Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Newbie
    Join Date
    Jan 2018
    Posts
    10

    Question Untangle messing with Wireguard tunnels (non untangle tunnels)

    I have TMO internet and I have VPS running WireGuard set up on the outside. It seems somehow untangle is corrupting the tunnel. When I had untangle behind the TMO access point I couldn't get wireguard tunnels to work properly. Tunnels connected just fine to the VPS but they were messed up (for example internet was not working). When I connected computers directly to TMO AP wireguard worked flawlessly.
    Of course I do not want anything connected directly to TMO AP other than untangle. What could Untangle be possibly doing here and how can I make sure it doesn't do it anymore?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,678

    Default

    IPS or SSL Inspector comes to mind.
    dashpuppy likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Jan 2018
    Posts
    10

    Default

    SSL inspector is not on and I turned off IPS to see if it made any difference but it didn't.

  4. #4
    Newbie
    Join Date
    Jan 2018
    Posts
    10

    Default

    I actually turned off all the apps and it still didn't help.

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,678

    Default

    UDP services like WireGuard and VOIP are disturbed by the UVM routing of layer 7. Create a bypass rule to use layer 3 routing instead.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Newbie
    Join Date
    Jan 2018
    Posts
    10

    Default

    Quote Originally Posted by jcoffin View Post
    UDP services like WireGuard and VOIP are disturbed by the UVM routing of layer 7. Create a bypass rule to use layer 3 routing instead.
    Pardon the ignorance. How would I do that?

  7. #7
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,678

    Default

    Quote Originally Posted by aim1999x View Post
    Pardon the ignorance. How would I do that?
    No worries.
    - Go to Config -> Network -> Bypass Rules
    - Click add
    - Click add condition, select destination port and enter the port used by your wireguard. Common port is 51820
    - Click done
    - Click add again
    - Click add condition, select source port and enter the port used by your wireguard. Common port is 51820
    - Click done
    - Click save at the bottom.

    All set.

    wg-bypass.png
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Newbie
    Join Date
    Jan 2018
    Posts
    10

    Default

    Thanks for that , however, I do not see "source port" as an option . Also you mention "bypass rules" but your screenshot shows "filter rules"

    B8MGvTR5gB.png

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Source port is never an option, because it's almost always a random number over 1024. There is an interface flag you can hack into the system to make it appear, but again... it's not there because it's almost never legitimately used. All it does is not work and generate posts and support tickets.

    Also... Untangle automatically bypasses UDP after the initial session setup. So I'm curious how it could muck with UDP sessions much with all the apps turned off.

    Still... If you want to bypass Wireguard, you're looking at source address, protocol UDP, and destination port 51820. That is... unless the server side changes that port.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Newbie
    Join Date
    Jan 2018
    Posts
    10

    Default

    I temporarily setup both bypass and filter rules to pass the source and destination the interface that TMO is connected to. It still didn't help.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2