Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24
  1. #11
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    4,583

    Default

    Yes my plan is to use DD-WRT with Linksys AP to manage this.

    And the only problem is that UT use Split tunneling.
    I have a Game plan but right now time is limited
    And my Linksys AP is in production so i have to order a new one.

  2. #12
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,353

    Default

    I like the idea and its inline with what i'm trying to accomplish.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  3. #13
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    4,583

    Default

    The main idea i had with this was so i could filter my Parents traffic from spyware and virus.

    During the summer or if i get some days of i will do another lab.
    And see if I can't get it to work..

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    18,665

    Default

    I feel compelled to point out that Untangle themselves are already working on a similar product... they just haven't announced anything.

    So I guess at this point step one will be the community driven enhancement of the OpenVPN GUI to support the conversion from UDP to TCP based VPN, as well as another enhancement to reconfigure the server, and generate appropriate client installers that support full tunnel operation.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879

  5. #15
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,353

    Default

    Im thinking maybe openvpn isnt going to work for this. I am in the process of getting strongswan IPSEC vpn installed on untangle (done), and then test it out to see if it works well. I think an IPSEC tunnel would work much better for this, and strongswan has a nice auto config feature to setup tunnels with ease. ill keep you all in the loop as I make progress.

    ps, Im going to need some testers for sure.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  6. #16
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    13,069

    Default

    Quote Originally Posted by sky-knight View Post
    I feel compelled to point out that Untangle themselves are already working on a similar product... they just haven't announced anything.

    So I guess at this point step one will be the community driven enhancement of the OpenVPN GUI to support the conversion from UDP to TCP based VPN, as well as another enhancement to reconfigure the server, and generate appropriate client installers that support full tunnel operation.
    We explored it, and actually ran it ourselves for a while, but don't have the resources to fully develop it right now.

    Basically the idea was that you setup a new type of openvpn remote sites ("Proxy Sites") and the client sent to them would basically connect and then send all site traffic through it.

    We had it working on ddwrt. Basically we just slapped a ddwrt setup script on the box with the correct parameters and once it connected it modified the route tables to send all traffic through the VPN tunnel.

    The central untangle unit had to be modified slightly to allow for this.

    Here is the latest version of the ddwrt script I can find:
    Code:
    #!/bin/sh
    
