Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    Did you distribute the client before or after you unticked the NAT box in the OpenVPN module?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default

    Quote Originally Posted by sky-knight View Post
    Did you distribute the client before or after you unticked the NAT box in the OpenVPN module?
    The client was distributed after unticking the NAT box.

    I see now that traffic to/from the management IP of the remote VPN-router, 172.28.200.10, is not NAT'ed ! But traffic from the clients on the remote network, 172.28.1.x, is NAT'ed

    Is the checkbox only controlling NAT from the specified Address Space, and not the remote networks through VPN ?

    5.png

  3. #13
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default

    Now we also have tried with NAT client (road warrior) and not as remote network, but the traffic is still NAT'ed through the WAN interface, regardless if we check/uncheck the various NAT tickboxes. So, as dmorris says, it seems that the NAT tickbox on external interface does not affect traffic from VPN clients.
    Can I post this as a feture request somewhere?

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    The NAT tickbox on any interface doesn't affect traffic transiting the VPN, nor should it. The actual tunnel traffic is coming directly from Untangle and in no need of translation, traffic passing through the tunnel isn't subject to the settings on External at all, because it never goes through there.

    The only box that you need be concerned with if you're passing traffic through the tunnel is the one in the OpenVPN module itself. And if that isn't behaving the way you'd expect, I suggest you open a support ticket. If you've disabled NAT on both OpenVPN modules and something is still NAT'ing there may be a bug, or possibly some other configuration problem. Either way, the forums will never find it, you need support's help. We can't see into your boxes.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #15
    Newbie
    Join Date
    Mar 2016
    Posts
    12

    Default

    To make things a bit clearer, traffic from OpenVPN reaches the Untangle server with its original addresses:

    4.1.png

    ..so the NAT checkbox on the OpenVPN module sems to work.

    But when it goes out the external interface it gets NAT'ed, no matter how the NAT checkbox on external interface is checked.
    I guess this is true on all traffic exiting the external interface, not only traffic from the OpenVPN module but also traffic from other internal interfaces. But since we only use Untangle for OpenVPN we have only noticed it on VPN traffic.
    Is it a bug or is it by design? I dont know but if it ment to always NAT through the External interface, then why is there a NAT checkbox there?
    Well thanks for your input so far, I will try to get in contact with support.

  6. #16
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,696

    Default

    We need to step back as you are making changes without any thought of the network design. What are you trying to do with this network? A diagram would be helpful and returning the Untangle to default settings.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #17
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by sthe67 View Post
    Is it a bug or is it by design? I dont know but if it ment to always NAT through the External interface, then why is there a NAT checkbox there?
    It is by design, as described here: https://forums.untangle.com/feedback...tml#post203880
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2