Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default Sonicwall Untangle VPN browse

    Hi All

    I have untangle 6 working behind sonicwall. When a user connects to the network using the sonicwall vpn, they cannot browse the net. I know it has something to do with untangle as if I remove untangle, they can browse. Can anyone please help me to understand what in untangle could be blocking them. My untangle firewall is set pass anything that doesn't have a matching rule.

    Thanks for any help.

  2. #2
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    Hi.

    What Gateway and DNS dose the VPN users on the Sonicwall get?

    Dose the vpn network have its own range?

    Do the Sonicwall route anything to the UT ?

    Is the UT in bridge or router mode?

  3. #3
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default

    What Gateway and DNS dose the VPN users on the Sonicwall get?
    The gateway they get is the address of the sonicwall device. Sonicwall is the default gateway.

    Dose the vpn network have its own range?
    No it doesn't. VPN users get IP addresses from the internal DHCP server.

    Do the Sonicwall route anything to the UT ?
    I guess so. I was looking into the problem and I noticed that the vpn users get the internal dns server address as an option so I guess dns requests would be sent to it.

    Is the UT in bridge or router mode?[/QUOTE]
    Bridge Mode.

    THis is the setup: INternet => ADSL Modem => SOnicwall =>Untangle (bridge mode) => USers.

  4. #4
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    Doesn't the Brouter of Untangle re-direct all traffic to the Internal IP of the sonicwall? If the Sonicwall is giving remote VPN users a local (Internal) IP, I could see there might be a problem. I haven't tried this myself, but I suspect an issue there.

    Untangle's VPN is WAY better anyway. If you can, ditch the globalvpn client and go with OpenVPN. You will be happy you did that.

  5. #5
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    Try accessing buy ip if that works and not by the dns name you have your answer.

    But i have to agree with far182:
    Untangle's VPN is WAY better anyway. If you can, ditch the globalvpn client and go with OpenVPN. You will be happy you did that.

  6. #6
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default

    Ok I decided to give untangle's openvpn a try. If you think it is best I can open another thread for this query I have. I installed openvpn, did the initial configuration, emailed the client to myself and installed it. When I try to connect the client, it's stuck at Tue Jan 13 11:30:18 2009 UDPv4 link remote: SERVER_IP_ADDRESS:1194

    To troubleshoot, I tried to telnet to port 1194 and no go. I then went to the box, opened a console and tried again and still no go. What could be blocking my attempts to connect to the port? I am trying this inside the network so it's not even hitting the sonicwall box. This direct telnet should work.

  7. #7
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    Won't work inside the network. You need to test this from the outside.

  8. #8
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default

    I see. OK thanks, I'll test later from home. One thing escapes me however. I notice in the client config file that the remote option is the internal IP of the untangle box. I have configured sonicwall to forward all data on port 1194 to that box but how is the external client going to know what the public ip of the untangle box is to get to it so that sonicwall can forward? Am I missing a config?

  9. #9
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    Under Config>network> Packet Filter.
    Uncheck "Block Open VPN Traffic from the Internal interface"

    Alsow check the "Accept Open VPN from all interfaces"

  10. #10
    Untangler
    Join Date
    Feb 2008
    Posts
    62

    Default

    Well, I'm trying from home and I can't connect to port 1194. I also can't connect to the VPN

    Logs below

    Tue Jan 13 19:57:12 2009 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
    Tue Jan 13 19:57:12 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
    Tue Jan 13 19:57:12 2009 LZO compression initialized
    Tue Jan 13 19:57:12 2009 UDPv4 link local: [undef]
    Tue Jan 13 19:57:12 2009 UDPv4 link remote: Server_IP_Address:1194

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2