    OPENVPN_SERVER='1.2.3.4'
    OPENVPN_CLIENT_CERT='-----BEGIN CERTIFICATE-----
    MIIERDCCA22gAwIBAgIEFIw4cDANBgkqhkiG9w0BAQQFADCBmDEbMBkGA1UEAxMS
    Y2EuZG9lcy5ub3QuZXhpc3RzMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQ
    BgNVBAcTCVNhbiBNYXRlbzERMA8GA1UEChMIVW50YW5nbGUxGTAXBgNVBAsTEDUz
    NWU5YWYyYWFkOTA3MzQxHTAbBgNVBC4TFGNlcnRpZmljYXRlQXV0aG9yaXR5MB4X
    DTA5MTExODE5MTM1NloXDTE5MTExNjE5MTM1NlowcTELMAkGA1UEBhMCVVMxCzAJ
    BgNVBAgTAkNBMREwDwYDVQQKEwhVbnRhbmdsZTEZMBcGA1UECxMQNTM1ZTlhZjJh
    YWQ5MDczNDEWMBQGA1UEAxMNZGR3cnQtb3BlbnZwbjEPMA0GA1UELhMGY2xpZW50
    MIHfMA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQDGJo2eVaHPWc5/T7fXmzuTt9Oz
    ZVWqYaOrX0oa1Ov6gMkkmsPcuWYfeVeY48UtXmB02OOnkFzpmOVDdJqP4+dRFssm
    ezxzhK5h7vKl84ttii/ixVxwPb3Jet4Aua9NGMJCxsdsVVhChgSsCMnSUrzp35to
    fBL0aMrysf7aNVUSMAqd337iFDLFRokdz+t5ASvV15+0MAKnqkQ7pEVAaWAwRsXx
    1UrgUz4hCw6AlLjpA3rqNQCbHOclPnVpAI6o3IMCAwEAAaOCAT8wggE7MAkGA1Ud
    EwQCMAAwEQYJYIZIAYb4QgEBBAQDAgeAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
    IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUd+D3Uc0HI+6mynY7AAXa
    poOYiOcwgc0GA1UdIwSBxTCBwoAUMg1DsKsiuV35Ph4QEaxtk3jPfbehgZ6kgZsw
    gZgxGzAZBgNVBAMTEmNhLmRvZXMubm90LmV4aXN0czELMAkGA1UEBhMCVVMxCzAJ
    BgNVBAgTAkNBMRIwEAYDVQQHEwlTYW4gTWF0ZW8xETAPBgNVBAoTCFVudGFuZ2xl
    MRkwFwYDVQQLExA1MzVlOWFmMmFhZDkwNzM0MR0wGwYDVQQuExRjZXJ0aWZpY2F0
    ZUF1dGhvcml0eYIJAPFIRIFd4RA+MA0GCSqGSIb3DQEBBAUAA4HBAKiqULXYLj+m
    BKhspUaPd21PiLwEc5DjpGCUJQcEDjIQnTwf3xxEQ8WnmSbfhm+UW3qZJvsHlLLX
    tAx4nsbpzVBNzlIipepT2TobjZsoeuwo4ITlf3/vXnEgpe0GY12wgFwKoiuk/qQh
    lfDrMRw7ssX2RkDeJ8tUwAFlF1G5Kp0edDE3BjNJDZNWdSJOXxEKY2dDm8IO8Z1t
    uufIWhYBVdy35wn7xr7C0Fq31c0bwjhysriUEEDHLuo11CmBBDr5hg==
    -----END CERTIFICATE-----
    '
    OPENVPN_SERVER_CERT='-----BEGIN CERTIFICATE-----
    MIIEMjCCA1ugAwIBAgIJAPFIRIFd4RA+MA0GCSqGSIb3DQEBBQUAMIGYMRswGQYD
    VQQDExJjYS5kb2VzLm5vdC5leGlzdHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD
    QTESMBAGA1UEBxMJU2FuIE1hdGVvMREwDwYDVQQKEwhVbnRhbmdsZTEZMBcGA1UE
    CxMQNTM1ZTlhZjJhYWQ5MDczNDEdMBsGA1UELhMUY2VydGlmaWNhdGVBdXRob3Jp
    dHkwHhcNMDkxMTE4MTkxMzMzWhcNMTkxMTE2MTkxMzMzWjCBmDEbMBkGA1UEAxMS
    Y2EuZG9lcy5ub3QuZXhpc3RzMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExEjAQ
    BgNVBAcTCVNhbiBNYXRlbzERMA8GA1UEChMIVW50YW5nbGUxGTAXBgNVBAsTEDUz
    NWU5YWYyYWFkOTA3MzQxHTAbBgNVBC4TFGNlcnRpZmljYXRlQXV0aG9yaXR5MIHf
