Results 1 to 10 of 10
  1. #1
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default Clients not using tunnels

    It's an absolutely horrible title, what it means is that a client with static ip and a rule to send all the traffic from said ip to a specific tunnel, sometimes stops using the tunnel and connects directly.
    My guess is that when the second line goes up (or down) something goes wrong. The only solution seems to disable the rule, save, enable, save and it will get back to working as intended.

    Ideas on what could be going wrong, and how I could solve it? Thanks in advance

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Rules only apply to new sessions. If a tunnel goes down, a new session is created (it goes out the normal WAN), then the tunnel comes back up. it will NOT switch to the tunnel when the tunnel comes back. Rules are evaluated on session creation.

    If you want to stop that client from going out the normal WAN when the tunnel is down, just create a firewall rule.
    Many VPN providers take the tunnel down frequently to stop users from staying connected, so tunnels go up and down frequently.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default

    I'm afraid I'm in need of more guidance here, the firewall has only pass or block... and it blocks the client from connecting to the net, just tested. What I'm doing wrong?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    it sounds like you want to block the client from using some interface to reach the internet, correct?

    add rule to block aand conditions that say to block only when client = client in question and destination interface = interface in question
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default

    I think I got it right, but for ease I went with destination interface is NOT tunnel and it seems to work so far.

    Hopefully this fixes the issue, thanks

  6. #6
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default

    Sadly that didn't work as expected

    Now it blocks the computer from accessing the net unless it uses the vpn, and that's good, however when the second wan comes online something goes wrong and the computer loses connection. A reboot is useless, the only way is to disable and re-enable the tunnel rules.

    A little more help, please?

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    For "something goes wrong" type issues I would start here:
    https://wiki.untangle.com/index.php/...ternet_is_Down
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default

    Fair enough

    Untangle still works for all other devices not blocked by the firewall rule, so for example my phone or PlayStation. The computer affected by the rule can still reach and log into the Untangle interface, but everything related to the internet seems not to be working: not the antivirus updating, not google... sadly I "fixed" the issue already before running the other tests.

    Looking at the tunnel page I think it's closely related to the second wan, as it was showing the tunnel connected for (roughly) the amount of time said wan had been up.

    Edit: I'm running an experiment, in the WAN balancer I made a rule for the source interface VPN to have as a destination the WAN that's always on. We'll see how it goes.
    Last edited by Stamp; 04-24-2018 at 04:45 PM.

  9. #9
    Untangler
    Join Date
    Aug 2014
    Posts
    47

    Default

    That did not fix it, but I tested the ping and for some reason it could ping google. I can also confirm that the tunnels get disconnected and reconnect when the second WAN comes online, and the firewall module decides to block all traffic from my computer.

  10. #10
    Master Untangler
    Join Date
    Jun 2015
    Location
    NW Arkansas
    Posts
    234

    Default

    Were you able to figure this out? I'm also trying to do this. Basically block a single client PC on my LAN from send specific traffic out over my External (WAN) interface, but instead only send it out over the Tunnel VPN.

    I've created a Firewall rule as:
    Destination port: x
    Destination Interface: External
    Source Address: 192.168.0.x (the Client IP on my LAN)
    Action: Block

    AND a Tunnel VPN rule as:
    Destination Port: x
    Protocol: TCP, UDP
    Source Address: 192.168.0.x (same as Client IP above)
    Destination Tunnel: TunnelName

    Does that look correct?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2