Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Jun 2012
    Posts
    7

    Default IPSEC VPN Tunnel and OpenVPN remote Clients

    Hi All,

    We're very happy UT users but have an issue with IPSEC VPN not passing remote OPENVPN traffic across the IPSEC Tunnel

    We've got a successful IPSEC VPN tunnel between 2 x Untangle V14.1 boxes which has been working fine for a few years with both ends able to see resources on the other network fine when connected inside the local LAN.
    Different IP ranges on each network 192.xxx and 10.xxxx respectively.

    When staff remotely connect to either UT box using an OpenVPN client they can access the resources at that network such as drives, servers etc, but they cannot see any of the resources across the IPSEC VPN tunnel.

    Cannot ping IPs or access any resources etc.

    Hasn't been a major problem till now but we now need to enable access to both networks for our OPENVPN connected clients when they are connected to one server only.

    We've been trying several settings in OpenVPN server regarding external networks, groups etc turning off full tunnel and setting custom DNS servers which are not making any difference.

    We've also tried connecting to both networks via the remote clients using a multiple simultaneous connections which connects OK but they still cannot ping or see the both network resources at the same time.

    Do we need to put a new IPSEC VPN tunnel in place using the 172.xxx that OPENVpn establishes or is there a route or other setting we are missing / not setting up properly?

    Looking forward to getting some help to solve it.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,725

    Default

    Add a second IPsec tunnel for the OpenVPN tunnel IP range (probably 172.xxx) as the local network and all the other settings of the first tunnel.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,725

    Default

    Also add the remote network IP CIDR to the OpenVPN export networks. /admin/index.do#service/openvpn/server/exported_networks
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Jun 2012
    Posts
    7

    Default

    Hi jcoffin,

    Thanks for the response.

    We couldn't create a 2nd tunnel as the first one was configured with IKEv1 as suggested in the untangle IPSEC config pages and enabling a 2nd tunnel broke both tunnels when it was enabled.

    So we copied our original tunel and then did a few changes that made it all work using IKEv2.

    Change 1
    Multiple IP's requires IKEv2

    Change 2
    Put the OpenVpn and local IP ranges of both ends into the respective Local Network and Remote Network settings which then enabled the traffic to come back.

    End A
    Local network
    ie 192.x.x/24,172.12.x.x/24

    Remote network
    10.x.x.x/24,172.14.x.x/24

    End B
    Local network
    ie 10.x.x.x/24,172.14.x.x/24

    Remote network
    192.x.x.x/24,172.12.x.x/24

    Full IP range numbers are required but not provided for obvious reasons.

    Once we did the above
    and put the remote LAN ip into the OPENVPN exported networks it all works as planned

    Thanks for the assistance.

    Much appreciated

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2