    MA0GCSqGSIb3DQEBAQUAA4HNADCByQKBwQDLsCVCoEsp84z50T9nKDDLpMb3zEA+
    rg2fu0yS0FtUPCIvEhWpfIVHFvBQtJsPRkf3EHnKWR7nXHAjMruRcG9IMyE6YUGi
    4yyjlVKqniMB3+AtaN2WgO+zo+G9gH7aY6tmCS3Z1Jf5qIHCEH7/JE7RtNhngGDS
    swi0zegMv61f5XKaikHUoZ1823G7VS5HAQmRD5ZidewHXi93Xpq3yYQ77r7klFPN
    oDgvUzkpSDgGmqufwdmrCYDoRuwep+k/fz0CAwEAAaOCAQAwgf0wDAYDVR0TBAUw
    AwEB/zAdBgNVHQ4EFgQUMg1DsKsiuV35Ph4QEaxtk3jPfbcwgc0GA1UdIwSBxTCB
    woAUMg1DsKsiuV35Ph4QEaxtk3jPfbehgZ6kgZswgZgxGzAZBgNVBAMTEmNhLmRv
    ZXMubm90LmV4aXN0czELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
    EwlTYW4gTWF0ZW8xETAPBgNVBAoTCFVudGFuZ2xlMRkwFwYDVQQLExA1MzVlOWFm
    MmFhZDkwNzM0MR0wGwYDVQQuExRjZXJ0aWZpY2F0ZUF1dGhvcml0eYIJAPFIRIFd
    4RA+MA0GCSqGSIb3DQEBBQUAA4HBAEfeVvO/dZc4AtFFDZT+XKiJYaoIh+W5lFmP
    xM57SLUI2G45n429EnMK8AqEEsK46aM39inGjOOPKJMCmsI6sv6dhY23nqkHVbzJ
    zsq8pWE6BX4ub3BlWKFtsnqCOU6MNn7FjdB1SAd5aelk+HYL716XSN0VvFdTOxj5
    WTfI+JpTeLi74AU94hLpWLgyI9XWeOBerYQpy5GhvAVbN8ol05ZKacP9favTom8M
    lq2NT7rjZo/t833q9DHWHQitBtdu1g==
    -----END CERTIFICATE-----
    '
    OPENVPN_CLIENT_KEY='-----BEGIN RSA PRIVATE KEY-----
    MIIDfQIBAAKBwQDGJo2eVaHPWc5/T7fXmzuTt9OzZVWqYaOrX0oa1Ov6gMkkmsPc
    uWYfeVeY48UtXmB02OOnkFzpmOVDdJqP4+dRFssmezxzhK5h7vKl84ttii/ixVxw
    Pb3Jet4Aua9NGMJCxsdsVVhChgSsCMnSUrzp35tofBL0aMrysf7aNVUSMAqd337i
    FDLFRokdz+t5ASvV15+0MAKnqkQ7pEVAaWAwRsXx1UrgUz4hCw6AlLjpA3rqNQCb
    HOclPnVpAI6o3IMCAwEAAQKBwQC+KZu5u3aplwds+OV3HnwDnOSngvW+qSu4uJ9W
    tsatRtFCtuCHQMo4JGyjxtuhWbR6DvgUBKCWcmx72zjGJLMHCDf4e0admlT8maP3
    DY7elkK0gDHhae9sn+TUj18kPz/mVeN0bK9LLieaeKLHmjvTL6mxbRiEcIIWXUjD
    UMf41aXNxd9zRaNdYto5a68mSlDNDBUcWukR3lrQp8wRbtNN67XWOASLLTUyVWC/
    r5SaVfQDl7C+R+NpK2FG0YldoDkCYQDvhaR51l0GvPOrmNXTNbPUzpE+AAwUmjep
    FvOGquw+UzKGYu67OnWEXp9LUyVU0Ai6e25sT4a5vpemmLYXAkzgLXKjJUYZxNH8
    DZ4JBpLGmOXw6YrHhaBbaRB5aJk6CR0CYQDTyEuBmznmaeNRhj2s+rFcsHC6eKo/
    te6HAAsmHC9sBwSIiztA2/eZ0O4ba0HckL5UVhlBl6DlgnqqD8LIut4BaYwnM9G4
    ql4QLi9CzJDCfWjbob2X/+AvRho7u6E/Kh8CYCT9ZZYvRbSJr7PbaYIxs/D0abfC
    eBsiaeAiHD+627sQTCg21RlzAL0Ng9o1H/nGGuL5tubhLTQ4O+FNiilpgIfKXP7W
    /cly/N7JF5PbQQWMjU40Mut3NnmHczTcs3Uj/QJgFd4VpdFQXjFKzo0s6yKLk8WI
    LkjtU1zGv1vKyumYH/BtkGfH+397Bn/jRiOCDnNHo8+sFfDBJVGettafxzg8Wir6
    1MVt/0JgKg2Kxbv3qo1meV8vA3XhQSBc7xQFp08DAmEAqobnnCo1draL2S0CQfXb
    as+AgHBpY17sKCTezlJQcYYWD0BQ08zuveK8jTzr3YOPau7KeBSCGX5x4ThOw58+
    vdczooqBmjD0qa7ytN6DHiovAiA7Q1U9gfxGwk+mIZ2Z
    -----END RSA PRIVATE KEY-----
    '
    
