IPsec VPN and Management Access

**skialta30** · 05-17-2020, 01:57 PM

Hi all,

I was able to get a site to site IPsec tunnel stood up between two Untangle 15 appliances however if I rely on the IPsec tunnel I cannot access the Untangle management IP at the remote site. All other systems on that same remote network are available. My IPsec configuration is set so that the management network is what is defined in both devices as the remote network. I have to then connect over an OpenVPN connection to regain access to the management interface. I checked the firewall reports and I don't see anything blocked from my local workstation IP. What am I missing?

Thanks all

**jcoffin** · 05-17-2020, 02:30 PM

I would use Command Center to remotely access each box as it does not rely on any site to site. https://www.untangle.com/cloud/command-center/

As to your issue, you will need to add rule to allow access to the HTTP or HTTPS interface from the IPsec interface in /admin/index.do#config/network/advanced/access_rules. Also if you changed the ports of the GUI, you will need to add that to the URL.

**skialta30** · 05-17-2020, 02:49 PM

Noob here, how exactly do I access that file? SSH? I run PRTG at my house and want to be able to collect stats of the remote unit.

**jcoffin** · 05-17-2020, 04:18 PM

That is a GUI URL https://<your LAN IP>/admin/index.do#config/network/advanced/access_rules

**Asam** · 05-18-2020, 03:46 AM

Originally Posted by skialta30

Hi all,

I was able to get a site to site IPsec tunnel stood up between two Untangle 15 appliances however if I rely on the IPsec tunnel I cannot access the Untangle management IP at the remote site. All other systems on that same remote network are available. My IPsec configuration is set so that the management network is what is defined in both devices as the remote network. I have to then connect over an OpenVPN connection to regain access to the management interface. I checked the firewall reports and I don't see anything blocked from my local workstation IP. What am I missing?

Thanks all

01.you will need to add rule to allow access to the HTTP or HTTPS interface from the IPsec interface
02.open port (443) in your ISP(gateway) router

**kkw98** · 05-20-2020, 09:43 AM

i was just trying this myself but noticed i don't see IPSEC as an interfece. I can see L2TP and GRE and also OPENVPN but no IPSEC?

I am also able to see the 6 tunnel VPN's i have created as well.

Any ideas?

**Jim.Alles** · 05-20-2020, 09:50 AM

It's an app that needs to be installed.

**kkw98** · 05-20-2020, 11:23 AM

Originally Posted by Jim.Alles

It's an app that needs to be installed.

So currently I have IPSec working between two devices, but I have same issue where I can’t access management of the remote device.

I was looking to update the ACLs but noticed when I select an interface I don’t see IPSEC as an option.

Am I missing something? Do I need to install another app?

Thanks

**skialta30** · 05-20-2020, 02:01 PM

Same with me, I see L2TP and GRE also but not IPsec. All of that being said, I think we need two conditions to make this work, correct? The first being the interface (should be IPsec, right? but it's not listed). Since we still have to define the port, would we select the Destination Port?

**Jim.Alles** · 05-20-2020, 02:12 PM

Oh, sorry.

Tunnels are not consistently treated as 'interfaces' in NGFW.
The SD-WAN product is much better at it.

However, I am not experienced with IPsec.
from the wiki entry:
https://wiki.untangle.com/index.php/IPsec_VPN#IPsec_Tunnels

It looks like it will be the interface you selected to be associated w/ IPsec. (probably WAN)

Somebody let us know if it works, please. (or correct me ;)

Thread: IPsec VPN and Management Access

LinkBack

Thread Tools

IPsec VPN and Management Access

Tags for this Thread

Posting Permissions