Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21
  1. #11
    Newbie
    Join Date
    Jan 2019
    Posts
    6

    Default

    Quote Originally Posted by Sam Graf View Post
    I wish I could chime in. My iOS OpenVPN experience is a couple of years old, and we used the OpenVPN client (OpenVPN Connect) exclusively for VDI on iPads. That worked without issue.

    I'm sorry if I missed this, but what do we know about the expectations of the MS RDP client? For example, one MS RDP app reviewer strongly objects to the app being limited to operation on the same subnet. Another says the Chrome Remote Desktop app works where the MS app doesn't. (Most seem to have no connection problems with the MS app.) So I'm curious about the MS app's actual expectations.
    I believe its the windows firewall that blocks rdp from another subnet not a limitation of the ms app itself. I do have openvpn on my pfsense firewall at home (which assigns an ip on another subnet) and rdp works fine. I have tried disabling windows firewall on my target machines (two of them actually) with no luck. I'm not getting any useful logs in the openvpn logs on the phone nor anything in the event viewer on the target pc's. I'm not sure where else to look.

  2. #12
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,237

    Default

    Ok, then I've misunderstood something. Get the OpenVPN client you're using on your phone from Untangle and install THAT CLIENT on a windows laptop. I usually do this while I'm on the jobsite, via my cellular hotspot so I can have another machine managing Untangle.

    Get that connection working such that the laptop can ping Untangle's LAN IP address, until that works nothing else works, assuming that works then you're messing with Windows firewall on the device that's acting as a SERVER not a client. The Windows firewall you need to concern yourself with is on the workstation you're trying to connect to.

    Now, if that's an AD domain environment the easy thing to do, is to hit your OpenVPN module, settings, server tab. Get the contents of the address space box, and use that to make a subnet in Active Directory Sites and Services on the domain, just associated it with whatever site has the Untangle server. If you don't know what a site is, you've probably just got the default first site use that.

    The reason why you do the above? Because it adds Untangle's OpenVPN address pool range to Active Directory and it's now automatically within the "domain" firewall profile, which every single fixed workstation and server on the domain will be a part of by default. Which neatly automatically enables all sorts of fun things, SMB access and RDP included.

    If it's not AD then make sure you use the Windows Firewall control panel applet to turn the firewall off, you can't just stop the service, that puts the machine into lockdown mode.

    Oh, and one last thing, how is your RDP client connecting? You should be using IP addresses right now, if you want to use names that's fine but get IP working FIRST. Getting name resolution working over the VPN is a whole other can of worms that needs to be isolated for the sake of our collective grey hair and pattern baldness.

    P.S. 3rd Party AV software can have software firewalls in it too, what are you using? Because that's yet another mess to deal with, and "turning it off" often isn't good enough, sometimes you have to remove the product during testing. Again, this is on the machine you're connecting to, not the machine you're connecting from.
    Last edited by sky-knight; 01-22-2019 at 01:34 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #13
    Newbie
    Join Date
    Jan 2019
    Posts
    6

    Default

    Quote Originally Posted by sky-knight View Post
    Ok, then I've misunderstood something. Get the OpenVPN client you're using on your phone from Untangle and install THAT CLIENT on a windows laptop. I usually do this while I'm on the jobsite, via my cellular hotspot so I can have another machine managing Untangle.

    Get that connection working such that the laptop can ping Untangle's LAN IP address, until that works nothing else works, assuming that works then you're messing with Windows firewall on the device that's acting as a SERVER not a client. The Windows firewall you need to concern yourself with is on the workstation you're trying to connect to.

    Now, if that's an AD domain environment the easy thing to do, is to hit your OpenVPN module, settings, server tab. Get the contents of the address space box, and use that to make a subnet in Active Directory Sites and Services on the domain, just associated it with whatever site has the Untangle server. If you don't know what a site is, you've probably just got the default first site use that.

    The reason why you do the above? Because it adds Untangle's OpenVPN address pool range to Active Directory and it's now automatically within the "domain" firewall profile, which every single fixed workstation and server on the domain will be a part of by default. Which neatly automatically enables all sorts of fun things, SMB access and RDP included.

    If it's not AD then make sure you use the Windows Firewall control panel applet to turn the firewall off, you can't just stop the service, that puts the machine into lockdown mode.

