It's set in Untangle to 172.16.16.0/8. For some reason, it does push me 172.0.0.6/30, but it seems to work correctly. I can access the remote network (10.1.1.x [static] and 10.1.0.x [DHCP]) via IP and DNS on all services.
172.16.16.0/8 is too wide a mask...narrow it to /16. That could be your problem, because you're spanning a public and private world with a mask that wide.
This space reserved for profound thought.....which does happen on occasion."
I'll try that, but keep in mind, that works just fine on the Untangle box at Site 2. The one that it -doesn't- work on at Site 1 won't even get as far as handshaking with the client, let alone assigning an IP.
EDIT: Tried it, to no avail.
This issue for me is into the realm of having to use TCPDump to verify the packets are landing on external. At this point I think something is blocking the OpenVPN port.
Rob Sandling, BS:SWE, MCP
Intouch Technology
Phone: 480-272-9889
rob@intouchtechllc.com
UntangleAppliances.com
Phone: 866-794-8879
I'm questioning whether it can find the destination with a visible IP problem and a mask problem.
This space reserved for profound thought.....which does happen on occasion."
Tried it. I didn't see the packets land; in fact, the only thing I really noticed was PPPoE packets. When I left it running for about five minutes, I believe it told me that 786 packets were dropped by the kernel: unwanted traffic, I suspect; they weren't VPN connections.Originally Posted by sky-knight
I changed the port, for what it's worth, to 11195 to test, nothing. Switched to TCP, nothing. I know that AT&T doesn't block any ports, and that there's no firewall in the modem.
It can with Site 2...? Site 1 doesn't get past connecting to external, Site 2 does, assigns, communicates without issues.
EDIT: Switched to /16. Nothing still. It would appear that -something- is blocking the port, but it's beyond me what. Is there any way to fine-tune TCPDump to show only packets on a specific port, or from a specific destination? Could port-forwarding another service on 1194, TCP or UDP, help? I'm sure I could find something.
Last edited by jjoyceiv; 11-23-2008 at 11:41 AM.
Well if TCPDump isn't showing the UDP packets that OpenVPN needs to communicate than the problem is outside if your untangle. You either aren't forwarding the port correctly, or some device upstream is preventing the communication in some manner. TCPDump operates before all firewalls within Untangle, so you can't do anything to block it on that level.
Rob Sandling, BS:SWE, MCP
Intouch Technology
Phone: 480-272-9889
rob@intouchtechllc.com
UntangleAppliances.com
Phone: 866-794-8879
I'll be doing some digging with TCPDump -- filtering to UDP, or even specifically to UDP port 1194 -- this afternoon. Watch this space for the results -- thanks for your suggestions so far.
DOH! It was a port forward after all! TCPDump showed packets hitting ppp0, then going to 10.1.1.3 via eth1. Turns out I had a port forward set up for 1025-2025 for an FTP server!
Massive fail, major PBKIP!
Thanks everyone.
Posting Permissions
LinkBack URL
About LinkBacks