Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Newbie
    Join Date
    Aug 2007
    Posts
    6

    Default OpenVPN and firewall rules

    Loving this so far, I've just got a few questions about empty logs that I'll put into a separate post...

    My current question is this: When you enable OpenVPN for remote clients, create an address pool (172.16.16.0/24) and export the local LAN (10.0.100.1/24), does untangle automatically create the firewall rules to allow those two networks to talk?

    I ask this b/c I am able to successfully connect from my laptop to the Untangle box using the OpenVPN client, but I can't access anything on the LAN (no ping or anything). The default action for my firewall is set to block and if I change it to pass, ping starts to work and I can access LAN resources.

    So with a default action of block on the firewall, do I need to create my own firewall rules to allow OpenVPN to work? I've tried creating rules to pass all traffic between the two networks but it doesn't seem to work....not sure if I'm doing the rules wrong or not.

    Thanks for the help.

    Marty

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    13,079

    Default

    Hmmm... yes you may need to. I believe by default the default rack processes traffic between the vpn clients and the internal interface (you can check your policy table to verify).

    This would mean that the firewall processes the traffic and you would need a rule.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Sep 2007
    Posts
    9

    Default Resolution?

    I am currently having this exact problem.

    Did you resolve this issue? If so could you share what the resolution was?

    Thanks.

  4. #4
    Newbie
    Join Date
    Sep 2007
    Posts
    9

    Default Anyone?

    Anyone?

  5. #5
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,790

    Default

    eklug,

    You didn't mention whether you are unable to reach LAN machines at all or just by hostname...

    By the way, welcome!

  6. #6
    Newbie
    Join Date
    Sep 2007
    Posts
    9

    Default

    I can't reach any resources by IP or Hostname. I connect but that is where the fun stops. I've followed all I can find on the Wiki so I believe I'm missing something with the Firewall module.

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    13,079

    Default

    If you turn off the firewall does it work?

    (Just to make sure we're looking in the right place)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Administrator gotkimchi's Avatar
    Join Date
    Jan 2007
    Location
    Bay Area
    Posts
    2,109

    Default

    Some Microsoft servers have dual NICs. When you try to VPN and test, try both IP addresses. Also, when accessing via the hostname, try with a fully qualified domain name.
    to be understood, you must first understand.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

  9. #9
    Newbie
    Join Date
    Sep 2007
    Posts
    9

    Default

    Quote Originally Posted by dmorris View Post
    If you turn off the firewall does it work?

    (Just to make sure we're looking in the right place)
    Turning off the firewall did not help. Things work via IP address now after getting a call from Untangle's TechSup (don't recall any specifics of what was done). All works with FQDN when the firewall is set to allow all by default. Once it is switched back to "Block" all I can not contact hosts via their FQDN.

    I'm leaning towards switching back to our ISA solution, that just worked (surprisingly). I need a solution that doesn't add more work by requiring me to add each and every host name, which would mean I need to assign every users PC with a static IP address.

    I love everything else about this product but the OpenVPN implementation leaves a lot to be desired.

  10. #10
    Newbie
    Join Date
    Sep 2007
    Posts
    9

    Default

    Quote Originally Posted by gotkimchi View Post
    Some Microsoft servers have dual NICs. When you try to VPN and test, try both IP addresses. Also, when accessing via the hostname, try with a fully qualified domain name.
    Yes, our mail server does have two nics. Both are internal and for some reason only one responds through OpenVPN, when we ran MS ISA 04 using its VPN we had non of these issues, it just worked.

    I've been reading on OpenVPN and it seems to have all the same capabilities, it just appears Untagle does not have an interface to many of its options.

    Any harm or possible over right issues if I manualy edit the configs?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2