Results 1 to 6 of 6
  1. #1
    Untanglit
    Join Date
    Jan 2009
    Posts
    19

    Exclamation Untangle as an OpenVPN client pfSense as server

    I've had few issues getting just about any OpenVPN client to connect the Untangle when Untangle is the server but right now I'm trying to get Untangle to be the client to a pfSense server. I think I'm pretty far along. Here is some information about the setup:

    The client is Untangle version 15.1, call it Site A. Site A is also an OpenVPN server. As a server, it is receiving multiple site-to-site connections (Site C, Site D) and exporting those networks so everyone can see everyone else. I've got Untangle successfully connected to pfSense (Site B) where Untangle is the client but the connectivity is working 100%. Here's what works and does not work

    I can ping and connect to everything on the Site B LAN from WITHIN the Untangle troubleshooting tools
    I cannot ping/connect to anything between the Site A and Site B LANs (the problem I'm trying to solve)
    I can ping/connect to ALL LANs from Site C and Site D (I listed the Site B LAN as an exported network)

    I've tried many more tests than what I've mentioned here but I think this might be enough information for someone that knows what they are doing (certainly more than me). I think the main issue is that on SIte A from "within" Untangle (troubleshooting tools) everything seems to work but not from Site A's LAN.

    I know this is not a supported configuration but I hope it can work.

    Thank you.

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    did you 'export' the network (Site A LAN)?

  3. #3
    Untanglit
    Join Date
    Jan 2009
    Posts
    19

    Default

    Yes, the LANs for Site A, Site B Site C, and Site D are exported.

    To reiterate, the connection I'm trying to fix is between Site A (Client, Untangle) and Site B (server, pfSense). Site C and Site D are clients to Site A (server) and they work fine, Site C can get to Site A and Site B. Site D can get to Site A and Site B. I'm not seeing packets destined for Site B's LAN getting to Site A's OpenVPN interface but there is a route in the routing table. Since C and D can see B (through A since that is the server they are using) I'm assuming the issue is in A (Untangle).

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    Nothing is jumping out at me, and I see that my answer was pretty lame.
    I didn't catch the complexity of this from mere words (my bad).

    Can you give us a network layout sketch?

  5. #5
    Untanglit
    Join Date
    Jan 2009
    Posts
    19

    Default

    I was able to resolve the issue, I don't know the technical explanation for why it worked at the moment but "working" is good enough for now. I had started going down the NAT-over-VPN rabbit hole and want to thank sky-knight for taking the time to explain that was a bad idea.

    In the end, it was as simple as setting the tunnel network subnet mask to a /30 (I was originally using the more typical /24). Since pfSense is acting as the server in this setup, the following changes were made there, no settings were changed on the Untangle side. For anyone facing the same issue, this is NOT the same as setting the OpenVPN "topology" to "net30". The topology should remain set to "subnet" and the network listed in "IPv4 Tunnel Network" must be a /30.
    Jim.Alles likes this.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    Ahhh yes that makes sense! That was a fun one.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2