Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Untangler
    Join Date
    Apr 2008
    Location
    Bowling Green, KY
    Posts
    31

    Default OpenVPN Full Tunnel

    Just upgraded to 9.3 and I created a new Address Pool for Full Tunnel clients to test out the new feature, but it doesn't seem to be working correctly. I was under the impression that this would allow web-traffic to be routed through Untangle from a remote location. Am I wrong? I tested this on a remote PC and had the following results:

    1. DNS works for external websites and internal hosts
    2. Client can ping internal hosts but not external websites
    3. Client able to access intranet sites but not internet sites (timeout)

    The process to enable this seems pretty straightforward, but I feel like I'm missing something. I'm no expert when it comes to the Routes so I'll list those here in case that's the issue:


  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    3,462

    Default

    Were the clients updated with new client files after full tunnel was enabled?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Apr 2008
    Location
    Bowling Green, KY
    Posts
    31

    Default

    The PC I was testing on had OpenVPN 2.2.1. I downloaded the client and re-installed it with what looked to be version 2.2.2, but I'm having the same results.

    Edit: So yes, the PC was updated with the new OpenVPN client after full tunnel had been enabled.
    Last edited by CuffLink; 08-10-2012 at 03:03 PM.

  4. #4
    Untangler
    Join Date
    Apr 2008
    Location
    Bowling Green, KY
    Posts
    31

    Default

    Initially, my Full Tunnel address pool and my Split Tunnel address pool were in the same subnet. I wasn't sure if there was an issue with that or not... so I created a new Full Tunnel subnet, re-installed the client on the PC again, and... same results. hhmmm

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    3,462

    Default

    Thanks for the information. I'll look into it.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangler
    Join Date
    Apr 2008
    Location
    Bowling Green, KY
    Posts
    31

    Default

    We're actually a paying customer. Should I send something to support? PM you our UID? Or just hold off for a while? Thanks, jcoffin.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,383

    Default

    Paying or not, this is the flagship feature of 9.3. I'm pretty sure support would love to look at it. Being a 1.0 release of full tunnel, things are bound to be a little twitchy for some.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    12,936

    Default

    Quote Originally Posted by CuffLink View Post
    We're actually a paying customer. Should I send something to support? PM you our UID? Or just hold off for a while? Thanks, jcoffin.
    If you want us to look at it, yep. just shoot an email to support@untangle.com with your UID and enable remote support. if you do it now I'll add myself a full tunnel client and try it and then we'll know if its an issue with your Untangle config or your client machine config.

    Other than that there isn't much to suggest.
    We need to know how your Untangle is configured, how your Client is configured, what it can and can't ping, what its routing table is, what its OS is, what software its running, etc. Doing this via the forums without information is just going to be random guesses on things to try and probably a waste of your time.
    Last edited by dmorris; 08-10-2012 at 06:14 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangler
    Join Date
    Apr 2008
    Location
    Bowling Green, KY
    Posts
    31

    Default

    I sent the support email. Also, I noticed that the routes shows 172.16.X.2 as the gateway... but when I perform a tracert... the first hop is 172.16.X.1

    Not sure if that's the issue or not, but something that seemed odd to me.

    Thanks, dmorris!

  10. #10
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    12,936

    Default

    Try now by disconnecting and reconnecting. I am posting this from your network.

    "Only NAT WAN traffic" is general->config->networking->advanced->general was turned off.
    I don't know if this was done for a reason, but I would turn it back on, especially since you only have one internal network.

    Unchecking that puts you into a legacy NAT mode, which is far less featureful.
    I'm positive full-tunnel will not work under any circumstances if "Only NAT WAN traffic" unchecked.
    Last edited by dmorris; 08-10-2012 at 06:49 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2