One way traffic through VPN

[alanancs]

Hi Guys,

I have 2 Untangle Firewalls installed, one is behind a VDSL Router, untangle in bridge mode port 1194 forwarded to untangle OpenVPN, Local Subnet is exported.

2nd Untangle device is in router mode, and uses tunnel VPN to connect to the first unit, long story.

From site 2, i can ping and access all devices on site1, but from Site1, i cannot connect, or ping anything on site 2.

Subnets as below:
Site 1 (untangle in bridge from VDSL router) 192.168.10.x
Site 2 (untangle in router mode) 192.168.9.x

I need to be able to print from Site 1 to Site 2, as their server has been relocated to site 1.

Any ideas whats happening?

When i was using openvpn server at site 1 & openvpn client at site 2, there was no traffic between sites, but vpn was up, using openvpn server at site 1, and tunnel at site 2 i can get traffic flow?

[sky-knight]

Bridge mode Untangle rule number 1... It needs a complete routing table.
Bridge mode Untangle rule number 2... It can't route for a network it's not the default gateway for.

The VDSL router doesn't have routes to the OpenVPN address pool IP range, nor the IP range(s) beyond the OpenVPN tunnel. So packets on that side are flowing out the Internet connection per the routing they have.

The only reason it's working the other way is you didn't disable NAT on the VPN connection, so ingress packets are hitting the bridge, being translated to the local Untangle address and moving out from there. I'm not a huge fan of configuring NAT for any of Untangle's VPN apps for this reason... it lets admins be lazy, and a lack of understanding of the required underlying routing results in the issues you're currently facing. And since this stuff tends to blow up at the worst possible time... I'd prefer admins be forced to deal with this in advance. It tends to save hair, stress levels, and possibly jobs.

P.S. Once you get the routes fixed, the bridge side Untangle may need a reboot.