Results 1 to 7 of 7
  1. #1
    Untangler
    Join Date
    Nov 2009
    Posts
    36

    Default Using SBS 2011 with OpenVPN and mobile remote laptops

    Using Untangle 10.1, one internal and one external interface and SBS 2011. The address space of the local network the SBS server is on behind the Untangle firewall internal interface is 10.10.x.x. I have six remote Windows 7 Professional domain member laptops with the OpenVPN client on them. I've exported DNS from the SBS server through Untangle OpenVPN configuration and I can see and connect to all shares on the SBS box by typing in \\SERVERNAME\ in the address bar. Files move from server to machine and back just fine.

    However, with the VPN tunnel up, the remotes do not show up in the SBS console as online. I cannot connect to the remote machines from the SBS Server desktop. I am guessing that my GPO's and folder redirects do not get implemented through the OpenVPN connection as well.

    From searching the web I have found that it is probably a combination of needing specific rules on the SBS 2011 firewall, that turning it off is not enough, and needing to configure the Untangle/OpenVPN site address space (the ones starting with 172.xx.xx.xx) as an additional sub-net in Active Directory Sites and Services. I do not know what specific rules to put in the firewall to allow it to pass this data to and from the remotes and I am unsure if my configuration of the Untangle OpenVPN subnet is as it should be in Sites and Services.

    Can anyone give me a complete set of steps to get this configured?

    EDIT: not sure if it is relevant, but I also see the names of my remotes and their respective OpenVPN addresses (the ones starting with 172.xx.xx.xx) in the SBS 2011 DNS tables alongside my other local IP addresses.

    EDIT: I can in fact change a GPO on the sbs box and run gpupdate /force on the remote machine and see the change. Still can't get the SBS console to show the remote machines online or get RDP to work from the SBS box to a remote client.
    Last edited by otter; 04-18-2014 at 11:44 AM.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    You need to add the 172 network you're using as a VPN address pool to your exported networks list. Then your LAN can communicate with VPN clients. This is in your OpenVPN module on Untangle, you've likely used the wizard to export the lan, but nothing else. If it's not exported, you can't connect to it over the VPN.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Nov 2009
    Posts
    36

    Default

    I added the 172 network to the exported networks list in OpenVPN, rebooted the remote laptop and started the OpenVPN client. I did not reboot the Untangle box. I have the firewall off on the remote laptop and off on the SBS 2011 server. I still cannot ping the remote laptop or use RDP from the server to access the laptop at its 172.x.x.x address. The laptop does not show up as online in the SBS console either. Ideas?
    Last edited by otter; 04-18-2014 at 02:42 PM.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    If it's Untangle 10, there's NAT in the way now... so I'm not sure how that should work. It may need a port forward.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    sky-knight, stop with the NAT thing. If you don't know - don't answer.

    You just ping the address.
    If you can't ping it, there is something wrong. It could be anything. Is your Untangle in-line?
    I would contact support.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangler
    Join Date
    Nov 2009
    Posts
    36

    Default

    In-line, the only gateway is the Untangle 10.1 box, in router mode, one internal, one external interface, from any machine on the internal interface I am unable to ping any of the VPN tunnel IP addresses.

    I can ping machines in the tunnel (connected to the VPN) from other machines in the tunnel (connected to the VPN).

    In other words, if I have three remote laptops connected by VPN to the Untangle box as I do now, I can ping any of the other laptops at 172.x.x.x from a laptop I have offsite and connected to the VPN, but I cannot ping the same 172.x.x.x addresses from any machine connected to the internal interface onsite at the office.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    Which means your export is working... LAN clients should be able to do the same, unless you've got something hokey in your server's routing table. Default route is Untangle?

    Take Dirk's suggestion and contact support, resolving this via forum will take ages.
    Last edited by sky-knight; 04-21-2014 at 09:04 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2