Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Master Untangler
    Join Date
    Jan 2014
    Posts
    115

    Default

    My mistake on wording. Openvpn is installed in the rack for both sites, i just hit the "power" button so its not running at Site A. If I turn it on, I can't access Site B's interface via web anymore.

    I'm physically in Site A.

  2. #12
    Master Untangler
    Join Date
    Jan 2014
    Posts
    115

    Default

    Quote Originally Posted by dmorris View Post
    Yes, both OpenVPNs must be on.
    If the OpenVPN is not on you'll get a "Unable to verify connection to server" message because well, openvpn is not running.
    Sorta figured this. One of those "Oh, as I type this question, I realize how stupid I am and need to fix it." moments.

  3. #13
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by onenerdyguy View Post
    Sorta figured this. One of those "Oh, as I type this question, I realize how stupid I am and need to fix it." moments.

    We all have those.

    I would turn them both on and sort out any other issues (like being able to connect to admin) first.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #14
    Master Untangler
    Join Date
    Jan 2014
    Posts
    115

    Default

    Alright, got them connected, and I can do admin afterwards.

    However, neither LAN can talk to eachother, either via ping or over explorer trying to mount file shares.

    I have Site A with the exported network of 10.1.0.0/23. If I'm understanding things right, that should let Site B go into Site A's 10.1.x.x network, correct? Or am I missing yet another step.

  5. #15
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,111

    Default

    At this point you will have to do some basic network troubleshooting.
    - Can you ping the Site B Untangle LAN IP from Site A Untangle?
    - Can you ping the Site B Untangle LAN IP from Site A PC?

    Also after rereading your initial post, using 9.4 for OpenVPN and VLANs is going to be difficult. V10 added NAT'ing for VPN and VLAN support. Since you are running 9.4, your Cisco will need routes to the OpenVPN network (generally 172.x.x.x) so the VLAN know how to get back to the VPN network.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #16
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,302

    Default

    Seems to me you have an address conflict between VLAN600 (192.168.0.0/16) and Site B (192.168.0.0/21). Even if Site B doesn't need to talk to anything on VLAN600, I don't see how any node at Site A can reach Site B since any packet sent to 192.168.anything will be routed to VLAN600 (this would of course include response packets for connections initiated from Site B).

    As VLAN600 is guest wifi, couldn't you change that pretty easily? Use 172.20.0.0/16 or 10.10.0.0/16? Or if you have some reason to keep it in the 192.168 range, how about 192.168.128.0/17?

  7. #17
    Master Untangler
    Join Date
    Jan 2014
    Posts
    115

    Default

    Quote Originally Posted by johnsonx42 View Post
    Seems to me you have an address conflict between VLAN600 (192.168.0.0/16) and Site B (192.168.0.0/21). Even if Site B doesn't need to talk to anything on VLAN600, I don't see how any node at Site A can reach Site B since any packet sent to 192.168.anything will be routed to VLAN600 (this would of course include response packets for connections initiated from Site B).

    As VLAN600 is guest wifi, couldn't you change that pretty easily? Use 172.20.0.0/16 or 10.10.0.0/16? Or if you have some reason to keep it in the 192.168 range, how about 192.168.128.0/17?

    Thats what I was thinking in the first place, but thought I was told above it would work. I've been debating on converting either Site B or the guest wifi over to a different network, but haven't done it yet. Ideally, the Guest Network would be the easiest, but I'll need to track down my predecessors setup in the Cisco stack to figure out the isolated vlan and change it's IP scheme.

    Thanks!

  8. #18
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,302

    Default

    Awhile back I came to the decision that no network I setup anywhere will be 192.168.0.0, 192.168.1.0, or 192.168.2.0. Those 3 are too likely to conflict with something either now or down the road. 192.168.something still "feels" right for regular LANs (in my head 172.something is either VPN or some special purpose network, and 10.something is DMZ or guest network, something isolated from the rest of the network). So now I use the first 2 or 3 digits of the building's street address for the 3rd octet of the 192.168.xxx.0 network address. The few networks I still have at client sites that use 192.168.1.0 or 192.168.0.0 are an on-going headache for one reason or another.

    If you can use your site-to-site VPN requirement as an excuse to change Site B to a better network address, I recommend it. You can put both addresses on the Untangle's INT interface (one as the primary address, one as an alias) and have it act as a router between the old addresses and new addresses as you make the transition.

  9. #19
    Master Untangler
    Join Date
    Jan 2014
    Posts
    115

    Default

    I never even thought of setting up Untangle to route between 2 different subnets during a conversion. That'll work slick. Thanks!

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2