    Oh, and one last thing, how is your RDP client connecting? You should be using IP addresses right now, if you want to use names that's fine but get IP working FIRST. Getting name resolution working over the VPN is a whole other can of worms that needs to be isolated for the sake of our collective grey hair and pattern baldness.

    P.S. 3rd Party AV software can have software firewalls in it too, what are you using? Because that's yet another mess to deal with, and "turning it off" often isn't good enough, sometimes you have to remove the product during testing. Again, this is on the machine you're connecting to, not the machine you're connecting from.
    I did some more digging. Windows laptop works perfectly fine.

    IOS I can ping everything but cant get to any web sites at all when connected to the vpn (untangle, google, or internal web servers (windows and linux)).

    I can ping the ios device from an internal pc and I can ping the internal pc from the ios device.
    Last edited by Honest Bob; 01-23-2019 at 10:45 AM.

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,237

    Default

    Quote Originally Posted by Honest Bob View Post
    I did some more digging. Windows laptop works perfectly fine.

    IOS I can ping everything but cant get to any web sites at all when connected to the vpn (untangle, google, or internal web servers (windows and linux)).

    I can ping the ios device from an internal pc and I can ping the internal pc from the ios device.
    Fascinating, so that seems to indicate the iOS device doesn't have working DNS, can you RDP via IP on it?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #15
    Master Untangler
    Join Date
    Mar 2008
    Posts
    190

    Default

    I am having the exact same problem. All my windows clients work fine using openvpn and then remote desktop.

    I just reinstalled Openvpn on untangle same as Honestbob to resolve the openvpn client on ipad not accepting the certificate.

    Reinstalling and recreating the user did get openvpn on the ipad to accept the cert.

    Remote desktop does not work on the ipad when connected to openvpn either using the name or the IP of the target computer.

    If I disconnect from Openvpn and switch to the internal wifi I can remote desktop from the iPad to the target computer fine using name or IP.

    Problem appears to be some sort of issue with the openvpn app if I had to guess...
    Last edited by andrew50; 02-06-2019 at 04:25 PM.

  6. #16
    Master Untangler
    Join Date
    Mar 2008
    Posts
    190

    Default

    Also, just confirmed I can use the same openvpn credentials to connect on android and remote desktop to the same target machine with no problem.

  7. #17
    Master Untangler
    Join Date
    Mar 2008
    Posts
    190

    Default

    After digging pretty good I found this https://community.openvpn.net/openvpn/ticket/1126

    Appears to be a conflict with the compression setting being enabled on the server...?

    I will confirm tomorrow and let you know.

    Looks like it doesn't affect android yet because the android app was last updated 5/25/18 vs 10/3/18 for iOS..
    Last edited by andrew50; 02-06-2019 at 04:42 PM.

  8. #18
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    The new 14.1.1 fixes this issue only on new OpenVPN install. You will have to export clients, remove OpenVPN app from the policy, re-install OpenVPN and import the clients. This will also require re-distribution of the OpenVPN client configs.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #19
    Master Untangler
    Join Date
    Mar 2008
    Posts
    190

    Default

    I had Build: 14.1.1.20190116T123153.589f15d47c-1stretch and removed opnevpn and reinstalled and setup my clients again and the issue persisted...

    Is there an update beyond that?

    Quote Originally Posted by jcoffin View Post
    The new 14.1.1 fixes this issue only on new OpenVPN install. You will have to export clients, remove OpenVPN app from the policy, re-install OpenVPN and import the clients. This will also require re-distribution of the OpenVPN client configs.
    Last edited by andrew50; 02-07-2019 at 10:04 AM.

  10. #20
    Master Untangler
    Join Date
    Mar 2008
    Posts
    190

    Default

    After disabling the settings mentioned on the openvpn issue tracker and reissuing the client profile for the ipad everything worked as expected!

    Quote Originally Posted by andrew50 View Post
    After digging pretty good I found this https://community.openvpn.net/openvpn/ticket/1126

    Appears to be a conflict with the compression setting being enabled on the server...?

    I will confirm tomorrow and let you know.

    Looks like it doesn't affect android yet because the android app was last updated 5/25/18 vs 10/3/18 for iOS..

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2