Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Sep 2011
    Posts
    7

    Question Is it possible to port forward traffic over the tunnel?

    I have configured a tunnel site to site with two UT boxes.
    UT with openvpn server has a port forward to a web server behind the tunnel and the another UT has a tunnelvpn configured to route all traffic over the tunnel.

    I can't get sencond Untangle forward that traffic over the tunnel.

    So, is not possible to connect through external WAN from first UT box to web server behinds exported remote network ?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,841

    Default

    Site to Site OpenVPN is not full tunnel on Untangle.

    So Site A is the OpenVPN server and Site B is the remote site with the web server?
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Sep 2011
    Posts
    7

    Default

    Yes. Site A is the OpenVPN server and Site B is the Tunnel-VPN client with a web server in that network

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,841

    Default

    You won't be able to forward to a specific box behind the tunnel vpn client since the client is NAT for the entire network behind tunnel vpn.

    I have not tried it but it might work port forwarding on Site B from the Tunnel VPN interface to the web server behind it
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,355

    Default

    Yeah, the problem is that layer of NAT. You can port forward over site-to-site tunnels all you want.

    If you want to forward over the NAT enabled tunnel, you'll need TWO forward rules. One on the parent Untangle aimed at the OpenVPN address used by the child, and another on the child to get to the device in question.

    But that's technically double NAT, so expect issues. This can work in theory, but in practice it will be a headache.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Sep 2011
    Posts
    7

    Default

    Quote Originally Posted by jcoffin View Post
    You won't be able to forward to a specific box behind the tunnel vpn client since the client is NAT for the entire network behind tunnel vpn.

    I have not tried it but it might work port forwarding on Site B from the Tunnel VPN interface to the web server behind it
    Yes. if i try to connect via a new port forward in child untangle , it works. I don't understand exactly why from first untangle can't get it to work. I captured with tcpdump and i can see packets arrive to web server. the problem is that second untangle no route back through the tunnel. So a visitor to a webpage try to connect to master untangle public ip and get response from child untangle public ip and drop it.

    Quote Originally Posted by sky-knight View Post
    If you want to forward over the NAT enabled tunnel, you'll need TWO forward rules. One on the parent Untangle aimed at the OpenVPN address used by the child, and another on the child to get to the device in question.
    That make sense. I will try it now
    Last edited by extrememicro; 07-12-2019 at 07:42 AM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2