Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untanglit
    Join Date
    Nov 2017
    Posts
    15

    Default OpenVPN server issue

    Hello,

    A little background:
    Untangle in routing mode. One LAN network, one Guest network, one DMZ network and one WAN network.

    I have set up OpenVPN server in full tunnel mode with the default to NAT the VPN client IPs and installed clients to my Android phone and laptop. The VPN connects fine and I can ping internal machines on the LAN, but for some reason connecting to LAN server web interfaces and internet web pages time out on me.

    It kind of feels like an MTU issue, but I don't see anything I can tweak to try to test this. For example the web interface of my Unifi controller starts to load and shows that it has a self signed certificate, but then times out.

    Can anyone help troubleshoot?

    Many thanks
    Last edited by Xenstar; 02-21-2018 at 12:36 PM.

  2. #2
    Untanglit
    Join Date
    Nov 2017
    Posts
    15

    Default

    Just another update. I have found that I can SSH to one of my servers while connected to the VPN and also connect to a Samba share on it. It's just web browser connections that seem to be having issues. It's important to me to resolve it, as I like to use the OpenVPN on my phone as a hotspot shield tunneled out my home connection when I am on public wifi.

    MTU test using ping show the highest MTU is 1472 before it is fragmented.
    Last edited by Xenstar; 02-21-2018 at 12:54 PM.

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Can you run 'top' over SSH? If so its unlikely to be mtu related, because running 'top' will generate large packets.

    Do you see the web sessions in reports? Do they connect and then hang or fail to connect? What does it say when you try it?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untanglit
    Join Date
    Nov 2017
    Posts
    15

    Default

    That 'top' test is a very good tip. Interestingly it does run on the SSH session over VPN, but only shows the first three lines of processes and the top stats are frozen. If I do the same thing from the LAN via SSH, I see all the processes, which is obviously more than one pages worth. So it does still perhaps point to an MTU thing?

    I can see the sessions listed under reports/Network/All Sessions, but unsure how to see whether they connected or not.

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Yeah definitely sounds like mtu

    Sent from my Nexus 6P using Tapatalk
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untanglit
    Join Date
    Nov 2017
    Posts
    15

    Default

    Where to go next? I just changed my firewall from pfSense to Untangle and I never had this problem with the pfSense OpenVPN configuration on the same connection with the same MTU set.

  7. #7
    Untanglit
    Join Date
    Nov 2017
    Posts
    15

    Default

    Quote Originally Posted by Xenstar View Post
    Where to go next? I just changed my firewall from pfSense to Untangle and I never had this problem with the pfSense OpenVPN configuration on the same connection with the same MTU set.
    Actually, that's not entirely true. My pfSense WAN interface was set to MTU 1492 with MSS of 1452, but Untangle is still set to Auto MTU on all interfaces. I just tried fixing the MTU on the WAN interface under Advanced settings, but it seems to have knackered my WAN connection. Any advice welcome.

    NB: Posted this by booting my pfSense VM back up. I like pfSense a LOT, but Untangle's layer7 filtering and content filtering is way better.
    Last edited by Xenstar; 02-21-2018 at 02:41 PM.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,162

    Default

    Whoa hold up... VM? Can we assume Untangle is a VM as well? Because that means you have MTU on the host to deal with as well.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untanglit
    Join Date
    Nov 2017
    Posts
    15

    Default

    Apologies, I should have mentioned that in my first post. Yes, it's an ESXi 6.5 host running VMs. The vSwitches are set to MTU1500 by default and the WAN physical interface is connected to a VDSL modem. PPPOE is used for the ISP connection. The MTU settings on the WAN interface worked fine in pfSense and also work fine on Untangle aside from this OpenVPN issue.

    Disclaimer: I am not running a business on this. It's my home network and I like the flexibility of VMs.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,162

    Default

    I wasn't saying you needed to get rid of the hypervisor, use of that is fine. It's just that it's an added layer of complexity to this already complex issue.

    So you're reporting that if you reduce the MTU on Untangle's external interface to match what the PFSense unit had, Internet connectivity works but OpenVPN stops?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2