Announcement

Collapse
No announcement yet.

VPN without NAT

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN without NAT

    I've been experimenting with an Untangle box as a transparent bridge (ie. 'router' is turned off) between my internet connection and my network, protecting against spam, virii, and phishing. The internal and external addresses are the same, and all of the live IP addresses behind the Untangle are visible from the internet (which is what I want).

    What I can't seem to do is to get OpenVPN to handle routing properly. I've tried a private address pool, an address pool within my live subnet, and several combinations of exported networks, with no success. I can generate keys and connect to the VPN, but I cannot access anything within the VPN or the exported subnets (not even the untangle box itself!).

    Should this even be possible? If so, what do I need to do to get it to work? I know OpenVPN can work on a machine not configured as a router, because I've set up servers that way, but I'm striking out on this one.

  • #2
    Welcome zacherbaugh!

    Ah, you can't have an address pool with your actual subnet. Otherwise the local hosts try to talk directly to VPN users instead of routing the traffic back out to the untangle server.
    So if your internal net is 192.168.x.x you'll probably want to use something like 172.16.x.x as an address pool. That way the 192.168.x.x will route return traffic to VPN users back to the untangle server (the default route). Otherwise they would ARP for the local machine, which of course, isn't local at all.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

    Comment


    • #3
      Thanks - I figured I'd have to use a private subnet for the VPN clients, so it's good to know I'm not crazy

      The big issue, though, is getting OpenVPN to deal properly with my public subnet. I've confirmed that the routing information is getting pushed out to the clients, but Untangle doesn't seem to be handling the traffic properly. I can't even reach the Untangle machine on its external IP address while connected to the VPN by either ping or https (both of which work when not connected to the VPN).

      The admin interface and the client setup distribution system are great - I just need to figure out this last bit. Any thoughts?

      Comment

      Working...
      X