Results 1 to 8 of 8

Thread: Static Routing

  1. #1
    Newbie
    Join Date
    Sep 2015
    Posts
    9

    Question Static Routing

    This may be something that is common knowledge but I have never tried it and am needing to set a site up like this. We have a remote site that already has a Server2012R2 as well as some kind of Cisco Meraki that functions as the gateway I believe. I am needing to get this site set up with an OpenVPN connection to our primary location. What I have been imagining is setting up an untangle box with the OpenVPN connection active, there is a spare public IP I can set the WAN on, and set the internal NIC somewhere on their network with the sole purpose of being the vpn gateway. And from whatever they are using as the gateway, adding a static route to the primary network with untangle as the next hop. Has anyone on here tried a setup like this? I've already go two other locations using untangle as the main router/gateway with a VPN to the primary site, however this third remote site is one that I have never been involved in before and don't want to walk in and start changing everything around when it works the way it is! Any input is appreciated, thanks!

  2. #2
    Newbie
    Join Date
    Sep 2015
    Posts
    9

    Default

    Sorry to be so long winded....another thought that I just had is, what about setting up untangle in bridge mode between the gateway and the rest of the clients? Will it intercept all the VPN traffic on its own and re-route it?

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Yeah, either will work if you do it right.

    However I would not recommend it.
    You are using Untangle in a way that it is not designed for.
    http://wiki.untangle.com/index.php/N...Cardinal_Rules
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Sep 2015
    Posts
    9

    Default

    I understand why doing a static route from the current gateway would possibly not work, however setting it up in bridge mode "in-line" with the network traffic follows the rules. I'm just not sure about how the VPN would work, sadly i'm not in a position to install untangle as the main gateway at this time, but really need the VPN function to work until a time to set things up 100% correct. Appreciate the information!

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,380

    Default

    Consider it this way, bridge mode and router mode don't exist.

    What you're really talking about is a relationship between interfaces. If you have Internal bridged to External, traffic passing those two interfaces will be over the bridge. However, the VPN interface has an IP address, so it's now routed.

    So, your edge router, will need to have appropriate routes to push traffic to Untangle that need routed by Untangle to get on and off the VPN. So you have a bridging Untangle that's also routing for the VPN. The two concepts live on top of the same reality, but logically you have to separate it based on the relationship between the nics.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Sep 2015
    Posts
    9

    Default

    Thanks for the response! That makes sense, the internal network I'm trying to push to is a 206.92.78.x\24 network. So if I understood what you just explained which is kind of how I was thinking before but just needed confirmation, on the edge router I should be able to add a static route telling it to send all traffic in the 206.92.78.x network to the address untangle is sitting at. Does that sound correct?

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,380

    Default

    There are actually two routes required, one is for the segment on the far side of the tunnel, the other is for the network created in the tunnel itself. Untangle will refer to this as the address pool. You'll need to push both to Untangle for full functionality.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,891

    Default

    I wonder if the Meraki device has IPSec support? If so, you might be able to do this with just the existing Untangle on your core site, without needing to add an additional device on the remote end.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.4.1 to protect 500Mbits for ~450 residential college students and associated staff and faculty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2