Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Aug 2018
    Posts
    5

    Default Binding OpenVPN to WAN

    Hi,
    I'm a home user who has just bought Untangle and hardware on the say-so of a friend who said it can do everything I want and that it's better than pfsense. I'm from the Linux world, Debian, LMDE, CentOS, Manjaro and so forth and have never paid for software so US$200 is like a million bucks Aussie (yep Australian) as far as I'm concerned. Yes I appreciate the value I'm just from the open source world.

    So... the point, I'm now reading all the fine print, the wiki, playing with the live demo, searching the forum and I can't see how to bind an OpenVPN client to a WAN. Which to me is the most logical thing in the world to do. What am I missing? Please tell me I'm a stupid Aussie looking in the wrong places.

    My (needed) setup is one internal LAN two external WAN each with an OpenVPN client bound to it. Each VPN points to a (same) commercial VPN provider with the same IP address target. I also need to selectively route WAN vs VPN device traffic that needs public IP access internally, port forwarding etc. And the two VPN's which is 99.99% of all traffic must be load balanced.

    And hopefully a minor clarification - the wiki etc speaks of generating & importing zip config files into client. What of the standard ovpn file provided by commercial VPN providers?

    Thanks, I hope.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,241

    Default

    You need to use TunnelVPN to connect your Untangle to a VPN provider.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Aug 2018
    Posts
    5

    Default

    Quote Originally Posted by jcoffin View Post
    You need to use TunnelVPN to connect your Untangle to a VPN provider.
    OK, I can see how to set up the VPN provider and tunnel traffic rules but how do I make each tunnel go down separate WAN?

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,241
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Aug 2018
    Posts
    5

    Default

    Quote Originally Posted by jcoffin View Post
    wiki link
    OK, after being held hostage for three weeks by customs I have my hardware and have Untangle up and running.
    But it has me back at square one. the wiki link falsely implies that WAN Failover and WAN Balancer has influence over Tunnel VPN but then later it says:

    "The Tunnel VPN rules are run before any WAN Balancer rules are evaluated and before the routing table is consulted. If a Tunnel VPN rule matches and the tunnel is active the traffic will exit through the tunnel regardless of the WAN Balancer or routing configuration. In other words Tunnel VPN takes precedence over any other routing configuration."

    And there are no Tunnel VPN rules to facilitate balancing traffic so there is apparently a gaping oversight in functionality here. I believe I'm not the only one who has come to this conclusion.

    Of course I'm still happy to be educated on some roundabout way to load balance Tunnel VPN.

    Thanks.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,700

    Default

    You're confusing two different types of traffic.

    There is the traffic that builds the tunnel, and there is traffic that transits the tunnel.

    You cannot have two paths to the same network, all traffic takes one path. So, if you want a specific tunnel to stick to a specific WAN you need to use a static route to force traffic destined to the termination IP that services that tunnel to a specific ISP gateway on the WAN you want.

    After that the rules are used to determine what goes over the TunnelVPN don't care about WAN links at all, nor should they. They are about tunnels being up or down.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Newbie
    Join Date
    Aug 2018
    Posts
    5

    Default

    No, I want two VPN links/tunnels to my VPN provider with traffic balanced between them - just as I have done for the past three years with my previous setup. It's no different to two naked load balanced WAN connections except it's two VPN connections. I have one VPN tunnel attached to each WAN 1 & WAN 2 - no problem - but because Tunnel VPN supersedes WAN balancer and pretty much everything else and also does not have any intrinsic load balancing facility it seems impossible to load balance the two tunnels. All I get is all traffic down the tunnel attached to WAN 1. Unless I create a "WAN 2 VPN" rule then all traffic will go down this.

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,534

    Default

    tunnel connections aren't "WANs" or even first-order interfaces so you can't balance across them with wan balancer currently.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Newbie
    Join Date
    Aug 2018
    Posts
    5

    Default

    Quote Originally Posted by dmorris View Post
    tunnel connections aren't "WANs" or even first-order interfaces so you can't balance across them with wan balancer currently.
    Well you can't balance with WAN Balancer because as quoted earlier

    "The Tunnel VPN rules are run before any WAN Balancer rules are evaluated and before the routing table is consulted. If a Tunnel VPN rule matches and the tunnel is active the traffic will exit through the tunnel regardless of the WAN Balancer or routing configuration. In other words Tunnel VPN takes precedence over any other routing configuration."

    Not being able to load balance VPN Tunnels is an extremely serious flaw.
    Last edited by boss5705; 09-22-2018 at 07:05 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2