exported networks not working for untangle openvpn?

goodcooper

[H]F Junkie
Joined
Nov 4, 2005
Messages
9,771
i guess this is my day for untangle openvpn issues!!!

for sake of understanding, let's say i have 3 networks, 1 2 and 3... all with untangle machines

network 1 is main network, set up as openvpn server

networks 2 and 3 are set up as clients

from within these networks, all traffic is passed like it should....

now a road warrior needs access to resources on server on network 2, so first he has to connect to VPN server at network 1... because untangle doesn't support being a server and a client simultanously...

problem is, he can only access resources on network 1, can't on 2 or 3....

i assumed this is where "exported networks" comes in, (even though if i do a route print on the roadwarriors box it shows all 3 networks)..... so, i add network 2s subnet to the list of "exported networks" and it makes absolutely 0 difference....

what am i missing?
 
Looks like he got you covered over on Untangles forums....the exported hosts need to be defined.

While I find OpenVPN to be wonderfully easy to setup and deploy, it has some oddities to it, and I'm not fond of the limitation of the server-only/client-only. Although that doesn't really hinder most setups much....it's more of a mental block.

However...IPSec VPN package is coming..and I hear it's in the next release, 9. Which there will be a beta out for soon. Hopefully some of the flexibility that's standard with IPSec will come with it, as well as the more standardized and direct way of defining networks on opposite ends.
 
Looks like he got you covered over on Untangles forums....the exported hosts need to be defined.

While I find OpenVPN to be wonderfully easy to setup and deploy, it has some oddities to it, and I'm not fond of the limitation of the server-only/client-only. Although that doesn't really hinder most setups much....it's more of a mental block.

However...IPSec VPN package is coming..and I hear it's in the next release, 9. Which there will be a beta out for soon. Hopefully some of the flexibility that's standard with IPSec will come with it, as well as the more standardized and direct way of defining networks on opposite ends.

yea, about 10 minutes after posting here i decided to finally create a user account over there, i'm glad i did, so helpful!

http://forums.untangle.com/showthread.php?p=139656#post139656

for posterity...

also, you were absolutely right about the DNS suffix too stonecat, thank you!
 
Yeah their support forums are pretty good over there, you usually get a fast reply. A few actual Untangle staff hang out around there, plus quite a few other resellers experienced with it.
 
Back
Top