Announcement

Collapse
No announcement yet.

VPN Site to Site using Untangle at both ends.

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    VPN Site to Site using Untangle at both ends.

    Hello folks,

    I have been pouring over the VPN instructions, contained within the Untangle Wiki, and I have successfully established a site to site VPN using a Untangle Server, as routers, at both locations.

    However, I need a little help with site-wide exports, as I have used the default options in the VPN Server setup. What my goal is, to allow both the VPN Server Site, and the VPN Client Site, to access each others' entire network.

    1. Each Site, has a static IP, so no worries about the VPN breaking due to changing Routeable IP Addresses.
    2. VPN Server Site is using a local IP Addressing scheme of 192.168.0.x
    3. VPN Client Site is using a local IP Addressing scheme of 192.168.2.x
    4. Most of the important devices/systems at each site are using Static IPs, so mapping/pinging/testing should not be an issue (in my mind.)

    So, at this point, what I am actually asking is this:

    What should my Exported Network settings be, for each Site, if necessary?
    What should my VPN Site settings be, for each Site, if necessary?

    Thank you in Advance!
    Tags: None
  • #2
    hey cybrwolf.
    you could put both networks on the exported host ( ex. 192.168.0.0/24 and 192.168.2.0/24 ) on the openvpn server. then control access by firewall rules.

    Comment

    • #3
      you also may need to put their virtual ip ( default is 172.16.16.0 )

      Comment

      • #4
        Richie,

        Thank you so very much, for your quick response!

        I have done what you suggested in the Exports. However, I'm not sure I understand how the virtual IPs work.

        With the exports set, as you suggested, should I be able to ping a Client Site IP of 192.168.2.245, from inside the Server Site's network, using a 192.168.0.167 IP Address?

        Ron

        Comment

        • #5
          cybrwolf,

          You should be able to, yes.
          I think adding that export may screw up the other side.
          (Essentially an export tells all connecting clients that the exported networks should be routed to the master untangle server, but in this case the 192.168.2.x network shouldn't be routed there)

          I think there may be a setting on the slave untangle server, but I'm not positive.
          Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
          If you need Untangle support please call or email [email protected]

          Comment

          • #6
            dmorris,

            Actually, you were right, with the Export of the Client Site IP Address 192.168.2.x/24, the client systems at this site lost "over the internet" connectivity to us. So, when I removed this Export connectivity was restored.

            So, as of right now, I have the VPN Server Site in the export list as 192.168.0.0/24.

            I still need guidance in what to do/what should I do with Address pool entry (which is still the default setting of 172.16.16.0) and/or the VPN Site entry (which is also default of 1.2.3.4/24)

            Comment

            • #7
              What is the netmask of the main site?

              It should be /24 (not /16) so that any 192.168.2.x traffic is routed back to the untangle server.
              Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
              If you need Untangle support please call or email [email protected]

              Comment

              • #8
                the netmask is 255.255.255.0 (hence the /24). *grin*

                Comment

                • #9
                  So the question remains, can someone help me get this setup and working? I know I'm almost there, but I need someone to hold my hand, on this one.

                  Comment

                  • #10
                    Sorry, what "site" settings do you have configured as of now?
                    Could you post a screen shot of your servers open vpn config fromt the vpn sites tab?
                    That would be great

                    Comment

                    • #11
                      Ok, so here is a run-down on what I have setup:

                      1. VPN Server Site:
                      Internal IP Address Scheme 192.168.0.x/24
                      Untangle is the Router, not a pass-through
                      Router IP = 192.168.0.1
                      WAN side IP is Static IP.

                      2. VPN Client Site:
                      Internal IP Address Scheme 192.168.2.x/24
                      Untangle is the Router, not a pass-through
                      Router IP = 192.168.2.1
                      WAN side IP is Static IP.

                      3. VPN Server settings are as follows:

                      Server Port is default of 1194
                      DNS Override is Off
                      Exported Hosts/Networks = [name], 192.168.0.0, 255.255.255.0
                      Address Pool = [APname], 172.16.16.0, 255.255.255.0
                      VPN Clients = none
                      VPN Sites = [Site Name], [APname], 1.2.3.4, 255.255.255.0


                      As of right now, the VPN Client Site has been connected, since November 21, however I cannot ping an Internal IP Address of the remote site from either location. (example: ping 192.168.2.1 from the 192.168.0.x network) and vice-versa.

                      Comment

                      • #12
                        Any updates on this?

                        Comment

                        • #13
                          Oh, thanks for bringing it back to our attention
                          I would guess that it is the firewall that is blocking the traffic....... So I would go into each and make pass rules. At the main make a pass rule for the internal network address at the remote site to be allowed through, then on the other side the opposite.

                          Comment

                          Previous template Next
                          Working...
                          X
                          😀
                          🥰
                          🤢
                          😎
                          😡
                          👍
                          👎