connect to VPN from DMZ?

[johnsonx42]

I have a client with a wireless router connected to their Untangle on the DMZ interface. DMZ is bridged to External. The WAN port of the wireless router connects to the DMZ interface, and it's using one of the available public IP's. The wireless router handles NAT and DHCP for the wireless network. This wireless is for guests, so it's not meant to have access to the internal network, and the IP range used there is completely different than the internal network IP range.

However, they asked today whether there was any way they could connect to the VPN from that network, just like they can from any outside IP address.

Does anyone know if it's possible? A bypass rule perhaps?

[sky-knight]

They should be able to connect already, but you're right about the packet filter. I believe the default block rule to stop people from connecting from internal networks may be in the way.

Try tossing in a pass rule source interface DMZ, destination port 1194, protocol UDP into the packet filter and see if it smooths out.

[johnsonx42]

I put a rule like that in and called them to have them try it, but they'd already lost interest. Apparently they just wanted to demo or test the VPN for a new user while in the office, but in the interim they found an open wireless connection and tested it that way.