OpenVPN FAQs

Blog Archive

How to Configure Untangle site to site VPN
First verify that the hosts that you are trying to reach are exported in Exported Networks. Detailed instructions from our forum contributor WebFool. You may need to use the FQDN when accessing resources across the tunnel. If disabled, traffic will not be allowed to flow between connected clients. Exported Networks are routes that are pushed to remote clients when they connect effectively telling remote clients to reach the specified network through the OpenVPN server.

Navigation menu


This will provide 3 links to various distributions that can be installed on the remote client. After installing the software on the remote client, the remote client should be able to connect to the OpenVPN server.

A client can only be connected once. If you install the same client on multiple remote devices they will kick each other off when a new one logs in. In most cases you need to setup a client for each remote device. Groups are convenience feature to "group" clients together and apply some settings to that entire group. By default there will be a Default Group.

Each group has the following settings:. These settings will apply to all clients belonging to that group. Many sites will only have one group because all clients need the same settings. However, some clients have some Full Tunnel remote clients and some Split Tunnel remote clients. In this case, you need two groups where each client belongs to the appropriate group. Exported Networks is a list of networks that are reachable through the OpenVPN server for remote clients.

Exported Networks are routes that are pushed to remote clients when they connect effectively telling remote clients to reach the specified network through the OpenVPN server. For example, exporting 1. After you have downloaded the distribution zip file return to this OpenVPN and click on the Browse button below the Remote Servers grid.

Next press the Submit button to upload the zip file to OpenVPN which will add a new entry into the Remote Servers grid based on the configuration in the submitted zip file. Once connected to a remote server, you will be able to reach their exported networks. The Advanced tab is provided for advanced users who have a detailed knowledge and understanding of OpenVPN, and need very specific configuration changes to address unique or unusual situations.

It is entirely possible to completely break your OpenVPN configuration with a single wrong character, misplaced space, or by changing a configuration option that probably shouldn't be changed. Changes you make on this page can possibly compromise the security and proper operation of your sever, and are not officially supported. At the top of the Advanced page are the Protocol, Port, and Cipher options.

These must be the same on both the client and server for connections to work. Since they are the options most frequently modified, they can be easily configured here and will apply to both the client and server. When enable, all clients will have full network access to each other when connected.

If disabled, traffic will not be allowed to flow between connected clients. If you require changes to other low level parameters, the Server Configuration and Client Configuration grids allow you to effectively have total control of the OpenVPN configuration file that is generated. Both grids work the same way, with each configuration applied to the corresponding server or client openvpn. Both lists contain config items comprised of a Option Name and Option Value pair.

By default, all items in both configuration grids are read only. The lists represent the default configuration settings used for the server and client configuration files. The default items cannot be modified or deleted, they can only be excluded. When you exclude an item, it is effectively removed from the resulting configuration file.

To change one of the default items, simply add a new item with the same Option Name, and input the Option Value that you want to be used. This will effectively override the default. The same method can also be used to add configuration items that are not included in the default list. This applications reports can be accessed via the Reports tab at the top or the Reports tab within the settings.

All pre-defined reports will be listed along with any custom reports that have been created. Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right. The OpenVPN client that Untangle distributes is compatible with all versions of Windows, however if you're using Windows Vista or Windows 7 you'll need to both install and run the application as an Administrator - simply right-click and choose Run as Administrator.

Running as an administrator is necessarily to allow the application to write routes for the VPN and must be done every time the application is started on Windows Vista or 7.

For Macs, we suggest http: For all other operating systems Untangle distributes a. OpenVPN for Android 4. Detailed instructions from our forum contributor WebFool. Yes, you can run "Full Tunnel" which forces all internet-bound traffic to go through the VPN and out the Untangle on the remote end and is subject to all Untangle filtering. Sometimes Untangle is installed behind another router typically as a bridge.

You can still run OpenVPN, however you will need to make some additional changes so remote clients can connect to the server:. Sometimes Untangle is installed behind another router typically as a bridge. You can still run OpenVPN, however you will need to make some additional changes so remote clients can connect to the server:. The client chooses based on your configuration of Public Address. Yes, if you right click on the OpenVPN icon on the client's PC there is an option for a password - please note this password is only used when launching the client.

Many things could cause this issue. First verify that the hosts that you are trying to reach are exported in Exported Networks. If these work your tunnel is up and operational. If you can't reach a Windows machine, verify Windows Firewall is disabled on the target machine as it will block access from non-local subnets by default. If the target machine runs another OS, verify it is either using Untangle as a gateway or the machine its using as a gateway has a static route sending the VPN Address Pool to the Untangle.

By default, openvpn users can connect to any machine that the Untangle can connect to. However, routes are pushed to all the "Exported" network automatically. Beware, nothing prevents adding remote users that have administrator access to their machines to add routes manually. Above that rule create rules to allow traffic when Username is the openvpn user you want to allow to the desired locations.

In this scenario openvpn traffic will be blocked into your network except for explicitly allowed traffic. If you have both software clients on the road and site-to-site tunnels, the software clients will only be able to see your main site by default. After this is done, software clients will be able to reach all exported sites.

Configure the DNS settings you would like pushed to the remote clients. You may need to use the FQDN when accessing resources across the tunnel. First, Navigate to C: This directory will have sitename.

Threads in This Forum

Leave a Reply

Untangle’s intuitive GUI makes it easier to configure basic settings through a setup wizard. You can generate custom certs for each client, and easily distribute pre-configured client software via email. OpenVPN supports any operating system with an OpenVPN-compatible VPN client (which is almost every OS), even smartphones! The OpenVPN application can run as a server allowing for remote client to connect to the Untangle server, and the OpenVPN application can connect to other remote Untangle servers as a client. In working on a DR project utilizing two Untangle virtual appliances, I had the need to setup a site to site VPN connection between the Untangle firewalls. The OpenVPN documentation is fairly decent on the Untangle site, however, the information regarding the site to site VPN is limited.