Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Mar 2018
    Posts
    5

    Default OpenVPN help needed

    Hey gang,
    I was contracted by a business to install a NAS and when they asked me to configure VPN I saw they had an Untangle u25 I've never supported an Untangle product before so I hopped on a support call with Untangle and they informed me this company has never purchased a support subscription. The gentleman was kind enough to help me configure the OpenVPN app and downlod the client exe install and ovpn files for my phone etc. BUT I can't get the client to connect from any device. (yes I'm outside of their network) When I spoke with the Untangle support tech he said something like "oh it looks like the untangle isn't the only NAT device on the network" and if I look under Network>Hostname it looks like whomever set the Untangle up configured it as "Use Manually Specified Address
    This is recommended if the Untangle Server is installed behind another firewall with a port forward from the specified hostname/IP that redirects traffic to the Untangle Server." and in the IP Hostname field they have their Public IP address listed with port 443, not the IP address of the Cincinnati Bell modem. Any ideas or help would be very appreciated.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,493

    Default

    I would start by posting a network diagram.

    He is right, if its behind the other firewall, then you will need to configure a port forward on that firewall so that you can even reach Untangle.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Mar 2018
    Posts
    5

    Default

    I don't have access to a network diagram for this company yet but basically they have a Zyxel VMG4381-B10A modem from their ISP connected to the Untangle but the firewall on the Zyxel is turned off. here is a screen cap of the network. Are these screen captures helpful?Screen Shot 2018-03-08 at 11.15.22 PM.png Screen Shot 2018-03-08 at 7.24.06 PM.png

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,493

    Default

    Untangle doesn't have a public IP so you'll need to tell Untangle to use your zyxel IP under "Use Manually Specified Address"
    You should see this address in your ovpn file on the client

    Then add a port forward to your zyxel so port 1194 udp goes to 192.168.200.104

    FWIW, I would not suggest running double NAT.
    Also as explained in the new user's guide, the quality of help you're going to get without a network diagram and with blanked out or false IP addresses is going to be poor. and their network is a kinda mess - this is going to be tough. You may have to get your hands dirty.

    This guide is for Untangle: https://wiki.untangle.com/index.php/...shooting_Guide
    But all the same logic will still help you troubleshoot the port forward config on your zyxel, except that being UDP you can't test with telnet.
    Last edited by dmorris; 03-08-2018 at 09:39 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Mar 2018
    Posts
    5

    Default

    Sorry, I should have clarified the public IP is in the field you mentioned, I just blurred it out in the picture.
    I wasn't sure what IP's are safe to post here as I'm not a network engineer. I had nothing to do with this install and contacting the company that did has been useless. Cincinnati Bell claims the Zyxel is not blocking any UDP traffic and that that would all be done on the untangle.

    How would I fix the double NAT issue you're referring to? By changing to the "use IP adress from external interface option"?

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,493

    Default

    By not running two firewalls, both doing NAT.
    You gain nothing by running two firewalls except 4 times the trouble.

    A firewall doing NAT blocks all inbound sessions, unless explicitly forwarded with a port forward. Thats just how NAT works. If they told you that they're probably very confused and think that you are talking about outbound UDP.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Mar 2018
    Posts
    5

    Default

    Gotcha. So I can see the Firewall is turned off on the Zyxel...Should I turn NAT off on the Zyxel as well or disable it on the Untangle?

    Can you help me understand the 3 options on the untangle listed below? Right now the third option is selected with the Public IP address in the IP/Hostname fiedl...but why would someone have configured it this way if the firewall on th Zyxel was disabled?

    Use IP address from External interface (default)
    This works if your Untangle Server has a routable public static IP address.
    Use Hostname
    This is recommended if the Untangle Server's fully qualified domain name looks up to its IP address both internally and externally.
    Current Hostname: gateway.spps18.com
    Use Manually Specified Address

  8. #8
    Newbie
    Join Date
    Mar 2018
    Posts
    5

    Default

    here's some screen captures of how the interfaces were configured...is this where the double nat is configured?

    Screen Shot 2018-03-09 at 2.28.36 PM.pngScreen Shot 2018-03-09 at 2.28.52 PM.png

  9. #9
    Untanglit
    Join Date
    Nov 2016
    Location
    Cincinnati, OH
    Posts
    24

    Default

    Quote Originally Posted by aaronkm View Post
    Gotcha. So I can see the Firewall is turned off on the Zyxel...Should I turn NAT off on the Zyxel as well or disable it on the Untangle?
    The correct thing to do is put the ISP provided modem into bridge mode... thus disabling all of the DHCP capabilities of the modem as well as NAT. Untangle will then pick up an external WAN IP address. = No more double NAT

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2