IPSec Tunnel from Ubiquiti Dream Machine Pro To Untangle

We have a remote site that we purchased a UDM Pro for and we were going to IPSec it to a USG we have behind Untangle with some port forward rules. Unfortunately none of that has worked. I put in rules for port 500 and 4500 to forward to the USG on the other side of Untangle from our remote site source address, it could see the USG but no connection would establish. So then I tried to just IPSec it to Untangle. This connection established fine, however all I could ping from the remote site was the internal ip of Untangle nothing past it. But I couldn't ping back to the remote site from Untangle, nor could I ping any other network behind where the USG is. I don't know what I am missing or what I need to do to make any of this work. We have SIP Phones that we need to get configured and they need to be able to access servers on our other network from the remote site.

Any help on any of this would be great.


*the UDM automatically creates rules for the ipsec vpn in the firewall, also note that the USG really just is set up to route internal subnets, firewall rules are set to all open since Untangle is our firewall and NAT is disabled on the USG*

I don't care how we get it connected either to Untangle to UDM or to USG to UDM through Untangle. Just need some guidance.

I'm not an IT professional. Hopefully someone will be along to offer some help.

From my reading of the forums, no one has anything good to say about the UDM.

You may need to forward the GRE protocol as well.

IPSec to IPSec is a pain, doubly so when you're mixing vendors, triple so if you have to transit any sort of NAT barrier.

There's not much we can do here about all of that.

I was able to get it to communicate, I got it to connect to the Untangle box via IPSec. My issue was when I specified the local network on the Untangle Side I only am for some reason able to specify one network. I don't know if it is a syntax thing or if I have to set up an IPSec connection for each internal network I want to pass across but here is how I have it set, public IPs redacted of course. Does anyone know how to specify multiple local networks. I have tried comma separated and that doesn't work. Attachment 10944

IKE1 only allows for 1 remote network, you have to be on IKE2 to allow for multiple networks or you have to configure multiple tunnels.

Thanks I will try that. Do you happen to know what would cause DNS not to work properly via the tunnel? I tried with the site doing DHCP and specified our internal DNS for DNS and didn't work. Then I successfully had our internal DHCP/AD/DNS server hand out DHCP to the remote site with the internal DNS set for DNS and still DNS wouldn't work. Would you think it is something being blocked on our tunnel? IF so I would assume on the UDM Pro side in which case I will have to move over to Ubiquiti forums for that.