Site Client need to communicate to each other

jon@prosystems.com · 01-20-2012, 09:42 AM

I have OpenVPN Site Server -- 192.168.2.1

I have OpenVPN Site Client -- 192.168.1.1

I have OpenVPN Site Client -- 192.168.3.1

I have phone extentions in all 3 subnets. Once the call is initiated between ext., the handsets communicate directly to each other through RTP on ports 7000-7499

Anyway, I think I need to add 192.168.1.1 and 192.168.3.1 to exported hosts

My question is do you have to distribute the client and how do you kill the Site Client as there does not seem to be an option to re-import.

jcoffin · 01-20-2012, 09:49 AM

You will need to remove OpenVPN from the Site Client (settings -> remove button at the bottom) and reinstall the OpenVPN app to go through the config wizard again.

jon@prosystems.com · 01-20-2012, 03:26 PM

I remove each site and added the networks to exported hosts. I then distrubited the new config files and ran the wizard on each Untangle box. After I could successfully connect from each client site to the server, I rebooted each client site and the Untangle server box. I still can not ping client's from 192.168.3.1 to client in 192.168.1.1

Any help would be appreciated.

jon@prosystems.com · 01-21-2012, 01:11 AM

I added the sites to my exported hosts list and enabled them

I distributed the client file for each client site

I went into each client site and removed the OpenVPN app and readded the app and re-imported by running the cleint site wizard

I made sure each site is directing traffic thru the OpenVPN tunnel to server site

I rebooted each Untangle box Client sites first Server site last

I still can not ping ips in a client site from a different client site

I must be missing something or OpenVPN does not support this type of activity

Can anyone help me?

sky-knight · 01-21-2012, 07:19 AM

Please screen shot your exports.

jon@prosystems.com · 01-21-2012, 08:32 AM

I attached a jpeg...

sky-knight · 01-21-2012, 09:03 AM

Now a screenshot of your site-to-site client's page please. (exports look good BTW)

jon@prosystems.com · 01-21-2012, 01:41 PM

I think this is what you are asking for...

sky-knight · 01-21-2012, 01:55 PM

Yes, I was just double checking the netmasks on everything to make sure it lines up.

Your configuration is correct, and you should be seeing routes to all networks in all Untangle servers.

I'm not sure why it isn't passing traffic. You'll have to troubleshoot each packet path one at a time.

What you are attempting DOES WORK. I've done it.

You didn't monkey around in the packet filter / firewall modules anywhere did you?

jcoffin · 01-21-2012, 08:32 PM

I have a similar setup for a friend's three warehouses. The settings you have look correct. Sometimes rebooting each UT one at a time can help. Start with the Server VPN, wait for it to come back fully, then reboot the next UT.

Take a look at Config -> networking -> advanced -> routes on the remote clients. See if the remote network has an entry with the gateway as a VPN IP addresss (172.16.x.x).

01-20-2012, 09:42 AM	#1 (permalink)
jon@prosystems.com Newbie Join Date: Jan 2012 Posts: 8	Site Client need to communicate to each other I have OpenVPN Site Server -- 192.168.2.1 I have OpenVPN Site Client -- 192.168.1.1 I have OpenVPN Site Client -- 192.168.3.1 I have phone extentions in all 3 subnets. Once the call is initiated between ext., the handsets communicate directly to each other through RTP on ports 7000-7499 Anyway, I think I need to add 192.168.1.1 and 192.168.3.1 to exported hosts My question is do you have to distribute the client and how do you kill the Site Client as there does not seem to be an option to re-import.

01-20-2012, 09:49 AM	#2 (permalink)
jcoffin Untangler Join Date: Aug 2008 Location: Sunnyvale, CA URLs submitted: 1 Posts: 1,784	You will need to remove OpenVPN from the Site Client (settings -> remove button at the bottom) and reinstall the OpenVPN app to go through the config wizard again. __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

01-21-2012, 01:11 AM	#4 (permalink)
jon@prosystems.com Newbie Join Date: Jan 2012 Posts: 8	Made Changes I added the sites to my exported hosts list and enabled them I distributed the client file for each client site I went into each client site and removed the OpenVPN app and readded the app and re-imported by running the cleint site wizard I made sure each site is directing traffic thru the OpenVPN tunnel to server site I rebooted each Untangle box Client sites first Server site last I still can not ping ips in a client site from a different client site I must be missing something or OpenVPN does not support this type of activity Can anyone help me?

01-21-2012, 07:19 AM	#5 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	Please screen shot your exports. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

01-21-2012, 09:03 AM	#7 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	Now a screenshot of your site-to-site client's page please. (exports look good BTW) __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

Protect

Filter

Perform

Connect

Manage

Add-Ons

01-20-2012, 03:26 PM	#3 (permalink)
jon@prosystems.com Newbie Join Date: Jan 2012 Posts: 8	I remove each site and added the networks to exported hosts. I then distrubited the new config files and ran the wizard on each Untangle box. After I could successfully connect from each client site to the server, I rebooted each client site and the Untangle server box. I still can not ping client's from 192.168.3.1 to client in 192.168.1.1 Any help would be appreciated.

01-21-2012, 01:55 PM	#9 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,460	Yes, I was just double checking the netmasks on everything to make sure it lines up. Your configuration is correct, and you should be seeing routes to all networks in all Untangle servers. I'm not sure why it isn't passing traffic. You'll have to troubleshoot each packet path one at a time. What you are attempting DOES WORK. I've done it. You didn't monkey around in the packet filter / firewall modules anywhere did you? __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

01-21-2012, 08:32 PM	#10 (permalink)
jcoffin Untangler Join Date: Aug 2008 Location: Sunnyvale, CA URLs submitted: 1 Posts: 1,784	I have a similar setup for a friend's three warehouses. The settings you have look correct. Sometimes rebooting each UT one at a time can help. Start with the Server VPN, wait for it to come back fully, then reboot the next UT. Take a look at Config -> networking -> advanced -> routes on the remote clients. See if the remote network has an entry with the gateway as a VPN IP addresss (172.16.x.x). __________________ Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com Last edited by jcoffin; 01-21-2012 at 08:34 PM..