Yes I am a noob, and I know you will hate me

sommeja · 01-28-2012, 02:02 PM

I have looked through the forums and still just don't know where to go....

Internet --> Cable Modem (Dynamic) --> UT --> Switch

I have dynamic dns server running.

Internal network 192.168.2.* (10s static ip addresses/100s DHCP ip addresses)

192.168.2.10 - UT
192.168.2.11 - Wifi Access Point
192.168.2.12 - Windows 2000 Server (I know its old, but its just for file sharing and openfire)

Internally everything is working fine. I have OpenVPN configured as follows:

Exported hosts and networks: 192.168.2.0/255.255.255.0
Address pool: 192.168.1.0/255.255.255.0

So from what I understand of this is that my VPN clients will be assigned and ip address in the 192.168.1 range and I should be able to access the resources from the 192.168.2.0 range.

My client will connect but I can not access anything internally, please help what am I doing wrong.

Also the next step will be to add two sites, the will be set up with 192.168.3 and 192.168.4

Thanks in advance for your help.

WebFooL · 01-30-2012, 12:04 AM

Hi Sommeja and Welcome to the forums,

We don't hate or call ppl noob here... (This is a nice community)

To help you we will need some more information

Do you test the VPN from the outside?
Are Untangle in route or Bridge mode?
Can you from a VPN client Ping UT's VPN ip 192.168.1.1?
Can you from a VPN client Ping UT's Internal IP 192.168.2.10?
Try to tracert from a Internal resource to 192.168.1.5 (if you have a VPN client with that ip) and post the results.

johnsonx42 · 01-30-2012, 12:13 AM

using 192.168.1.0/24 for your VPN client address pool is a BAD idea. you'd be better off taking the default 172.16.0.0/24 pool, or if you really want it to be 192.168 then pick something obscure for the 3rd octet like 222.

also, if your UT is a bridge, I *think* you need to enable the System Packet Filter setting "Route VPN traffic that would go through the bridge" (under Networking->advanced-Packet Filter)

again if your UT is a bridge, you may also need to set static routes on your internal systems so that they know how to find your VPN IP's.

WebFooL · 01-30-2012, 01:18 AM

I agree with johnsonx42 Having 192.168.1.0/24 as VPN Pool.
You will have a problem whenever you connect from a location using that subnet. (Most home Routers will use that subnet.)

sommeja · 01-30-2012, 06:33 PM

Ok well I had a minor set back but I will make these suggested changes and see where I am and post updates tomorrow.

Thanks for the help and suggestions

Jason

sommeja · 01-31-2012, 11:04 AM

Thank everyone for your help, things are working perfect...Now on to the next step is adding a site connection for a remote site!

sommeja · 02-01-2012, 07:51 PM

Ok here we go again....Things have been working great with VPN and my laptop when I am away from home...Thanks for all your help.

Tonight I added my first site on to the VPN. I added the site, 192.168.1.10 (Site B UT Box) Net Mask 255.255.255.0 and its using the same address pool as my laptop. I added the export of 192.168.1.1/255.255.255.0 and rebooted both servers.

Active client log shows site b is connected and I can ping site b ut. Site b can not ping my ut.

I think this is a non-ut issue, and more of a FiOS thing. Site B configuration;

FiOS Router -> UT -> Swith

Just looking for suggestions...Thanks again for your help

01-28-2012, 02:02 PM	#1 (permalink)
sommeja Newbie Join Date: Jan 2012 Posts: 7	Yes I am a noob, and I know you will hate me I have looked through the forums and still just don't know where to go.... Internet --> Cable Modem (Dynamic) --> UT --> Switch I have dynamic dns server running. Internal network 192.168.2.* (10s static ip addresses/100s DHCP ip addresses) 192.168.2.10 - UT 192.168.2.11 - Wifi Access Point 192.168.2.12 - Windows 2000 Server (I know its old, but its just for file sharing and openfire) Internally everything is working fine. I have OpenVPN configured as follows: Exported hosts and networks: 192.168.2.0/255.255.255.0 Address pool: 192.168.1.0/255.255.255.0 So from what I understand of this is that my VPN clients will be assigned and ip address in the 192.168.1 range and I should be able to access the resources from the 192.168.2.0 range. My client will connect but I can not access anything internally, please help what am I doing wrong. Also the next step will be to add two sites, the will be set up with 192.168.3 and 192.168.4 Thanks in advance for your help.

01-30-2012, 12:04 AM	#2 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 3,879	Hi Sommeja and Welcome to the forums, We don't hate or call ppl noob here... (This is a nice community) To help you we will need some more information Do you test the VPN from the outside? Are Untangle in route or Bridge mode? Can you from a VPN client Ping UT's VPN ip 192.168.1.1? Can you from a VPN client Ping UT's Internal IP 192.168.2.10? Try to tracert from a Internal resource to 192.168.1.5 (if you have a VPN client with that ip) and post the results. __________________ "Of all the things I've lost, I miss my mind the most" Untangle Reseller (Sweden) WebFooL@fakenews.se http://fakenews.se/ Need space to Upload content for you forum post? http://about.me/webfool

01-30-2012, 01:18 AM	#4 (permalink)
WebFooL Join Date: Jan 2009 Location: Sweden (Eskilstuna) URLs submitted: 57 Posts: 3,879	I agree with johnsonx42 Having 192.168.1.0/24 as VPN Pool. You will have a problem whenever you connect from a location using that subnet. (Most home Routers will use that subnet.) __________________ "Of all the things I've lost, I miss my mind the most" Untangle Reseller (Sweden) WebFooL@fakenews.se http://fakenews.se/ Need space to Upload content for you forum post? http://about.me/webfool

Protect

Filter

Perform

Connect

Manage

Add-Ons

01-30-2012, 12:13 AM	#3 (permalink)
johnsonx42 Master Untangler Join Date: Jan 2011 Posts: 626	using 192.168.1.0/24 for your VPN client address pool is a BAD idea. you'd be better off taking the default 172.16.0.0/24 pool, or if you really want it to be 192.168 then pick something obscure for the 3rd octet like 222. also, if your UT is a bridge, I think you need to enable the System Packet Filter setting "Route VPN traffic that would go through the bridge" (under Networking->advanced-Packet Filter) again if your UT is a bridge, you may also need to set static routes on your internal systems so that they know how to find your VPN IP's.

01-30-2012, 06:33 PM	#5 (permalink)
sommeja Newbie Join Date: Jan 2012 Posts: 7	Ok well I had a minor set back but I will make these suggested changes and see where I am and post updates tomorrow. Thanks for the help and suggestions Jason

01-31-2012, 11:04 AM	#6 (permalink)
sommeja Newbie Join Date: Jan 2012 Posts: 7	Thank everyone for your help, things are working perfect...Now on to the next step is adding a site connection for a remote site!

02-01-2012, 07:51 PM	#7 (permalink)
sommeja Newbie Join Date: Jan 2012 Posts: 7	Ok here we go again....Things have been working great with VPN and my laptop when I am away from home...Thanks for all your help. Tonight I added my first site on to the VPN. I added the site, 192.168.1.10 (Site B UT Box) Net Mask 255.255.255.0 and its using the same address pool as my laptop. I added the export of 192.168.1.1/255.255.255.0 and rebooted both servers. Active client log shows site b is connected and I can ping site b ut. Site b can not ping my ut. I think this is a non-ut issue, and more of a FiOS thing. Site B configuration; FiOS Router -> UT -> Swith Just looking for suggestions...Thanks again for your help