Results 1 to 3 of 3
  1. #1
    Untanglit
    Join Date
    Jul 2020
    Posts
    27

    Default Cant reach client

    I connected a server to untangle through VPN to be able to SSH to it without exposing the SSH port to the internet, i disabled openVPN NAT, i allowed the traffic on the filter rules, there are no firewall rules blocking.

    The OPENVPN Address Space is "192.168.253.0/24"

    Lets say said client IP on openVPN is 192.168.253.2.

    If i try to "ssh xxx@192.168.253.2" from my machine or even ping it isnt able to.
    If i SSH to untangle and them "ssh xxx@192.168.253.2", it works, i want all the clients on all the neetworks to be able to reach port 22 on this OPENVPN client, but i cant find how to.

    Thanks in advance.

  2. #2
    Untanglit
    Join Date
    Jul 2020
    Posts
    27

    Default

    Saw some posts here on the forums, had to add both the OPENvpn address space and the networks that had to talk with the openvpn client on the exported networks? didnt understand, but worked, if someone can explain for me on a technical way why is this would be appreciated.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,790

    Default

    OpenVPN exports are a list of IP ranges available to VPN users. The VPN users can be the VPN clients themselves, or other devices behind the terminating Untangle.

    By default, Untangle only exports the LAN IP range. So VPN users can access the LAN IP range, but the LAN IP range cannot access the VPN users by their address pool IP. If you want LAN IP devices to be able to access the address pool IP's of VPN clients, you must export the address pool IP range.

    You must also export any other IP ranges that might be on Untangle, or beyond Untangle to make them available to the VPN as well.

    Exports are similar to, but not quite the same as a routing table for OpenVPN. So the short answer is, if the IP range isn't in the list, nothing via the VPN is going to be able to access it.

    NAT only makes this process harder, so glad you found that early on.

    So in the end, you did what you had to do, disable NAT on OpenVPN, and exported the OpenVPN address pool range so the OpenVPN reserved IP address for that client was accessible to the LAN. That address is reserved by the way, so it won't change.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2