Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15
  1. #11
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    I find it hard to believe it would successfully get a DHCP address from the DHCP server if it was unplugged.

    Regardless, Indeed having 192.168.1.x/24 in two places is completely broken.

    Usually Untangle will prevent you from assigning the same subnet in two places, but you are using DHCP to do so. Untangle can't prevent you from doing this because it doesn't know what address it will get in the future.


    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  2. #12
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    The connection is physically disconnect (phone line is cut) - not the ISP router so I get the DHCP answer but that's it - no packets to internet through a non-existent line...

    So the answer is that this setup is broken - sorry to hear but something that I now more or less had deducted...

    AND there is no setup and/or cure by Untangle setup? LIke the restricted network mask for the WAN's?
    That is to my knowledge how VPN routing is done but I am just observing and not actively experienced with routing...

    ISP's are always difficult to persuade to make changes to their standard setup from this (unfortunate) common selection of 192.168.1.X network. I have already tried with the most customer oriented ISP and they were not able to help - except by $$$$ billing :-/
    Last edited by Justy; 08-31-2015 at 01:42 PM.

  3. #13
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by Justy View Post
    The connection is physically disconnect (phone line is cut) - not the ISP router so I get the DHCP answer but that's it - no packets to internet through a non-existent line...
    Indeed so it is connected. Which is why you can successfully connect to 192.168.1.1 (the modem).
    The fact that the modem is unplugged is not relevent. I was explaining why you can reach the modem and why there are active sessions showing you connected to port 443 (administration) on the modem.

    Firstly, I would turn off NAT on both of them and give Untangle the public IPs. Otherwise you'll be doing double NAT.
    If thats not possible, then just change the subnet on one of them (to 192.168.2.0/24), and live with the double NAT.
    If thats not possible I would find a decent ISP or do *triple* NAT with another router.
    Or just remove the second WAN. Given its the *same* subnet as your first WAN its useless anyway, even if it was working.

    None of that has anything to do with WAN Balancer, which is working correctly.
    Last edited by dmorris; 08-31-2015 at 01:58 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #14
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    Communication is indeed difficult so I will try to add even more to clarify...

    I have two ISP's that have chosen the same DHCP network (by coincident or because that is the network that is the textbook example :-)

    So WAN Balancer IS working and has worked GREAT for the past 5+ (maybe 7?) years so I just try to get it working again after this 11.2 upgrade.

    I realize now that I stumbled upon this by coincident as it probably has been broken since IP telephony was added so I had to use the ISP router. This existing "broken WAN setup" reveals itself via WAN Balancer routing simply due to the ISP with a broken phone line.

    The fiber link works fine with the other WAN so I expected (and later hoped!) that WAN Balancer would use the usual magic (as you also suggest :-) to get the packets through anyway...

    SO you are saying:

    As stated, I have troubles with the ISP routers as they are managed by the ISP's so I can't change it to 192.168.2.x - that was my first attempt as mentioned above. It is locked in hardware. I will try the other ISP but they have a reputation of totally unwillingness or huge bills for professional solutions and I am not that professional :-/

    Instead of using the default NAT setup on the WAN interface, I can switch off the network mask - by manual setup?
    The internet IP is dynamic but usually the DHCP from the router is quite static so can I simply deselect DHCP and use the usual IP?
    Will this not timeout when I am not getting it from the DHCP server of the ISP router?

    My solution of ultimate despair would be simply to remove one of the ISP routers but then I challenge their solution responsibility and may have to spend money in case of any problems (as I am not using their modem!) Besides that, the fiber link also includes IP telephony from ISP so it has be the other one...

    Thanks for your time - it is hugely appreciated to get WAN Balancer back in action - and no, I will certainly not remove it as this is the reason for being an Untangle customer (just renewed for another two years...:-)

  5. #15
    Untangler
    Join Date
    Jun 2009
    Location
    Denmark
    Posts
    66

    Default

    OK - tried to circumvent the overlapping network segment by specific addressing but it does not work at all - both WAN's are now down.
    This will obviously be logic for the routing specialists but it my (simple) mind it should work...?

    First the two WAN setups with my trial setup:
    - 192.168.1.6/192.168.1.128 are the DHCP given addresses for the ISP modem;
    - 192.168.10.3/192.168.10.2 with single IP network mask and then the given addresses for the ISP links:

    2015.09.01 - Tried to circumvent overlapping IP networks - AURA.png

    and

    2015.09.01 - Tried to circumvent overlapping IP networks - AURA.png

    This gives this routing report:

    = IPv4 Rules =
    0: from all lookup local
    100: from all fwmark 0xfe00/0xff00 lookup 1000
    32766: from all lookup main
    32767: from all lookup default
    50000: from 192.168.10.3 lookup uplink.1
    50001: from 192.168.10.2 lookup uplink.3
    1000000: from all lookup uplink.1

    = IPv4 Table main =
    10.100.100.0/24 dev eth1 proto kernel scope link src 10.100.100.1
    192.168.1.6 dev eth2 scope link
    192.168.1.128 dev eth3 scope link

    = IPv4 Table balance =
    default via 192.168.1.6 dev eth2

    = IPv4 Table uplink.1 =
    default via 192.168.1.128 dev eth3

    = IPv4 Table uplink.3 =
    default via 192.168.1.6 dev eth2

    = IPv4 Route Rules =


    = IPv6 Rules =
    0: from all lookup local
    32766: from all lookup main

    = IPv6 Table main =
    fe80::/64 dev eth1 proto kernel metric 256
    fe80::/64 dev utun proto kernel metric 256
    fe80::/64 dev eth2 proto kernel metric 256

    = IPv6 Table uplink.1 =

    = IPv6 Table uplink.3 =

    --- 0 ---

    My guess would be that the two WAN interfaces made appropriate links via gateway/DNS bindings, e.g. 192.168.10.3 to 192.168.1.128 for AURA WAN.

    I cannot understand why these ranges are used for single WAN IP access but that may be due to routing constraints.
    SImilarly makes NAT hardly any difference in the outcome :-(

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2