Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Newbie
    Join Date
    Jul 2008
    Posts
    8

    Default VPN to Internal LAN - NO GO

    okay.. I've spent the last few hours reading this forum looking for some gold nugget that would solve my vpn problem.

    My OpenVPN client is able to connect and get an ip (10.10.10.5) from the VPN pool.

    I have "exported" the LAN - Internal (10.1.1.0 - 255.255.255.0) in the OpenVPN configuration.

    The "windows firewall" is turned off on the client pc running the OpenVPN client (10.10.10.5)

    LAN Network: 10.1.1.0 / 24
    VPN Pool: 10.10.10.0 /24

    I have made a rule in the firewall:
    traffic type: any
    client interface: any
    server interface: any
    source address: 10.10.10.0 / 24
    client address: any
    source port: any
    client port: any


    I have also tried putting a "pass" packet filter rule for the "VPN" source interface any that didn't work as well.


    I have removed and readded the OpenVPN module and reboot the UT server and still nothing is working.

    I'm not sure if I am having routing issues or traffic is being blocked somewhere.

    Help?!?
    Last edited by cnewman; 07-01-2008 at 11:44 PM. Reason: Typos

  2. #2
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Welcome to the forums!

    Your post does not say whether you are using Untangle as a bridge or as a router. If it is a bridge, you must open ports on your upstream router so traffic can get to Untangle. If you are using Untangle as the edge device in router mode, you should not need that. You shouldn't need to make a firewall rule as you have shown. Also, the vagueness of the rule wouldn't help much...I tell people to use "any" only when "any" is the only valid response. Removing and readding OpenVPN module could invalidate your key, so you should send a new one. That said, you didn't mention how you determined it wasn't working. What were you trying to do?

  3. #3
    Newbie
    Join Date
    Jul 2008
    Posts
    8

    Default

    Thank you for the welcome!

    The UT server is in router mode.

    I'm wanting to have access to my network (10.1.1.0 /24) via VPN when I'm on the road. I need to access various resources on my network (IE SVN, RDP, SQL, etc.)

    Right now, I don't have any firewall rule. I just have the Packet Filter "Pass" rule for the VPN.

    The OpenVPN key is valid because after I removed and readded the OpenVPN module I resent myself a new key.

  4. #4
    Newbie
    Join Date
    Jul 2008
    Posts
    8

    Default

    okay this is more weird...

    So last night I was testing my VPN from a public IP on the same public subnet that the UT server is on at my house (I used one of my 10 public IP addresses and assigned it to my laptop. The UT server has the other 9 IPs as aliases). I was able to connect to the OpenVPN however, I was unable to ping any host inside my internal network (10.1.1.0 / 24).

    Now I'm at my office, I am able to connect via OpenVPN client and I am able to ping any host on the (10.1.1.0 / 24) but I am unable to connect to these host via any port (IE RDP, SVN, FTP, SMTP, SQL, etc.).

    I am soo confused.
    Last edited by cnewman; 07-02-2008 at 08:17 AM.

  5. #5
    Newbie
    Join Date
    Jul 2008
    Posts
    8

    Default

    So now its all working. I forwarded a RDP port to one of my servers and I was able to look at the UT interface and I noticed a new option on the firewall for the client interface column... "VPN" which wasn't there last night. I'm thinking that it only shows up when a VPN client is connected.

    So the packet filter "pass" rule I have for VPN was allowing to ping any host on the internal network but I wasn't able to connect to any ports (RDP,SQL,SMTP..etc).

    So I added the following rule in the firewall:
    traffic type: TCP & UDP
    client interface: VPN
    server interface: Internal
    source address: 10.10.10.0 / 24
    client address: 10.1.1.0 / 24
    source port: any
    client port: any

    And now it all works. I thought I could have one or the other (Firewall rule or Packet Filter rule) to open traffic from the VPN network to the internal network?

  6. #6
    Newbie
    Join Date
    Jul 2008
    Posts
    8

    Default

    OMG.. this is so freaking annoying. So I rebooted my laptop here at my office. Reconnect to the OpenVPN and now I'm back to square 1. I can't ping any host on my internal (10.1.1.0 / 24) and I can't access any host on any port.

    What is going on here?

  7. #7
    Newbie
    Join Date
    Jul 2008
    Posts
    8

    Default

    So once again...I needed to reboot my laptop... reconnected to UT server via OpenVPN and now everything works. ugh... what am I doing wrong here?

  8. #8
    Newbie mmarx82's Avatar
    Join Date
    Jul 2008
    Location
    Georgia
    Posts
    2

    Default

    Is it possible that you were trying to connect to your internal network before the connection was established?

  9. #9
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    what is the IP/netmask of the physical remote network? it should not conflict with the 10.1.1.x or the 10.10.10.x

    btw, I suggest leaving the pool at 172.16.1.1
    if you set it to 10.10.10.x you won't be able to contact any machine with an incorrect netmask (255.0.0.0) on the parent network.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  10. #10
    Newbie
    Join Date
    Jul 2008
    Posts
    8

    Default

    my office IP / netmask is 192.168.1.0 / 24

    I'll try setting back to 172.16.1.0 /24

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2