I prefer the Logs from Open Vpn, in the untangle logs. Makes it easier to get a snapshot off who is using your vpn, and as I said earlier, it seems to perform better.
I realised that because it clearly shows in the Untangle Event Log that I'm not connecting to UT and you are also definitely correct about not using GREOriginally Posted by sky-knight
I agree about the audit and indeed I need to draw up a network map. However, I don't understand your point about port 1723 since we know that it's configured that way to allow the direct connection to my Windows server instead of the UT VPN?
Networking and ports and routes can become very confusing for me but I could rebuild my setup from scratch with very little help, if any. I'm hoping to be able to devote myself full time to my IT duties in the future and get my skills up to snuff but at the moment I have too much other stuff on my plate (marketing, HR, some finance etc etc).
Thanks for your input and everyone else that has contributed to this thread, I have learnt a LOT through this whole incident.
Do you have a list of the ports that are forwarded?
Rob Sandling, BS:SWE, MCP
Intouch Technology
Phone: 480-272-9889
rob@intouchtechllc.com
UntangleAppliances.com
Phone: 866-794-8879
Please excuse the delay in reply.
The port forwards I have are as follows:
SMTP 25 > 192.168.1.10
RDESK 3389 > 192.168.1.10
VPN 1701 > 192.168.1.10
VPN 500 > 192.168.1.10
VPN 1723 > 192.168.1.10
Participation in this thread has convinced me to use the normal OpenVPN client so I removed the above rules and installed the client exactly according to the instructions in the powerpoint and video tutorial found in the forums. And it works like a charm, except that it doesn't.
Connecting was no problem although quite a bit slower than with our normal method of connecting directly to the W2K8R2SBS box. However, it didn't seem like I had domain level access because Outlook couldn't connect to Exchange, I couldn't access any file shares and I couldn't ping any of my servers.
Obviously there was something else that needed to be configured and none of it was explained in the powerpoint and video tutorials found in the forum on how to setup OpenVPN. Back to the headscratching again, until I figured what the problem was.
In the OpenVPN settings > Advanced I had to set a dns override and point to my W2K8R2SBS box. Now it works and I'm able to connect to Exchange, file shares and ping away.
However, I must be honest that I am not too impressed for a few reasons:
Initial connection takes much longer
Outlook connects to Exchange much slower
File shares open slower etc etc
We are a small business like a lot of other UT users and if you want to hack us well then be my guest. If we had something worth stealing that would be a different story.
So, I will be scrapping the OpenVPN client and happily going back to our old setup. I hope that this post will help some other less advanced users like me to get their kit up and working without scratching their heads raw!!
One last thing: apparently if I try and use the more secure Microsoft option L2TP instead of the current PPTP it will apparently conflict with UT for some reason, but I am convinced that although perhaps slightly less secure it does a more than adequate job and is piss easy to setup.
Last edited by lloydster; 09-20-2011 at 02:36 AM. Reason: Additional comment
I suspect that you have VPN traffic going through your default rack. This can slow certain traffic down, especially SMB fileshares. You may want to consider creating a separate rack in policy manager to handle VPN traffic.
Posting Permissions
LinkBack URL
About LinkBacks