Results 1 to 5 of 5
  1. #1
    Master Untangler RiffRaff's Avatar
    Join Date
    Jul 2008
    Location
    Indianapolis, Indiana, USA
    Posts
    158

    Default Switch From Xfinity To AT&T Fiber Breaks Outgoing VPN

    I have a brand new Untangle Z4w appliance running 15.1. Got it all set up and configured it as a remote client for a customer whose network I maintain access to, and all was well. Their Untangle Server is also running 15.1, so there is not a version conflict.

    Last week I switched to AT&T gigabit fiber which, of course, introduced a different gateway to my network. I have basically put their gateway in bridge mode (what they call IP Passthrough) which allows my Untangle Server to pick up the public IP address on the external interface.

    I have discovered that I am establishing an openVPN tunnel with my customer's Untangle Server, but absolutely no traffic is crossing the VPN, not even ICMP. Trying to establish a VPN connection as an individual client fails with just a "failed to connect" error. However, inbound VPN connections work perfectly, since I was able to establish a connection to my server from my phone over 4G and access my internal network.

    Troubleshooting steps I have tried so far:
    • Rebooting all devices involved
    • Reinstalling the OpenVPN client configuration
    • Uninstalling and reinstalling OpenVPN
    • Shutting down all security on both Untangle and the Gateway


    Now, if I connect my laptop directly to the LAN port of the AT&T gateway and pull a local IP address from it, I can establish an outgoing VPN connection with no issues. So, something must getting lost at the Untangle external interface/AT&T Gateway WAN port.

    Existing Setup:
    AT&T Gateway: 192.168.0.1/24
    Untangle External: Public IP/22
    Untangle Internal: 10.x.x.x/24

    Note: I don't like using 192.168.** for anything, but the AT&T router is really limiting my options.

    I also tried turning off IP Passthrough and configuring the Untangle external interface to pull a local IP from the gateway (192.168.0.254), but still no traffic through the tunnel.

    Obviously, since the only change to the system between when it was working and when it stopped working is the gateway, that has to be the problem, but I am officially stumped at this point. Even more so that inbound VPN connections don't seem to be affected in the slightest.

    Here is the system information on my AT&T gateway:
    Manufacturer NOKIA
    Model Number BGW320-505

    Searching the forums for this problem brings up a lot of information about conflicts between older and newer version of Untangle, but this is not the case. I think this is an AT&T problem, so I don't know if Untangle Support can help me or not. I'm hoping someone else has run into this same issue and knows the solution.

    Thanks,
    Riff
    Risking my life for people I hate for reasons I don't understand.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,197

    Default

    I would open a support ticket. I would also check that compress on the advanced tab of the server for server and client configuration are blank.

    openvpn-compress-setting.png
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler RiffRaff's Avatar
    Join Date
    Jul 2008
    Location
    Indianapolis, Indiana, USA
    Posts
    158

    Default

    Okay, I checked compression settings...

    Remote Server:
    Screenshot at 2020-09-12 11-57-36.png

    My Server (Remote Client):
    Screenshot at 2020-09-12 11-59-24.png

    My remote client configuration file:
    client
    resolv-retry 20
    keepalive 2 10
    nobind
    mute-replay-warnings
    remote-cert-tls server
    compress
    verb 1
    persist-key
    persist-tun
    explicit-exit-notify 1
    dev tun
    proto udp
    port 1194
    cipher AES-128-CBC
    cert keys/Untangle22.crt
    key keys/Untangle22.key
    ca keys/Untangle22-ca.crt
    remote xxx.xxx.xxx.xxx 1194 # public address
    remote yyy.yyy.yyy.yyy 1194 # static WAN 1
    Those all look correct, yes?

    Oh, and I tried one more thing today. I put the external interface on one of the gateway's LAN ports instead of the WAN port and reconfigured everything appropriately, including forwarding UDP 1994. Same scenario. I had full outside access, the VPN tunnel connected, but I had no traffic over it.

    I will open a support ticket. I just wanted to make sure I didn't miss something stupid in my troubleshooting.
    Risking my life for people I hate for reasons I don't understand.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,197

    Default

    it looks all good. Support can debug it.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Master Untangler RiffRaff's Avatar
    Join Date
    Jul 2008
    Location
    Indianapolis, Indiana, USA
    Posts
    158

    Default

    Quote Originally Posted by jcoffin View Post
    it looks all good. Support can debug it.
    Thank you for your help. I've opened a support ticket.
    Risking my life for people I hate for reasons I don't understand.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2