Unable to create the VPN

[Diggit2001]

Ok, I want to use Untangle to create a site to site VPN from all of our remote job sites to Headquarters. I had most of the the VPN functionality working in a test network I set up here at HQ. I put the test remote site Untangle box outside of my Check Point firewall. The internal HQ one is behind the firewall and has a public NAT assigned to it.

Aside from a few pending issues, the VPN testing at HQ went relatively well. I have chosen one of our remote sites to be a tester site so I wanted to remove the test VPN network I created and set up a new one using the same subnet that already exists at the remote office. I am planning to take it out next week sometime and get some real world testing going. Anyway, I found that the only way to remove the old test VPN was to uninstall the OpenVPN component and then re-add it. I then went in to my Untangle VPN server at HQ and created a new site. Next, I chose to download the secure key to USB drive just like I did in my original test. When I went to "read" it in my VPN client box, I received an error that said, "Your VPN client configuration could not be downloaded from the USB key. Please try again". Of course, trying again and again and again resulted in the same message. For kicks I also tried to go the "download from server" route. After entering the ip address and password, I received the message, "Your VPN client configuration could not be downloaded from the server. Please try again".

Since the Untangle install is not a very long process, I decided to just format the drive on the remote box and reload Untangle from scratch. Of course, after going through all that, i still get the same message. I have also tried removing and recreating the site on the HQ box, but still no luck.

I am wondering, is there a more descriptive log somewhere that might tell me exactly what the problem is? ""Your VPN client configuration could not be downloaded" isn't very helpful.

Here are the settings I am using to set up the site to site VPN on my VPN server:

Exported Hosts/Networks
HQ Network
192.168.0.0
255.255.255.0
export enabled

VPN Clients/Sites
enabled
is untangle server checked
site name - Pax_Square
Default Add Pool
192.168.36.0
255.255.255.0

Add Pools
export DNS checked
name - Default Add Pool
10.10.10.0
255.255.255.0

No VPN clients set up.

Thanks in advance for any information that leads to the arrest and death of this problem.
-Chris

[amac]

Did you distribute the client multiple times? If so, then the credentials change.
Can you ping the Untangle servers from each other?
What do you have entered as your Network address on the vpn configuration at the server side?
Hope we'll get this figured out!

[Diggit2001]

I never distributed any VPN clients at all, I am only using direct site to site setups. I did only distribute the secure key one time though.

Yes, I am able to ping the servers from each other.

On the server side, I have my network address set to 192.168.0.0 and the mask set to 255.255.255.0. This is the ip and mask of my HQ LAN, by the way. I assume this is how it's supposed to be.

I appreciate your help with this!
-Chris

[Diggit2001]

Well, I just completely formatted and reloaded my HQ untangle box that's acting as the VPN server. I'm having the same exact problem, even after reloading both boxes.

I am curious. On the HQ Untangle box, I know you need two NICS in it to run the setup, but do they both need to be plugged in? I have only one of them plugged in (the external one) and its connected to my local LAN with a 192.168.0.x address. This is kosher, right?

I'm so confused.

[mdh]

If Untangle sits behind a router, that address would be acceptable. If Untangle is your router, something's rotten in Denmark.

[Diggit2001]

Well, my HQ UT box is not configured as a router so it sounds like Denmark is still fresh.

[mdh]

I blew right past your second question...sorry. You really only need one NIC cabled up to do the setup, though you must have them both installed. The upstream connection will load the modules.

[Diggit2001]

Cool, thats what I figured. I'm just running out of ideas so I wanted to be sure everything was groovy.

Thanks

[Diggit2001]

Well, for reasons I'm still not completely sure of, the VPN is connected. I guess removing the site on the VPN server side and adding it back a few times did the trick. I really don't know....

Now I just need to solve problem 1 and problem 2.

Thanks

[Silver Bullet]

Enter a couple manually to see if it resolves your problems.

There may be a way to do it with Untangle DHCP, but it would involve editing the config file manually if it is possible.