    nvram set openvpncl_client="$OPENVPN_CLIENT_CERT"
    nvram set openvpncl_key="$OPENVPN_CLIENT_KEY"
    nvram set openvpncl_remoteip="$OPENVPN_SERVER"
    nvram set openvpncl_ca="$OPENVPN_SERVER_CERT"
    
    nvram set openvpncl_enable=1
    nvram set openvpncl_extramtu=32
    nvram set openvpncl_proto=udp
    nvram set openvpncl_lzo=1
    nvram set openvpncl_remoteport=1194
    nvram set openvpncl_mtu=1500
    nvram set openvpncl_mssfix=1450
    nvram set openvpncl_certtype=0
    
    STARTUP_SCRIPT='#!/bin/sh
    
    INTERNAL_NETWORK=`ip address show br0 | awk  "/inet/ { if ( $2 != \"169.254.255.1/16\" ) print $2 }"`
    DEFAULT_GATEWAY=`ip route show table main | awk "/default/ {print $3}"`
    
    cat > /tmp/openvpncl/route-up.sh <<\EOF
    #!/bin/sh
    
    ## Allow VPN<->LAN traffic (needed for DDWRT)
    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
    
    ## Use the VPN tunnel to access the interwebs 
    VPN_GATEWAY=`ip address show tun0 | awk "/inet/ {print $4}" | awk -F/ "{print $1}"`
    ip route replace default via $VPN_GATEWAY table 32
    EOF
    echo > /tmp/openvpncl/route-down.sh
    echo "cipher AES-128-CBC" >> /tmp/openvpncl/openvpn.conf
    
    setup_routing()
    {
        ## Flush all of the rules that are tied to the tunnel/uplink.
        ip rule show | awk "/lookup (32|33)/ { print "ip rule del " \$2 " " \$3 " " \$4 " " \$5 " " \$6 " " \$7 " " \$8 " " \$9 }" | sh
    
        ## This is after the local logic, so all of the default rules are applied.
        ## Local traffic should just go directly out.
        ip rule add iif lo lookup 33 priority 36100
        ip rule add from $INTERNAL_NETWORK lookup 32 priority 36200
        ip rule add from all lookup 33 priority 37000
    
        ## Migrate the default route to the new table
        ip route del default table main
        ip route replace default via $DEFAULT_GATEWAY table 33
        echo "ip route replace default via $DEFAULT_GATEWAY table 33" >> /tmp/foo
    }
    
    setup_routing
    
    killall openvpn
    openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --down /tmp/openvpncl/route-down.sh --daemon
    '
    
    nvram set rc_startup="$STARTUP_SCRIPT"
    
    nvram commit
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #17
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,479

    Default

    If this could be developed as a paid product, I, as an Untangle partner, could resell it. I'm currently seriously about to pitch the Astaro red solution to a client of mine with a 5x satellite WAN. I would rather have used Untangle...as right now they're just running the WAN on a bunch of Linksys/Cisco RV0 units...site to site IPSec VPN tunnels. No IPSec support w/Untangle...and the satellite offices being very small in courthouses and police stations..(1-2 PCs each..tiny desk, tiny offices...very little space for the advocates)...I can't really get Untangle units and switches in there.

    Us SMB consultants/resellers can really push pruduct like this....as paid products....they will sell...and make both sides money.

  8. #18
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,353

    Default

    Glad someone here sees the value in something like this.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  9. #19
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,479

    Default

    Proactivens....my knowledge of working inside of *nix is sparse, but I'm comfy with networking and capable of listening/following instrux, I'm glad to try to lend a hand if I can help with testing. I have access to drawer fulls of routers which support DD/Tomato. And I can get Untangle running at home if needed.

    Timeframe...end of June and early July I will be busy, bought another house and will be busy moving 'n such...but I should have having AT&T U-Verse installed over there (fiber)

    I seriously think this product would be hot. Untangle is already fine for single location offices or larger branch offices...but it's flexibility in SMB WANs is limited..and to punch into the SMB market more, it needs more of this flexibility. WANs are quite popular in SMB..too big of a market portion to pass up.
    Last edited by YeOldeStonecat; 05-27-2010 at 08:18 AM.

  10. #20
    Untangle Ninja Solignis's Avatar
    Join Date
    Jul 2008
    Location
    Hudson, Ohio, USA
    Posts
    1,694

    Default

    I think such a box has a lot of potential to change the way people view Untangle. The only grief I have is the one thing that makes the project stall. Split Tunneling. The way that Untangle utilizes the VPN is the way that I have been trying to get out company to go for ages. As opposed to what this project would which is shift the thought process in the other direction.


    With that aside I would still be willing to do my part to help make this concept a reality.
    Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program. - Linus Torvalds

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2