This has baffled not only me, but also my mentor, who has forgotten more about networking than I will ever know. Here is the situation:
One master Untangle Server at corporate office with static public IP; 24 remote store locations with Untangle machines configured to connect to the office server as OpenVPN clients. This setup has pretty much worked flawlessly for over two years.
I've been converting store locations from AT&T UVerse to Comcast Business. Basically, nothing more than a change of public IP address as far as Untangle is concerned. First three stores went fine. Thursday, while Comcast was installing their gear I upgraded the store's version 11 box to version 12.2.1. Everything worked except the OpenVPN connection. 72 hours later, we are no further along than what we were, and I still have no connection between that store and the office. Here is what we know:
Reinstalling Untangle version 12 at the store from scratch had no impact.
My laptop can VPN in to the office Untangle from that store with absolutely no problem. However, a Windows 7 machine utilizing my credentials on that same network cannot.
Running packet sniffers and tcpdumps, we see no UDP traffic coming in on port 1194 from that store whatsoever, but we know it's leaving the store.
The Comcast Gateway at the office has all firewalls disabled with UDP 1194 port forwarded to the Untangle Server. We even tried putting Untangle in Comcast's DMZ. Nothing.
I tried setting up the store's Untangle as an OpenVPN Server and configured the office Untangle to connect as a client. I could see the initial connection made, but then no traffic across the tunnel whatsoever.
Anything I can think of that would cause this problem is ruled out by the fact that all the other stores work just fine and the fact that my laptop can establish a VPN connection from the store with no trouble.
Store Untangle: 10.1.3.0/24
Store Comcast: 10.0.3.0/254
Office Comcast: 10.22.0.0/24
Office Untangle: 192.168.1.0/24 (yeah, I know. Can't change it yet for other reasons)
Office Untangle VPN: 172.16.99.0/24
It feels like a firewall issue to me, but there are no firewalls in place that would block traffic from just this one store.
Has anybody ever run into a similar problem?
I'm sending an e-mail to Untangle Support with this information as well, but I need to get this wrapped up soon as our sales and employee hours are sent to the office across the VPN.
Edit: Also tried deleting and recreating that store's OpenVPN credentials. No effect.
- NG Firewall
- Solutions by Industry
- Solutions by Issue