Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14
  1. #11
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by techuser View Post
    I have tried disabling all of the packet filters, and no dice. Also Support said that IPsec module completely bypasses the packet filters.
    Unfortunately, now you have a whole bunch of new problems to deal with.
    Stop changing random settings. You're digging yourself further into a non-working configuration. Thats what got you where you are now.

    I'd start fresh and change *only the settings you need to.*
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #12
    Untangler
    Join Date
    Nov 2010
    Posts
    85

    Default

    I have not changed random settings. I only temporarily disabled the packet filter settings to see if that's the problem with IPSec tunnel. I have no new problems to deal with???? Still only dealing with the one problem.

  3. #13
    Newbie
    Join Date
    Jul 2011
    Posts
    7

    Default After two years later from this POST...

    I have exact same issue. Did anyone find a solution to this?
    The tunnel works fine one way (from REMOTE to LOCAL)
    When I do TRACE ROUTE from UNTANGLE, it can trace to the REMOTE LAN IP (192.168.100.1 for 192.168.100.0/24) at one hop.
    When I do tracer to 192.168.100.100 (a REMOTE HOST), it runs through 30 hops of external connection. It seems that the UNTANGLE completely ignores the ROUTING RULE imposed by IPSEC VPN to route all IPSEC REMOTE NETWORK traffic to 192.168.100.1, but instead, it tries to look for it at the EXTERNAL Interface (PUBLIC IP ADDRESS)
    My LOCAL IP: 10.1.0.1
    --------------------------------
    Sat Jul 21 2012 13:04:43 GMT-0700 (Pacific Daylight Time)
    traceroute to 192.168.100.1 (192.168.100.1), 30 hops max, 40 byte packets
    1 192.168.100.1 (192.168.100.1) 1.025 ms 0.976 ms 0.908 ms
    Sat Jul 21 13:04:43 PDT 2012 - Test Complete!

    Sat Jul 21 2012 13:06:03 GMT-0700 (Pacific Daylight Time)
    traceroute to 192.168.100.163 (192.168.100.163), 30 hops max, 40 byte packets
    1 * * *
    2 * * *
    3 * * *
    4 * * *
    5 * ip68-4-11-20.oc.oc.cox.net (68.4.11.20) 2.467 ms 2.332 ms
    6 * * *
    7 * * *
    8 * * *
    9 * * *
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *

    Anyone have any idea or should I just get a refund on Untangle instead?

  4. #14
    Untangler
    Join Date
    Nov 2010
    Posts
    85

    Default Try OpenVPN

    In working with support, I reloaded from base and went through every setting one by one. We discovered that on the Config > Networking > Advanced > General > The "Legacy NAT Mode" can create problems. We also discovered that in if you make a change in the general settings and then change it back it does not revert back to the other settings. In version 9.3 they appeared to have fixed putting it back, but I still had issues if using Legacy NAT mode. If I remember correctly, the default is to have Legacy NAT mode unchecked. Legacy NAT mode came about in 7.1, I believe and there was no alternatives, now I don't believe the setting is needed for anything. So I was able to get the IPSec tunnel working, but then I ran into a problem with OpenVPN clients from remote trying to reach clients across the IPSec Tunnel. I still have a support case logged against the testing of OpenVPN user clients trying to access clients across the IPSec tunnel.

    At present, I am running OpenVPN for both clients, and site-to-site. So far the OpenVPN works pretty good. I wish there was a little better logging to get a feel for performance of the OpenVPN connection, but it seems to be working okay.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2