Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35
  1. #21
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    Oh, and one last thing. If the machine you're pinging from, or pinging to, is Windows 8 or Server 2012, the Windows firewall WILL be a problem. All four of the ranges I just mentioned in your exports should also be listed in Active Directory Sites and Services, if not you'll have issues. No, you can't just disable the Windows Firewall Service, you actually have to configure the thing. And, it's notorious for not accepting configurations at times. You can disable the firewall via the firewall applet in the control panel, but without group policy to remind it it will randomly kick back on. Welcome to Microsoft.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #22
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    I have followed all the sujections above (the firewall was already turned off by a group policy), but I still can't ping any equipment from site to site.

    The interesting thing is, I can remotely connect from any place over VPN and sucessfully ping any equipment from any site. But it can't be done from any local equipment from any site.

    Any other suggestion?
    Bytes Solutions
    www.bytes-solutions.com

  3. #23
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    This is what is configured at AD Sites and Services:

    AD Sites and Services Conf.png
    Bytes Solutions
    www.bytes-solutions.com

  4. #24
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    - There is one server at site JOPECA01 (192.168.0.0/24), the server is 192.168.0.25 (SVR-DOMINIO). It does not have Active Directory and domain service configured.

    - There is no server at site JOPECA01 (10.0.0.0/24)

    - There is one server at site Mezzati (10.0.1.0/24), the server is 10.0.1.100 (JOPECADC01). It has Active Directory and domain service configured.
    Bytes Solutions
    www.bytes-solutions.com

  5. #25
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    Hello Guys,

    Any idea on this issue?
    Bytes Solutions
    www.bytes-solutions.com

  6. #26
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    Today I opened a case with the ISP to make sure anytihing inside their network is blocking our VPN traffic or required ports (UDP 1194 and TCP 443). I will keep you posted on their findings.
    Bytes Solutions
    www.bytes-solutions.com

  7. #27
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    Hello All,

    I ran the following tests (please see the pictures below), in order to determine what is affecting this connectivity:

    At this first test, I ran a ping from main UT box to computers located at the remote two sites, they were sucessfully from untangle, but not from any local computer from main site or remote site:

    Ping Test from Main UT Box to Remote Equipments.png

    At this second test, I ran a connection test to ports 443 and 1194 from Main UT Box to each remote sites.

    Connection Test from Main UT Box to Remote Sites.png

    Notice that each test to port 1194 failed over each remote site. Connection test to port 443 failed at first remote site but shows it is "open" at second site. It is good to say a couple things: first, I opened ports 443 and 1194 at each router from the 3 locations being connected. Second, I can remotely connect to UT boxes (https://999.999.999.999) located at main site and one of the remote sites (the one which says port 443 is open), but I can't remotely connect to UT box (https://999.999.999.999) located at the remote site which presents a time out when connecting to port 443.

    At this point, do you suggest performing any configuration change at UT boxes or do you understand we are having issues over the ISP's circuits?

    Please help me, this is driving me crazy, since I have performed this same type of VPN connections many times and this is the first time something like this is happening.

    Thank you in advanced for your help.
    Bytes Solutions
    www.bytes-solutions.com

  8. #28
    Master Untangler
    Join Date
    Dec 2008
    Location
    Greater Omaha Area
    Posts
    253

    Default

    Rob was on the right track here, any issues with site to site OpenVPN between Untangle boxes is always an issue with the Exported Networks being incorrect, at least every time I have had issues that's what has resolved it. I would be happy to help, review this with you. Maybe PM me so we can get in contact directly instead of waiting for posts on the forum?

  9. #29
    Master Untangler
    Join Date
    Dec 2008
    Location
    Greater Omaha Area
    Posts
    253

    Default

    I see you are running Untangle 9.4 at each location, it's important to make sure that when you do upgrade which you really need to do before year end, that you upgrade your remote client's first and then your main server as 9.4 doesn't know how to handle 10.x or later OpenVPN config files but 10.x does know how to handle 9.4 or earlier OpenVPN confil files. Maybe with your issues, it's time to do that now?

  10. #30
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,098

    Default

    Quote Originally Posted by chmcwill View Post
    as 9.4 doesn't know how to handle 10.x or later OpenVPN config files but 10.x does know how to handle 9.4 or earlier OpenVPN confil files.
    That is not completely correct. It is compatible but it does make it easier of the main site is on version 10+. 10.x client zip can be modified for 9.4 compatibility.

    http://wiki.untangle.com/index.php/O...e_.28client.29
    Last edited by jcoffin; 06-23-2015 at 08:01 AM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2