We'll I cant bash Untangle about its stability and its been doing a phenomenal job for the past years. I have no regrets using it. For me faster fix was to reinstall from scratch then to digg tru the forums honestly. Again I will say, After lets say 2-3 updates after an admin logs in Untangle it will be a great feature to see what has changed since the last login and what features are end of life and such. As admin I dont really have time to read every single release note on every product out there. Its just too much information to swallow.

Cheers,

I'm right there with you, which is also why I'm not happy about the current OpenVPN implementation. If you nuked and paved just the OpenVPN module, you would have done enough to get things going again. BUT, the new defaults still contain compress directives, and those directives are ALREADY deprecated. So if you've pushed these clients out everywhere, and you didn't know to go exclude the compress directives from both the client and server configurations, you're basically signed up to do all this again soon.

When is soon? I have no idea... And the first thing that will bite you, is iOS and Android OpenVPN clients not connecting because these platforms require the user to manually enable compression before they'll actually pass traffic.

And I agree, we're all busy. But that's also why these forums exist.

Untangle's OpenVPN module is amazing, but it has one massive weakness... the OpenVPN clients are all configured with local configuration files. We have no way to input a change on the server, and have the clients just get those changes. You have to either redistribute the clients, or find a way to edit all the deployed configuration files.

This is a problem with the way OpenVPN works as a platform, Untangle is just wrapping it.

Hello,
I was hoping someone could lend a hand on a Sunday. I just nuked OpenVPN as per this thread (we were still on the old MD5 certs), reinstalled, re-imported the settings and downloaded the client. I am successfully connected to OpenVPN with the new SHA512 certs, so that was a success, however I cannot ping any machine inside the network now.
The reinstalled OpenVPN server has a different server address space, but I've looked over all the firewall rules to see if somehow the address space was referencing the old server which is not the case. I rebooted the UT appliance, but when I ping from my remote machine I receive a 'TLS expired in transit' from my ISP or 'request timed out'.
Might anyone have any ideas how to shake this loose? Might I need to reboot the routers inside my network to purge the ARP cache?

Any thoughts or ideas would be greatly appreciated.
Thanks!

Lost in this thread, is a 2nd critical step...

Hit up the advanced tab in OpenVPN settings, and exclude the compress lines in both the client and server sections, then redistribute your clients.

I suspect you're testing from iOS or Android, those mobile clients will stop working if compression is enabled, unless you manually flip the compression switch on the client itself.

Beyond that... if you still have issues you have something else going on, some setting you failed to duplicate and you'll need to start your own thread.

Thanks, sky-night. I did see that 2nd critical step but all our clients are Win10, which is also what I'm using. I excluded the compress lines in both the client and server and redistributed the client but still have the same issue. I've been able to connect to my computer, via RDP, via either hostname or IP now nothing is responding including the DNS server.
I'll contact support tomorrow.

Need more data on that one for sure. Win10 isn't impacted with or without compression. And it does still "just work" as it always has.

Unless you're in bridge mode?

RDP? Is there a domain involved? Have you added the OpenVPN address pool to the list of IP addresses in Sites and Services?

But start a dedicated thread with some details, if you need more help. This one is pretty clogged.

Hi Rob,

Yes, I run it in bride mode behind a main router/firewall. Didn't realize I was in this thread.

--Ben

Sorry for the newb question but, beyond connecting via SSH to the terminal, how do I go about doing this?

- Export the server remote clients, groups, and networks from /admin/index.do#service/openvpn/server

Derp! That was right in front of me. Thanks!