Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untanglit
    Join Date
    Jan 2010
    Posts
    21

    Default Site to Site VPN

    I have the following situation

    3 sites with untangle 7.2 in bridge mode with linksys rv042 routers.

    first site 192.168.0.x
    second site 192.168.1.x
    third site 192.168.2.x

    How do i configure vpn between each site? A detailed explanation will be appreciated

    Thanks

    Thomas

  2. #2
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,059

    Default

    You need to decide which network will be the "main" (server) network. This network will need it's UT box configured as a VPN server. The other UT boxes get configured as VPN clients. You will then need to make sure that you forward port 1194 UDP through all the Linksys routers to the Untangles. If the server site do not have static IP address for its internet connection you will need to set up a dynamic DNS service, such as DynDNS then use this for the VPN connections. After you have the server set up, and the remote networks configured, you will need to set up the clients and provide them with the exported configuration for each of the networks. You may need to edit these configs with your live IP address before you upload them, depending on what you are using for your UT's hostname/IP address. See the screen shots for some better detail.

    Hopefully this helps, I would be happy to go into some more detail on something if needed.
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  3. #3
    Untanglit
    Join Date
    Jan 2010
    Posts
    21

    Default

    Thanks for your quick reply.
    Let me explain my senario a little better. I need to create a site to site vpn with out vpn clients. The 2 ut boxes (site 2 and 3) should connect to the main ut server automatically and be able to ping the main UT site network. So user behind ut 2 and 3 should be able to ping the whole network 192.168.0.x. Can this be accomblished and how?

    Thanks in advance for your help
    Thomas

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,275

    Default

    tthoma,
    It was exactly that dbunyard was writing.

    Site 1 Will need to be in Server mode.
    Site 2 and 3 will need to be in Client Mode.

    Then you need to export the Internal network on Site 1 so that Site 2 and 3 can access it.
    So if you don't have any block rules or packet filters they should now be able to ping the hole internal network of site 1.

    But if site 1 has allot of Software firewalls on every clients they might need configurations to allow ICMP from the remote sites.

  5. #5
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,059

    Default

    Yep, that can be done. Use the "server" screen shots to configure the first site, then the "client" screen shot to configure sites 2 and 3. As I mentioned, depending on what you have set for the UT hostname at site 1 you may need to edit the configuration you get from the UT server:

    Code:
    Please input the following information into the "VPN Client" wizard. 
    Server Address:[you will have to put the live IP/DNS of the network here]
    Passphrase:[this stays the same]
    My screen shot was wrong, you don't want the zip file though, you just want to put in the credentials that you get from the primary site. It shouldn't be that hard to set up really. As soon as you get everything set up, the Untangle boxes will keep the tunnel alive allowing users in network 2 and 3 to access the resources in network 1 without a client. Likewise, the users in network 1 will be able to access the resources in networks 2 or 3.
    Last edited by dbunyard; 04-03-2010 at 03:13 PM. Reason: To late....
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  6. #6

  7. #7
    Untanglit
    Join Date
    Jan 2010
    Posts
    21

    Default

    Dear All

    Thanks for your reply. I still have some questions in regards to how the site2 and site 3 will be able to connect to site 1. My setup is like this

    Site 1 Main site Nicosia
    UT in bridge mode ver 7.2 ip 192.168.0.253
    Linksys Router RV042 IP 192.168.0.254
    Static IP 87.228.205.xxx

    Site 2 remote Site Paris
    UT in bridge mode ip ver 7.2 192.168.1.253
    Linksys Router RV042 IP 192.168.1.254
    static IP 213.207.152.xxx

    How will these two sites con conect ? From what i understand I will have to configure site one for server mode and nsite 2 as client mode. Can u please give me the details for the configuration on both sites? do I need to run any software on site 2?

    Thanks in advance

    Thomas

  8. #8
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,059

    Default

    You don't need to run any software, no. And yes, you are correct. Site 1 in server mode, sites 2 and 3 in client mode. Follow the wizard (see my screen shots in earlier post) and set up server 1 as the server. Then on the server, go to Clients -> VPN Sites, and set up the two other networks there also following my screen shots. Here is another showing where to go. After you set up the two remote networks, you will need to export the configs. The easiest way it to just let it email them to you. Then replace the IP address it sends (it will be your UT's internal address, 192.168.0.253) with the live address you gave, 87.228.205.xxx, when you go to set up the remote sites. These sites will be configured as clients and all you will have to give them is that IP address, and the passphrase the UT box generates. As mentioned before, you will also need to port forward 1194 UDP through your Linksys firewalls to the Untangle boxes.

    Edit: I can go into more detail if needed but, IMHO, you are trying to make this harder than it is (no offense). I think when you dive into it you will find out how very, very easy it is to set up. The only thing you *might* have to do depending on your exact setup after you have all the VPN configured is check the box under Network -> Advanced -> Packet Filter that says "Route VPN traffic that would go through the Bridge." and save. It seems that in (most) cases with a bridged unit this needs to be checked for the VPN traffic to route properly. That would need checked on all 3 sites UT boxes. The thread that WebFool provided is also a VERY good walkthrough of EXACTLY how to set up what you are trying to do. Please feel free to contact me if you have any specific questions.
    Last edited by dbunyard; 04-04-2010 at 06:00 PM.
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  9. #9
    Untangler
    Join Date
    Oct 2008
    Posts
    80

    Default

    noted.cheers

  10. #10
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,367

    Default

    Quote Originally Posted by kirkcaine View Post
    noted.cheers
    You suscribe the Untangle memebership rewards program?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2