Routing both ways over OpenVPN

peoriaparks · 01-06-2012, 02:19 PM

Anyone who can help me will get a beverage of their choice! All help is greatly appreciated!!!

I can ping the interfaces of both of the Untangle boxes and on the server I have published the routes of the networks on the server side. I have networks on the client side that I need to also route to the server side. I have attached a crude drawing of the network. I have tried setting static routes, etc.... Can't seem to get this one... Can someone help??!?! Thank you in advance!

If you need drawings please let me know... Am I trying to do something this system will not allow me? I have multiple networks on both sides and need to route each way... also the boxes are in router mode...

Sorry for babbling... I have been at this a good chunk of the day...

sky-knight · 01-06-2012, 04:18 PM

You're in for a long hard slog, to my knowledge, no one has been able to do what you ask.

The only network that will be accessible on the client side device is the network configured in the OpenVPN site. You cannot export additional networks, and you cannot configure additional ranges. Due to this, you cannot add to the routing table to push additional packets.

If this is possible, I'd love to know how to do it as well since the need does show up from time to time.

donhwyo · 01-12-2012, 08:07 AM

I think there is a bug in the routing that wont allow this. You can choose the vpn as the interface to route to but it never shows in the routing table. The packets that should go out the vpn interface go out the default gateway instead. Been this way threw at least the last few versions since they added the vpn in the drop down. Guess it would be time to fill out a bugzilla. They don't seem to followup from forum posts.

Don

WebFooL · 01-12-2012, 08:41 AM

http://bugzilla.untangle.com/show_bug.cgi?id=3694

The bug is there just vote for it.

Right now the implemention is splitt tunnel so no route bug.

donhwyo · 01-12-2012, 09:21 AM

That is not really the same. I have two untangles acting as openvpn servers. I have a linux server connecting to openvpn on the other server to connect the 2 networks. The network is fine from either to the other. However if I connect on the road I can't see both networks. The packets die at the far end untangle because I can't add the needed route back to the other network. (the openvpn address range of the other Untangle) They go out the default gateway instead of threw the vpn interface. Kind of hard to draw a map. The network works very well and even viop flows threw it properly.

THanks,
Don

WebFooL · 01-12-2012, 09:28 AM

With correct static routes on both systems you should be able to get it to work.

And export list need to have both networks as well.

donhwyo · 01-12-2012, 09:38 AM

I agree! But it does not like any settings and I have tried. And when you look in the routing table there is no entry for the routes you make.

Don

donhwyo · 01-12-2012, 09:43 AM

Quote:

And export list need to have both networks as well.

Maybe I don't understand this? I would need to export all network ranges on both end of the vpn on both servers?

Thanks,
Don

WebFooL · 01-12-2012, 09:43 AM

Post a screenshot of you export list on the vpn server and post a screenshot on a route print from a connected vpn client.

donhwyo · 01-12-2012, 09:52 AM

I will do that this evening when I can experiment. I will also try to make a map. I think this is similar to the OP but not much info there.

Thanks for your interest.

Don

01-06-2012, 02:19 PM	#1 (permalink)
peoriaparks Newbie Join Date: Sep 2010 Posts: 3	Routing both ways over OpenVPN Anyone who can help me will get a beverage of their choice! All help is greatly appreciated!!! I can ping the interfaces of both of the Untangle boxes and on the server I have published the routes of the networks on the server side. I have networks on the client side that I need to also route to the server side. I have attached a crude drawing of the network. I have tried setting static routes, etc.... Can't seem to get this one... Can someone help??!?! Thank you in advance! If you need drawings please let me know... Am I trying to do something this system will not allow me? I have multiple networks on both sides and need to route each way... also the boxes are in router mode... Sorry for babbling... I have been at this a good chunk of the day...

01-06-2012, 04:18 PM	#2 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	You're in for a long hard slog, to my knowledge, no one has been able to do what you ask. The only network that will be accessible on the client side device is the network configured in the OpenVPN site. You cannot export additional networks, and you cannot configure additional ranges. Due to this, you cannot add to the routing table to push additional packets. If this is possible, I'd love to know how to do it as well since the need does show up from time to time. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

01-12-2012, 08:41 AM	#4 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 3,879	http://bugzilla.untangle.com/show_bug.cgi?id=3694 The bug is there just vote for it. Right now the implemention is splitt tunnel so no route bug. __________________ "Of all the things I've lost, I miss my mind the most" Untangle Reseller (Sweden) WebFooL@fakenews.se http://fakenews.se/ Need space to Upload content for you forum post? http://about.me/webfool

01-12-2012, 09:28 AM	#6 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 3,879	With correct static routes on both systems you should be able to get it to work. And export list need to have both networks as well. __________________ "Of all the things I've lost, I miss my mind the most" Untangle Reseller (Sweden) WebFooL@fakenews.se http://fakenews.se/ Need space to Upload content for you forum post? http://about.me/webfool

01-12-2012, 09:43 AM	#9 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 3,879	Post a screenshot of you export list on the vpn server and post a screenshot on a route print from a connected vpn client. __________________ "Of all the things I've lost, I miss my mind the most" Untangle Reseller (Sweden) WebFooL@fakenews.se http://fakenews.se/ Need space to Upload content for you forum post? http://about.me/webfool

Protect

Filter

Perform

Connect

Manage

Add-Ons

01-12-2012, 08:07 AM	#3 (permalink)
donhwyo Master Untangler Join Date: May 2008 Posts: 296	I think there is a bug in the routing that wont allow this. You can choose the vpn as the interface to route to but it never shows in the routing table. The packets that should go out the vpn interface go out the default gateway instead. Been this way threw at least the last few versions since they added the vpn in the drop down. Guess it would be time to fill out a bugzilla. They don't seem to followup from forum posts. Don

01-12-2012, 09:21 AM	#5 (permalink)
donhwyo Master Untangler Join Date: May 2008 Posts: 296	That is not really the same. I have two untangles acting as openvpn servers. I have a linux server connecting to openvpn on the other server to connect the 2 networks. The network is fine from either to the other. However if I connect on the road I can't see both networks. The packets die at the far end untangle because I can't add the needed route back to the other network. (the openvpn address range of the other Untangle) They go out the default gateway instead of threw the vpn interface. Kind of hard to draw a map. The network works very well and even viop flows threw it properly. THanks, Don

01-12-2012, 09:38 AM	#7 (permalink)
donhwyo Master Untangler Join Date: May 2008 Posts: 296	I agree! But it does not like any settings and I have tried. And when you look in the routing table there is no entry for the routes you make. Don

01-12-2012, 09:52 AM	#10 (permalink)
donhwyo Master Untangler Join Date: May 2008 Posts: 296	I will do that this evening when I can experiment. I will also try to make a map. I think this is similar to the OP but not much info there. Thanks for your interest. Don