Warning Potential Route Subnet Conflict

[jcoffin]

Are your running OpenVPN on Windows 7? If so, you will need to make sure you run the OpenVPN GUI with "Run as administrator" in the file properties.

[docdom]

Yes, I am running Windows 7 Ultimate x64 on my work PC. I go to Start>All Programs>OpenVPN then I right click on OpenVPN GUI and select Run as Administrator.

[docdom]

Thank you for being patient with me and for all the help.

I temporarily disabled the Public and Private Windows Firewall on my Home Server and I can now Ping it from my work PC and was able to create a Mapped Network Drive no problem and transfer files to and from my home server and work PC which was my goal for this test.

Now, can you tell me what I need to open up in Windows Firewall on my Home Server to allow me to ping and create a mapped network drive on my work PC? I dont want to leave Windows Firewall disabled on my Home Server permanetly.

[jcoffin]

Take a look at the session viewer on the Untangle, it will show which ports are being used.

[sky-knight]

The Windows Firewall won't allow anything in by default from an "untrusted" IP range. By default the only trusted IP range is the local IP range attached directly to the machine running the firewall.

This isn't to say client software can't connect to stuff, it's just the services operating on Windows that need to be servers.

So what you need to do is find the configuration option that allows you to "trust" the 172.whatever range OpenVPN is using. I haven't used Windows Home Server to know if it's the same as Windows 7.

What I've done on Windows 7 is add a rule in the advanced firewall rules section that can be found in the Windows Firewall applet in the control panel. From there I make a new rule that matches every port, and any program, and the scope is limited to the 172 range of my VPN.

Basically it's a pass everything from the VPN rule. If all you want to enable is windows file and print sharing you can edit the rules associated with that service to expand the scope to include the VPN range as well. That's a little harder to do, but considerably more secure too.

[docdom]

Thank you for the very detailed reply, I am not running Windows Home Server, I am running Windows 7 Ultimate X64 and using it as a file server for my home and it serves that purpose just fine.

I am only doing all this to test everything out and get up to speed on how Untangle works and how to configure it.

I will then build 2 custom Untangle boxes for 2 of my clients (1 client with 25 workstations and roughly 20 offsite employees that will use VPN) and install the Untangle Standard Pay version to act as their firewall, router, spam blocker, VPN server, Ad blocker, etc. directly between the ISP modem and the company's internal network.

[docdom]

So heres what I did, I went into Windows Firewall in Control Panel, I then went to Advanced Settings, then Inbound Rules. I opened the rule called File and Printer Sharing (Echo Request - ICMPv4-In) and went to the Scope tab. Under "Remote IP Address" it had Local Subnet added. I added the 172.16.0.0/24 range and can now successfully Ping my Home Server but cannot Map a network drive. Is there another rule I need to add my VPN address range to?

[docdom]

Also, I am wondering if I need an Untangle Box at each location to do a site to site VPN between my Main and Satelite offices?

[sky-knight]

Look at the File and Printer Sharing stuff again, there isn't 1 rule, there's something like 8.

And yes if you want site-to-site you need an Untangle per site.

[docdom]

I added the 172.16.0.0 address pool to the File and Print Sharing SMB-In rule and can now map the network drive and transfer files. Everything is working great. Appreciate all the help!!