VPN FAQs

From UntangleWiki

Jump to: navigation, search

Contents

[edit]

What operating systems does OpenVPN support?

OpenVPN supports the following operating systems:

  • Windows 2000/XP and higher
  • Linux
  • OpenBSD
  • FreeBSD
  • NetBSD
  • Mac OS X
  • Solaris
[edit]

I started OpenVPN and my network died. Why?

The most common cause is because the address pool assigned to VPN users is in the same address range used by LAN users. Unless your LAN uses addresses that are in the default VPN address pool, leave the VPN address pool as is. Otherwise, change the pool as needed to make sure they are different.

[edit]

Why is the hostname not resolving for VPN users?

If you mapped a hostname to an IP address so that VPN users can access that network resource using the hostname instead of the IP address, and those users can only access the network resource using the IP address, you probably didn't select the export DNS check box when you mapped the hostname to the IP address as outlined in Mapping Computer Hostnames To IP Addresses.

[edit]

What does Warning...files...no longer available... mean?

If you receieve the following message when you try to download the VPN Client:

Warning The files that you requested are no longer available, please contact your network administrator for more information

...your VPN Client key is no longer valid. Ask your Untangle Server administrator to resend the VPN Client key:

[edit]

Why does OpenVPN provide a default IP address pool that is incompatible with my network?

As discussed in Configuring Untangle Server as a VPN Server, Untangle Client provides a default IP address pool (also known as virtual IP addresses). Accept the default. By design, this default IP address pool does not match your current network's IP address scheme, ensuring that remote VPN clients do not conflict with non-VPN clients on the same network.

[edit]

How do I set up OpenVPN Server if my Untangle Server is behind another router?

Use port forwarding to enable users outside to connect to the VPN Server. Do the following:

  1. Add a redirect or port forward from some external IP UDP port 1194 to the Untangle Server port 1194. Go to Redirecting External and Internal Traffic.
  2. Configure Untangle Server to use the external IP so Untangle Server will distribute the correct client configuration by doing one of the following:
  • If you have a DNS name that looks up to the external IP, configure Untangle Server to use that hostname: Config > Networking > Hostname. Specify the hostname and select the hostname resolves publicly check box.
  • If you do not have a hostname that looks up externally, configure Untangle Server to use the external IP: Config > Remote Admin > Access > Public Address.
[edit]

If a user or site loses a secure key, how do I disable the old key and issue a new one?

When you remove a user from a VPN Site or VPN Client, you revoke that user's certificate and invalidate the key that was previously issued to that user. To permanently revoke a user's key, go to Revoking Users' VPN Access Permanently.

[edit]

Can I administer an Untangle Server over a VPN connection?

Yes. To administer the Untangle Server, you must include the internal address of the system in one of the Exported hosts networks. This internal address can either be one of the following:

  • A single entry that contains the IP address with a 255.255.255.255 netmask. For example, 192.168.1.1/255.255.255.255.
  • An entry that contains a network that includes the IP address. For example, 192.168.1.0/255.255.255.0.
[edit]

Can I use OpenVPN with my Mac OS X workstation?

Yes. OpenVPN supports many platforms including Mac OS X. You will need to install a VPN client on your Mac.

To install a Mac OS X VPN client:

  1. Download the Tunnelblick client at http://www.tunnelblick.net (Release Candidate 3).
  2. Unzip the download and copy the Tunnelblick application to your Applications Folder.

To configure Tunnelblick client:

  1. Download VPN configuration files from Untangle Server.
  2. Copy the config files to /Users/_USERNAME_/Library/openvpn
  3. Make sure all files are in the same directory. UT has a tendency to put *.crt and *.key files in a sub directory inside of the config package you downloaded.

To start Tunnelblick client:

  1. Execute client from the Applications folder.
  2. The icon will appear in the top right corner of the Menu Bar. Click on the icon and select Connect 'office-mv'.
  3. To view websites hosted inside the VPN you may need to do the following:
    1. click on "Details" in the Tunnelblick menu (see image below)
    2. check the "Set Nameserver" box (see 2nd image below)
    3. Disconnect and Re-Connect your VPN

Image:TunnelblickSettings.png

Image:TunnelblickDetails.png

[edit]

Can I install the OpenVPN client that came with Untangle Server onto a Vista 32-bit Operating System?

No. The OpenVPN version that came with Untangle Server is incompatible with Vista. Compatibility is available through use of a new OpenVPN client that must be obtained separately, as follows:

  1. Download the OpenVPN configuration file (obtained via email from the Untangle administrator or via USB key)
  • If obtained via email, the filename is config.zip, which can be uncompressed using WinRAR or WinZIP
  • If obtained on a USB key, the filename is config-<site>-<user>.zip, where <site> and <user> identify its planned usage.
  1. Download and install OpenVPN 2.1_rc4 from the OpenVPN website.
  2. Load your configuration files into the OpenVPN executable's configuration directory, typically c:\Program Files\OpenVPN\config

That's it. Your VPN client is installed and ready!

Retrieved from "http://wiki.untangle.com/index.php/VPN_FAQs"
Personal tools