Results 1 to 5 of 5
  1. #1
    Master Untangler johndball's Avatar
    Join Date
    Apr 2008
    Location
    Virginia
    Posts
    174

    Default OpenVPN IP pools - Lock pool users to subnet

    Using UT 9.x, is there a way to lock OpenVPN clients to different subnets? For example, if I create OpenVPN_Pool_01, I want exported network 192.168.100.0 to be accessed. For OpenVPN_Pool_02, I want exported network 192.168.50.0 to be accessed.

    If not, is there another way to lock OpenVPN clients down to allow access to only specified networks or IPs without it being a "global" policy for all OpenVPN users?
    --
    "I have often regretted my speech, never my silence." - Xenocrates
    https://www.johndball.com

  2. #2
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    468

    Default

    Firewall

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    Yes, in Untangle 9 you can have any number of address pools, and you can put a client into a pool. Then you can make firewall rules that reference the pool's IP range and move on. You can also make firewall rules that reference the client's IP once the client is created, that address is reserved for the client and it will never change.

    Sadly, this process is inordinately more difficult in Untangle 10. The IP address of the client is still reserved, but it will only show up when the client connects. So you have to connect the client to the OpenVPN service to get the address you need to control it. To make matters worse, Untangle removed the ability to have more than one address pool, so you can't group clients anymore.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler johndball's Avatar
    Join Date
    Apr 2008
    Location
    Virginia
    Posts
    174

    Default

    I was thinking firewall too but it seems that the firewall is not processing OpenVPN client traffic. I'm thinking I enabled/disabled something (GUI only) a long time ago but not sure what it is.

    Any ideas on where I should look to have the Firewall module process OpenVPN traffic?
    --
    "I have often regretted my speech, never my silence." - Xenocrates
    https://www.johndball.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    There are two reasons why the firewall wouldn't see the traffic.

    1.) You configured a policy to shunt the traffic into a rack the firewall isn't in.
    2.) You configured a bypass rule to bypass the VPN traffic.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2