Announcement

**juank** · 08-28-2008, 01:18 PM

You mean IPsec for the VPN access?

**tbelote** · 08-28-2008, 06:31 PM

Yes, please

**Silver Bullet** · 08-28-2008, 06:50 PM

I may take a stab at it once I finish PPTP

**dmorris** · 08-28-2008, 07:00 PM

Originally posted by Silver Bullet View Post

I may take a stab at it once I finish PPTP

are you trying poptop?

If so, instead of putting it in the alpaca UI, we should put it in the rack, which will be possible as of 6.0 (as its a web UI also)

**Silver Bullet** · 08-28-2008, 07:24 PM

I have pptpd installed and working....mostly.

I am going to have to get the iptables rules figured out to allow the traffic to the internal machines. I can connect and authenticate externally and ping the internal address of the Untangle server... just not anything else. I had a brief email conversation with an UT iptables pro... just haven't had time to play with it since that conversation.

I was planning on getting a couple scripts put out this week for the other things I have in the Tips forums, but as soon as I got back in town yesterday I had to leave again this morning.

I'll get pptp implemented if I can just get the time to sit down and do it.

Any way I can get a sneak peak at 6.0 to see how I need to start planning a migration of this and other apps?

**Silver Bullet** · 09-12-2008, 01:12 PM

Is anyone interested in helping to test openswan?

**hcst** · 09-26-2008, 01:16 PM

YES, I was just about to try to add it to ours. I'd love to have this replace (quickly) a separate router which terminates several ipsec VPN tunnels. I've fairly familiar with ipsec and openswan in particular, and we're a new partner as well.

**Silver Bullet** · 09-26-2008, 04:51 PM

Originally posted by hcst View Post

YES, I was just about to try to add it to ours. I'd love to have this replace (quickly) a separate router which terminates several ipsec VPN tunnels. I've fairly familiar with ipsec and openswan in particular, and we're a new partner as well.

Welcome to the forums!

I just rebuilt my Untangle server the other day and I want to document the process I used to install PPTP and also see if I can get it to use the LDAP server Untangle is using for authentication. Once I get that done, I am going to get back on the openswan implementation and I'll hit you up. Thanks for offering to help test it.

**datdamnmachine** · 09-26-2008, 05:27 PM

IPSec would put Untangle in the "Super Awesome" category. As mentioned before, for people who are familiar with it as well as already have site-to-site implementations.

Originally posted by dmorris View Post

are you trying poptop?

If so, instead of putting it in the alpaca UI, we should put it in the rack, which will be possible as of 6.0 (as its a web UI also)

So are you saying that in version 6.0, you can install applications that can be thrown into the rack, i.e. A different Anti-Spam solution, another AV application, etc, etc, etc.

Slightly off topic but I was wondering, since there are two AV solutions you can have in the rack, why not a second Anti-spam solution as well (hopefully free)?

**vancocom** · 09-26-2008, 06:50 PM

I'm just getting into VPN and am still learning the details.

From my reading using VPN with SSL or IPsec would have little practical difference in abilities. From your reactions though, I probably have incomplete information.

Could you give me a quick rundown on why IPSec would be better than OpenVPN's SSL method?

**datdamnmachine** · 09-26-2008, 07:51 PM

I wouldn't say better. Mind you, I don't have experience with OpenVPN but that right there is the problem. Most hardware manufacturers that sell VPN products use IPSec. It's just the nature of the beast. Let say you needed to connect your Untangle up to a Cisco device, a Watchguard device, or even (gasp!) a Sonicwall. You would need to have IPSec capabilities. Also, many businesses and even government agencies specifically state that communications MUST be done over IPSec VPN's. Honestly, it's been around longer, it's pretty solid, and there are a lot of people who know how to work with it, even between multiple vendors. That can't be said about the other VPN types, to include OpenVPN.

**vancocom** · 09-26-2008, 08:40 PM

Thanks for the reminder. I've read posts about that (some probably from you!), and I should have remembered.

**hcst** · 09-29-2008, 06:35 PM

Also, OpenVPN is very easy to punch through firewalls, etc. IPSec is much more difficult. However, this is the first time I've actually run into something running OpenVPN -- whereas I seem to be spending an incredible amount of time lately configuring and working with IPSEC VPNs between a wide variety of routers.

**datdamnmachine** · 09-29-2008, 09:33 PM

Originally posted by hcst View Post

Also, OpenVPN is very easy to punch through firewalls, etc. IPSec is much more difficult. However, this is the first time I've actually run into something running OpenVPN -- whereas I seem to be spending an incredible amount of time lately configuring and working with IPSEC VPNs between a wide variety of routers.

Yeah, it's one of the downsides to IPSec. It doesn't like NAT all too well either.

Announcement

IPsec for Untangle (http://www.openswan.org/)

IPsec for Untangle (http://www.openswan.org/)

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment