Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Jan 2019
    Posts
    7

    Default OVPN Clients not connecting

    Build: 14.1.0.20181130T105219.472bdadfc6-1stretch
    Kernel: 4.9.0-7-untangle-amd64
    Not sure where the OpenVPN version shows on the config pages.

    Installed apps:
    Web Monitor
    Virus Blocker Lite
    Spam Blocker Lite
    Phish Blocker
    Firewall (no blocked events logged)
    Ad Blocker
    Reports
    Directory Connector
    OpenVPN
    Intrusion Prevention (disabled)


    For the record we have OpenVPN working with older IPCop servers and have been using it for years. I've decided we need to switch to UT OVPN since we have many UT firewalls around and UT is actively updated.

    That being said the two client PCs that I've used to try to connect to OVPN on Untangle are both PCs where OVPN to IPCop work fine with consistency. However when I put on an OVPN config generated by the UT14 server the client never manages to even establish communication with the server despite the fact that I can ping it.

    Wed Jan 09 08:05:52 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
    Wed Jan 09 08:05:52 2019 Windows version 6.2 (Windows 8 or greater) 64bit
    Wed Jan 09 08:05:52 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
    Enter Management Password:
    Wed Jan 09 08:06:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:XXX
    Wed Jan 09 08:06:04 2019 UDP link local: (not bound)
    Wed Jan 09 08:06:04 2019 UDP link remote: [AF_INET]X.X.X.X:XXX

    That's all that remains in the logs of either machine until I force disconnect and it never acts like there's negotiation.

    On the server OVPN is enabled.
    "Server Enabled" is checked.
    Address space is assigned.
    NAT is set.
    Username/Password is checked.
    Local Directory is set (though we eventually want to integrate with Active Directory)
    A user is created in the local directory.

    The only changes made to the Advanced tab were the UDP port number and change from AES-128-CBC to AES-256-CBC.

    Clearly I have missed something but I can't see it. What am I missing?

  2. #2
    Newbie
    Join Date
    Jan 2019
    Posts
    7

    Default

    Also I've tried turning off Windows Firewall to test but it doesn't matter if it's on or off on either machine. Both act like they can't reach the server. Again each one works fine with the IPCop OVPN server.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,355

    Default

    I suggest you nuke the OpenVPN module, install it again to get a fresh set of defaults, deploy a client from there and see if that works.

    Make the thing work before you start dorking around in the advanced tab, otherwise you'll never know where the issue is.

    Also, that whole X.X.X.X:XXXX doesn't help you or us. We cannot assist without complete information. You aren't protecting yourself by masking that IP address, you're just making our jobs harder. The port scanners found you within a few minutes of you turning that service on...

    The only thing I can suggest from a troubleshooting perspective is to ensure that whatever IP is hiding behind X.X.X.X:XXX, is actually on your Untangle server, because if it isn't you're going to need port forwards on whatever has the real public address. If that address is a 192.168, 10., or 172.16.... well those won't work... ever.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,118

    Default

    if you changed the port number (which would've been more obvious without the XXX's!), you'll need an Access Rule in Config->Network->Advanced->Access Rules to allow the traffic
    Last edited by johnsonx42; 01-09-2019 at 12:19 PM. Reason: corrected path to access rules

  5. #5
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    142

    Default

    Did you installed in those 2 pc's the client that untangle does or you just put the configs of untangle to the version of openvpn that was already installed to them?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,355

    Default

    One more quick thing...

    Where are you connecting from? Because Untangle will not allow you to connect from the LAN. So if you're trying to test the VPN from the network they would be connecting to, this behavior would be by design.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2