2 VPNs

[gcliv]

Hello

First, I love Untangle. I use it at both my church and my business - its an amazing product!

I'm transitioning from using Untangle in a simple bridge mode to it ultimately replacing my Cisco PIX (OpenVPN on Untangle is my bff). The challenge is that I need to run both simultaneously for a while, I can't switch everybody's VPN at once from one to the other.

Currently, I have a dedicated Untangle computer with 3 NICs, external, internal, and DMZ. The cloud is connected straight to the external NIC, the internal goes to my LAN, and the DMZ is bridged with the external NIC for my Pix (which is also connected to my LAN).

I have all end users using the Untangle internal NIC as their gateways, and the servers using the Pix as their gateway (so that VPN users connecting to the Pix receive their packets back). My question is....what can I reconfigure so that I can have both VPNs usable at the same time? I can't use multiple gateways, can I? I figure a packet forwarding rule, but I am not sure...?

[dmorris]

welcome to the forums!

hmm, thats a tough one. obviously they both have to see the return packets.

My guess would be to add a route to your VPN address pool on the PIX so that those packets are routed back to untangle's internal IP. (ie 172.16.16.x goes to untangle)

Then those connected via openvpn talking to the servers should work. the server's will reply to their default gateway (as the address pool isn't local) and then the pix should forward them over to untangle which will ship them back over the VPN.

should work in theory anyway

[gcliv]

I'm nowhere near an expert on the Pix, especially without a GUI.

I've tried creating a static route from the Pix VPN's pool on Untangle to route to the bridge - but no luck.

Is my only option to do it on the Pix?

[gcliv]

Ok, I manned up and got into my Pix.

I added a route that takes my Untangle/OpenVPN address pool and shoves it back through the 'inside' interface to the Untangle internal IP. Doesn't work.... :-/