Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Aug 2016
    Posts
    7

    Default IPSec Tunnel not routing internet out WAN

    I have a pretty simple two location setup:

    Location A: 10.1.0.0/24 (with WAN connection to internet)
    Location B: 10.100.0.0/24

    Location A is connected to Location B over IPSec VPN. Everything works properly as far as LAN routing is concerned, instances on both subnets are able to communicate with one another no problem. On B side I have 0.0.0.0/0 routing to the IPSec tunnel.

    I'm trying to get all internet outbound traffic from Location B to route out Location A's WAN. When I ping an external IP from B, I can see the packets coming across the tunnel as "received" (ping packets being received from B), but nothing being "sent" (A sending ping responses to B).

    I think it's a simple routing issue but I can't figure it out for the life of me. Any help is appreciated.

    Cheers!

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    Use Tunnel VPN instead. Full tunnel will not work with IPsec.

    https://wiki.untangle.com/index.php/Tunnel_VPN
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Aug 2016
    Posts
    7

    Default

    Thanks!

    This appears to only be available in 13.1? My device is still on 13.0 and hasn't had 13.1 rolled out to it yet (not available in updates).

    Is there any way to get this sooner to get Tunnel VPN up or will I have to wait until my device receives 13.1?

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    https://forums.untangle.com/announce...available.html

    When will the upgrade be available for me?
    Upgrades are rolled out over time to the existing servers. The upgrade will likely be available to all servers by end of October.
    If you want it sooner you can get on the early upgrade queue by contacting support or the priority queue:
    https://forums.untangle.com/off-topi...e-request.html
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Aug 2016
    Posts
    7

    Default

    Thanks!

    Tried to send the DM to dmorris but get an error that they've exceeded their storage for messages.

    Should I contact support directly?

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    Quote Originally Posted by enusbaum View Post
    Should I contact support directly?
    Definitely. Make sure to include your UID in the support email.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Aug 2016
    Posts
    7

    Default

    Thanks again, Support was able to get me to the upgrade queue and I was able to get 13.1 installed.

    Turns out Tunnel VPN will not work as it's based on OpenVPN and my remote endpoint requires IPSec.

    That being said, with 13.1 I can now set my local network on the IPSec tunnel to 0.0.0.0/0, and with the appropriate NAT rules from the remote subnet and I am now able to access the internet from the remote network through the IPSec tunnel and out the Untangle box.

    My issue now is that it appears that the internet bound traffic from the remote network is not being filtered by any of the Untangle services. I've verified that the "Bypass all IPSec Traffic" is not selected and that it shows the sessions for the remote network under the "sessions" tab.

    Any thoughts on this?

    Thanks again!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2