Switch From Xfinity To AT&T Fiber Breaks Outgoing VPN

[RiffRaff]

I have a brand new Untangle Z4w appliance running 15.1. Got it all set up and configured it as a remote client for a customer whose network I maintain access to, and all was well. Their Untangle Server is also running 15.1, so there is not a version conflict.

Last week I switched to AT&T gigabit fiber which, of course, introduced a different gateway to my network. I have basically put their gateway in bridge mode (what they call IP Passthrough) which allows my Untangle Server to pick up the public IP address on the external interface.

I have discovered that I am establishing an openVPN tunnel with my customer's Untangle Server, but absolutely no traffic is crossing the VPN, not even ICMP. Trying to establish a VPN connection as an individual client fails with just a "failed to connect" error. However, inbound VPN connections work perfectly, since I was able to establish a connection to my server from my phone over 4G and access my internal network.

Troubleshooting steps I have tried so far:

• Rebooting all devices involved
• Reinstalling the OpenVPN client configuration
• Uninstalling and reinstalling OpenVPN
• Shutting down all security on both Untangle and the Gateway

Now, if I connect my laptop directly to the LAN port of the AT&T gateway and pull a local IP address from it, I can establish an outgoing VPN connection with no issues. So, something must getting lost at the Untangle external interface/AT&T Gateway WAN port.

Existing Setup:
AT&T Gateway: 192.168.0.1/24
Untangle External: Public IP/22
Untangle Internal: 10.x.x.x/24

Note: I don't like using 192.168.** for anything, but the AT&T router is really limiting my options.

I also tried turning off IP Passthrough and configuring the Untangle external interface to pull a local IP from the gateway (192.168.0.254), but still no traffic through the tunnel.

Obviously, since the only change to the system between when it was working and when it stopped working is the gateway, that has to be the problem, but I am officially stumped at this point. Even more so that inbound VPN connections don't seem to be affected in the slightest.

Here is the system information on my AT&T gateway:
Manufacturer NOKIA
Model Number BGW320-505

Searching the forums for this problem brings up a lot of information about conflicts between older and newer version of Untangle, but this is not the case. I think this is an AT&T problem, so I don't know if Untangle Support can help me or not. I'm hoping someone else has run into this same issue and knows the solution.

Thanks,
Riff

[jcoffin]

I would open a support ticket. I would also check that compress on the advanced tab of the server for server and client configuration are blank.

openvpn-compress-setting.png

[RiffRaff]

Okay, I checked compression settings...

Remote Server:
Screenshot at 2020-09-12 11-57-36.png

My Server (Remote Client):
Screenshot at 2020-09-12 11-59-24.png

My remote client configuration file:

client
resolv-retry 20
keepalive 2 10
nobind
mute-replay-warnings
remote-cert-tls server
compress
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
proto udp
port 1194
cipher AES-128-CBC
cert keys/Untangle22.crt
key keys/Untangle22.key
ca keys/Untangle22-ca.crt
remote xxx.xxx.xxx.xxx 1194 # public address
remote yyy.yyy.yyy.yyy 1194 # static WAN 1

Those all look correct, yes?

Oh, and I tried one more thing today. I put the external interface on one of the gateway's LAN ports instead of the WAN port and reconfigured everything appropriately, including forwarding UDP 1994. Same scenario. I had full outside access, the VPN tunnel connected, but I had no traffic over it.

I will open a support ticket. I just wanted to make sure I didn't miss something stupid in my troubleshooting.

[jcoffin]

it looks all good. Support can debug it.

[RiffRaff]

it looks all good. Support can debug it.

Thank you for your help. I've opened a support ticket.