Announcement

Collapse
No announcement yet.

16.6.0 Update - TunnelVPN not even attempting to connect..?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 16.6.0 Update - TunnelVPN not even attempting to connect..?

    Hello,

    Just updated to the 16.6 RC.

    Everything works the same but my tunnels aren't even trying to connect.
    I recreated with the same files, reinstalled tunnelvpn, tried all other variants people have had working o here before...

    Where do i even begin to troubleshoot this?

  • #2
    I imported my config and the tunnel seems to connect but the routing seems broken. If you go to the cli and enter
    Code:
    ip a
    does it show tun devices? Mine does.

    I also see some other problems like kernel panics and traffic stopping. Not worth wasting my time on this.

    Comment


    • #3
      Well this is embarassing... although it was working for about a year with no hiccups - and the same file wasn't working now.
      I downloaded another type of config from my VPN provider, and now it connected 😵

      My firewall rules aren't working the same ​as before, however. Had to remove one.

      Edit: Now two reboots. Whic hhas never happened before.
      Make that 3.
      Seems to work without tunnelvpn running again. Something borked.
      Tried tunnel again, an it appears to push the entire network thru the tunnel regardless of the ruleset.

      This in routing:
      = IPv4 Table balance =
      Error: ipv4: FIB table does not exist.
      Dump terminated

      = IPv4 Table default =
      Error: ipv4: FIB table does not exist.
      Dump terminated

      __________

      My rules with a tag aren't respected either. I have removed the tag, and the rules for blocking this tag are still blocking the device...
      Last edited by ccdmnk; 11-19-2022, 03:16 AM.

      Comment


      • #4
        I would open a support ticket.
        Attention: Support and help on the Untangle Forums is provided by
        volunteers and community members like yourself.
        If you need Untangle support please call or email [email protected]

        Comment


        • #5
          Originally posted by jcoffin View Post
          I would open a support ticket.
          I assume then it's well tested and you've found no faults with tunnelvpn prior to release.
          Will do a clean install and see if problem persists before I contact support.

          Clean install. Nothing configured except tunnelvpn.
          No rules for tunnelvpn configured. tunnelvpn sends the whole network thru the tunnel regardless.Maybe this is the default behaviour now? I never used rules for directing traffic other than thru tunnels before.

          Code:
          Tracing route to one.one.one.one [1.1.1.1]
          over a maximum of 30 hops:
          
          1 1 ms 1 ms 1 ms untangle.x.com [10.10.0.1]
          2 3 ms 3 ms 3 ms 10.9.0.1
          3 4 ms 3 ms 3 ms sto-vb-cr1-v11.31173.se [185.65.135.65]
          4 7 ms 21 ms 7 ms sol-ix-sto-1500.cloudflare.com [193.110.13.152]
          5 5 ms 4 ms 4 ms one.one.one.one [1.1.1.1]


          Click image for larger version  Name:	image.png Views:	1 Size:	16.5 KB ID:	395275

          vpn config: (which worked before upgrade)
          Code:
          [I]client
          dev tun
          resolv-retry infinite
          nobind
          persist-key
          persist-tun
          verb 3
          remote-cert-tls server
          ping 10
          ping-restart 60
          sndbuf 524288
          rcvbuf 524288
          cipher AES-256-CBC
          tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
          proto udp
          auth-user-pass mullvad_userpass.txt
          ca mullvad_ca.crt
          tun-ipv6
          script-security 2
          up /etc/openvpn/update-resolv-conf
          down /etc/openvpn/update-resolv-conf
          fast-io
          remote-random
          remote 185.65.135.80 1196 # se-sto-ovpn-001
          remote 185.65.135.82 1196 # se-sto-ovpn-003
          remote 185.65.135.81 1196 # se-sto-ovpn-002
          remote 185.65.135.83 1196 # se-sto-ovpn-004[/I]
          Not seeing any kernel panics or anything out of the ordinary in the syslog. So far. But i'm not unix guru.
          Attached Files
          Last edited by ccdmnk; 11-20-2022, 05:05 AM.

          Comment


          • #6
            Same issue. Just upgraded to 16.6.0 and all of my network traffic is being sent thru the Tunnel VPN. I'm having to disable the Tunnel VPN module until this is fixed.

            Comment


            • #7
              Originally posted by miles267 View Post
              Same issue. Just upgraded to 16.6.0 and all of my network traffic is being sent thru the Tunnel VPN. I'm having to disable the Tunnel VPN module until this is fixed.
              Confirmed a bug by the support.

              Comment


              • #8
                Originally posted by ccdmnk View Post

                Confirmed a bug by the support.
                Thank you. Hopefully they caught this bug also. Similar behavior, only it sends all traffic thru the backup interface: https://forums.untangle.com/forum/ng...over-interface

                Comment


                • #9
                  Also upgraded from 16.5.2 to 16.6. Could see in session table that all traffic was going through tunnel interface, so something breaks in the routing when tunnel vpn is activated.

                  Comment


                  • #10
                    Same issue, reverting back to 16.5.2

                    Comment


                    • #11
                      Originally posted by boris.minakov View Post
                      Same issue, reverting back to 16.5.2
                      What is the process to downgrade from 16.6 to 16.5.2 without reimaging the appliance?

                      Comment


                      • #12
                        Originally posted by miles267 View Post
                        What is the process to downgrade from 16.6 to 16.5.2 without reimaging the appliance?
                        Reimaging is the process, unfortunately. You also won't be able to apply a backup taken on 16.6 to a 16.5 install, so unless you have a copy of an older backup file (taken when you were on 16.5), you'll have to reconfigure the NG Firewall from scratch.
                        Græme Ravenscroft • Technical Marketing Engineer
                        ('gram', like the unit of measurement)
                        he/him
                        Please don't reboot your NGFW.
                        How can we make Arista ETM products better?

                        Comment


                        • #13
                          Thank you. In that case, I'll await the next bugfix release in hope that it'll include patches for both the Tunnel VPN and WAN Failover app bugs. Fingers crossed.

                          Comment


                          • #14
                            I just added a suggestion to provide a downgrade process. Please go vote. 16.6.2 has clearly demonstrated the need to the NGFW to get an actual downgrade option. https://untanglengfirewall.featureup...ing-to-reimage

                            Comment

                            Working...
                            X