I reinstalled Untangle to get up to the latest version, and networked it like this:
Outside network: it's an edge device, external IP, no natting happening
Inside network: On a transport vlan between untangle and our primary Cisco firewall
OpenVPN: IP pool connects to rest of network via static route over the transport vlan
Pool: 10.0.1.0/24
Transport: 10.0.2.0/30 (Untangle=10.0.2.1,Cisco=10.0.2.2)
Exported network: 10.0.3.0/24
Clients get assigned an IP like 10.0.1.1, which then gets routed out of Untangle (10.0.2.1) and to the cisco (10.0.2.2) which then uses ACLs to allow access to 10.0.3.0/24.
The trouble is that when I look in my firewall, I see that OpenVPN connections are shown as coming from 10.0.2.1 and not 10.0.1.1. Looks like OpenVPN connections are being NATed to the inside address of the Untangle rather than just forwarded?
Any idea how to fix that? I need to set ACLs in the firewall by pool addresses, not by the untangle address...
EDIT: please move this to the correct forum if appropriate
EDIT 2: Solved, see my last post for info, or go here. There is an option to toggle the OpenVPN NAT, but it is hidden by default. Unhide it and uncheck it, and that NAT stops, works fine.
Outside network: it's an edge device, external IP, no natting happening
Inside network: On a transport vlan between untangle and our primary Cisco firewall
OpenVPN: IP pool connects to rest of network via static route over the transport vlan
Pool: 10.0.1.0/24
Transport: 10.0.2.0/30 (Untangle=10.0.2.1,Cisco=10.0.2.2)
Exported network: 10.0.3.0/24
Clients get assigned an IP like 10.0.1.1, which then gets routed out of Untangle (10.0.2.1) and to the cisco (10.0.2.2) which then uses ACLs to allow access to 10.0.3.0/24.
The trouble is that when I look in my firewall, I see that OpenVPN connections are shown as coming from 10.0.2.1 and not 10.0.1.1. Looks like OpenVPN connections are being NATed to the inside address of the Untangle rather than just forwarded?
Any idea how to fix that? I need to set ACLs in the firewall by pool addresses, not by the untangle address...
EDIT: please move this to the correct forum if appropriate
EDIT 2: Solved, see my last post for info, or go here. There is an option to toggle the OpenVPN NAT, but it is hidden by default. Unhide it and uncheck it, and that NAT stops, works fine.