Results 1 to 7 of 7
  1. #1
    Master Untangler
    Join Date
    May 2010
    Posts
    313

    Default Can't get OpenVPN from Chromebook to Untangle working

    I have OpenVPN setup, and can connect from multiple windows clients just fine.

    I wanted to VPN from my Chromebook. So I followed the guide, got the ONC file on my chromebook and imported it. The connection shows up. I added a random word as the password, as the guide mentions.

    But everytime I try to connect to the VPN I see it trying for a while and then I get an error on the Chromebook saying 'network connection error', Failed to connect to network.

    I am at a loss on how to troubleshoot it. Could it be a certificate authority/store issue? Other?

    Jason

  2. #2
    Master Untangler
    Join Date
    May 2010
    Posts
    313

    Default

    I think I fixed it...

    I had added the server variable "tls-version-min" and set it to 1.2 to force TLS 1.2... Although that seemed to work fine with my android phone and windows laptops, as soon as I removed that my chromebook would successfully connect - whereas it wouldn't before.

    I'll try putting that variable back in and testing some more when I have time... But it worked immediately after removing that setting, so seems like the issue.

    Jason

  3. #3
    Untanglit
    Join Date
    Jan 2017
    Posts
    21

    Default

    I have the same issue.

    Do you think its possible to run OpenVPN on another "rack" running on a different port than the default rack? Then it would be possible to remove the "tls-version-min" option/setting.

    Thoughts?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    16,189

    Default

    I'm going to ask some questions for selfish reasons. We often need to figure out a way to allow for users to customize their setups in ways that we don't recommend. This is necessary for advanced users to support advanced use cases, but it goes against our "keep it simple" philosophy.

    For OpenVPN we tried to do this by adding the advanced tab with these warnings at the top (with red icon and in bold):
    Advanced settings require careful configuration.
    Misconfiguration can compromise the proper operation and security of your server.
    Changes made on this tab are not officially supported.

    Did you read these? Is there any better text that we could have placed here that would have been more effective?
    Why would you post on the forums after changing these settings and not mention it?

    Lastly, do you think there is any [better] way we can allow users to change advanced settings without getting themselves in trouble?

    Looking for honest productive feedback for the next time we consider adding advanced functionality.
    Last edited by dmorris; 06-19-2017 at 09:11 AM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Master Untangler
    Join Date
    May 2010
    Posts
    313

    Default

    In my case, I forgot I made that change. There was nothing wrong with the warning.

    Had I remembered I made that change, that would have been the first thing I reverted before posting.

    The issue is more that it is hard to remember every change you have made weeks or months later. I hadn't tried connecting my chromebook until a while after making that change, so it wasn't immediately obvious that the change impacted anything negatively.
    Last edited by JasonJoel; 06-19-2017 at 07:19 PM.

  6. #6
    Untanglit
    Join Date
    Jan 2017
    Posts
    21

    Default

    1) Thanks for making the advanced tab available. Its nice to have
    2) When I have had issues I've tested on a clean install of UT to verify before posting.
    3) I think the warnings given are sufficient. I suppose you could resort to popups but that could be annoying

    In previous versions of UT wasn't the user able to change the port and/or protocol? I'm pretty sure the cipher and I know the server/client client config options were not available.

  7. #7
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,304

    Default

    IT Admins are used to needed to change advanced items. If you're really looking to discourage this, you might try changing tag name from 'Advanced' to something like 'Experimental' or 'Unsupported Options'. That's much more likely to warn people away.
    donhwyo likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 8GB with Untangle 12.2 to protect 200Mbits for ~400 residential college students and associated staff and faculty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2