Site to site VPN questions

**speciall** · 12-23-2008, 03:52 AM

Hello,
I'm trying to setup site to site VPN with 2* Untangle 6

Network:

Main site network (VPN server):
Internal network (192.168.10.0)
UT Internal Bridge with external
External static: 192.168.10.204
Linksys router (192.168.10.10)
DSL connection (dynamic IP with Dyndns)

Remote Site (VPN Client)
Cable connection - Linksys router (192.168.1.1)
UT (192.168.1.100 on external static)
Internal in Bridge mode - network (192.168.1.0)

Config in server:
Adress Pool: 172.16.17.0
Network address : 192.168.1.100 (255.255.255.0)

Exported hosts & networks:
Name: External network: 192.168.1.0 (255.255.255.0)
Name: Internal network: 192.168.10.0 (255.255.255.0)

In the event log on the server I can see an active connection,
12/23/08 active connection site1 84.123.43.32:33375 KB sent: 7.2 Kb received: 6.8
In the event log of the client I see nothing?
but status = connected to hostname.hopto.org from the server

I cannot reach Ip's from internal network to site network or from site network to internal...
Do I have to add some routings?
Do I have to see something in the eventlog?
Any other toughts?
thanks

**bulldog** · 12-23-2008, 05:08 AM

Hi,

Although some would disagree, I set the routing on the PC's I wish others to have access to.

Pip Pip

**speciall** · 12-23-2008, 05:15 AM

yes but setting routings on a PC is not possible,

The VPN would be used to connect a serial to lan interface between 2 locations. This to control a telephony system. Can I set extra routings in the Broadband routers?
Is there a way to see the IP of the Client Untangle? or is this not important? (bridging?)

Is port 443 needed for VPN, I thought only 1194?

In my test setup port 443 is not blocked by the ISP but in the setup of the client it will be blocked...

**far182** · 12-23-2008, 08:08 AM

Originally Posted by speciall

Hello,
I'm trying to setup site to site VPN with 2* Untangle 6

Network:

Main site network (VPN server):
Internal network (192.168.10.0)
UT Internal Bridge with external
External static: 192.168.10.204
Linksys router (192.168.10.10)
DSL connection (dynamic IP with Dyndns)

Remote Site (VPN Client)
Cable connection - Linksys router (192.168.1.1)
UT (192.168.1.100 on external static)
Internal in Bridge mode - network (192.168.1.0)

Config in server:
Adress Pool: 172.16.17.0
Network address : 192.168.1.100 (255.255.255.0)

Exported hosts & networks:
Name: External network: 192.168.1.0 (255.255.255.0)
Name: Internal network: 192.168.10.0 (255.255.255.0)

In the event log on the server I can see an active connection,
12/23/08 active connection site1 84.123.43.32:33375 KB sent: 7.2 Kb received: 6.8
In the event log of the client I see nothing?
but status = connected to hostname.hopto.org from the server

I cannot reach Ip's from internal network to site network or from site network to internal...
Do I have to add some routings?
Do I have to see something in the eventlog?
Any other toughts?
thanks

Since you have both sides in Bridge mode, you will need to add routes in the Linksys that point "back" to the untangle boxes for the VPN networks. With the way you have it setup now, it won't know where to route those subnets and just send the traffic to your ISP.

**sky-knight** · 12-23-2008, 08:23 AM

Far is correct, the default gateway on all your clients is pointed at a device other than untangle. Only static routes in that default device for the networks on the other side of the tunnel will get you where you need to go.

**speciall** · 12-23-2008, 08:25 AM

OK, thanks for the reply,
Is it better then to setup one UT in router mode and one in bridge?
or doesnt that matter?

On a computer on the server side I can do this:
tracert 192.168.1.1
Tracing route to 192.168.1.1 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.10.204
2 27 ms 22 ms 22 ms 172.16.17.5
3 * * * Request timed out.

so this one knows where to go
On a computer on the client VPN side I see this:
tracert 192.168.10.10
Tracing route to 192.168.10.10 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.1.1
2 11 ms 11 ms 12 ms d54C422.access.dslt.be [84.197.224.12]
3 * * * request time out.

What do I have to setup in the route tables?

client side: 192.168.10.0 via 192.168.1.100? Or via the 172.16.17.X?

Server side: 192.168.1.0 via 192.168.10.204 or via the 172.16.17.5?

thanks,

**sky-knight** · 12-23-2008, 08:28 AM

All you should have to do is point the other network at your untangle's IP address.

So on the 192.168.10.0 side you put a route in the router that says destination network 192.169.1.1 -> UT ip and it will handle the rest. Just flip it around for the other side.

Oddly enough, it looks like your 192.168.1.1 side is working already, it's the return path that is broken.

**far182** · 12-23-2008, 08:28 AM

On your main site Linksys: add a LAN side route of 192.168.1.0 255.255.255.0 gateway 192.168.10.204

On your Remote site LInksys: add a LAN side route of 192.168.10.0 255.255.255.0 gateway 192.168.1.100.

Everything will begin to work.

P.S. It's fine to leave everything in Bridge mode. The settings I gave you above assumes bridge mode. If you decided to put both Untangle boxes in Router mode and get rid of the Linksys at each location, you wouldn't need to add these routes because the VPN engine would automatically add them for you.

**speciall** · 12-23-2008, 03:01 PM

OK thanks guys,
added the route on the client vpn router to 192.168.10.0 via 192.168.1.100
and everything works, looks indeed like the return path did not work

thanks!

Thread: Site to site VPN questions

LinkBack

Thread Tools

Site to site VPN questions

Posting Permissions