (192.168.10.74) to outside (172.16.0.5): Code: 192.168.10.1 172.16.0.5 Thanks for your prompt help!

08-22-2009, 08:36 AM	#10 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 2,933	Then the route workt. Have you exported the DNS and then enabled DNS override? And do a check from the DNS server and see if that can tracert to a VPN ip. __________________ "Of all the things I've lost, I miss my mind the most" Untangle Reseller (Sweden) WebFooL@fakenews.se http://fakenews.se/ Need space to Upload content for you forum post?

07-08-2009, 05:25 PM	#2 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 6,694	smclellan, welcome to the forums. just turn of DHCP and DNS inside config->networking if you have DNS and DHCP servers. (or just turn off DHCP - the DNS server won't do any harm.) For hosts not using untangle as their gateway you can't talk to them via VPN over untangle because their reply packets won't go to untangle so untangle can't route them back to the remote client. you may be able to add a route on your other gateway to try and get the packets destined for the openvpn address pool over to the untangle gateway. hope that helps!

07-08-2009, 06:19 PM	#3 (permalink)
smclellan Newbie Join Date: Jul 2009 Posts: 3	The DHCP and DNS are turned off in Untangle. I will try to set a route on the other gateways for VPN traffic to come back out of the Untangle gateway.

07-09-2009, 03:49 PM	#4 (permalink)
smclellan Newbie Join Date: Jul 2009 Posts: 3	Well played dmorris... well played. That was just what the doctor ordered. I set a static route for 172.16.0.0/24 (the default VPN addresses that Untangle OpenVPN assigns) to point back to the internal network on all my gateways and now everything seems to work pretty well.

07-09-2009, 04:37 PM	#5 (permalink)
dmorris Untangle Junkie Join Date: Nov 2006 Location: San Mateo, CA URLs submitted: 10 Posts: 6,694	nice!

07-09-2009, 06:44 PM	#6 (permalink)
nabicom Untangler Join Date: Sep 2008 Location: Asia Posts: 32	Not sure if it relates to above but I have a similar problem as follows: I have a site to site vpn between 2 untangle servers site 1(host) and site 2(client). - Site 2 can connect to all workstations on site 1. But when connecting to a windows 2003 server (not domain, just application server) cannot even ping from site 2. - Curious though is that from site 2 server can ping up to the windows server 2003 but from a client connected to site 2 server cannot. gateway of windows is site 1 untangle server. Any ideas?