Results 1 to 7 of 7

Thread: IPSec planned?

  1. #1
    Newbie
    Join Date
    Jun 2008
    Posts
    3

    Question IPSec planned?

    I need IPSec tunnels and L2TP/IPSec. Without it, untangle is a non-product for me, even though otherwise it just about fills all the needs I have.

    Quote Originally Posted by gotkimchi View Post
    Not yet, currently we support SSL (OpenVPN).
    The question is: does the above quote imply that it's being worked on and/or is planned for a future version of the product? Or does it only mean it's not categorically ruled out that it at some point in time might show up, but there are currently no plans whatsoever?

    If it's the former, is there any rough ETA? (days, weeks, months, years?)

    Ronald

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    rcfa, it is possible but not currently planned.
    we went with OpenVPN because of its efficiency and simplicity.

    that being said, the untangle server is just a linux machine (2.6 kernel), so you can install third-party services on it and even setup ipsec.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    May 2008
    Posts
    571

    Default

    I would be happy if it would just pass the nortel vpn client through. There is a setting to pass ipsec but apparently nortel does something non standard. I started to look at iptables but it is pretty confusing to me. dd-wrt has no problems with it but I do understand Untangle is doing a whole lot more.

    Thanks for a great product.

    Don

  4. #4
    Newbie
    Join Date
    Jun 2008
    Posts
    3

    Question why IPsec is important...

    OpenVPN is easy and efficient. True.
    IPsec however is a standard, and a mandatory part of IPv6, so it's here to stay. I think over short or long you got to support it.

    In the mean time, there are simply many situations where you don't have control over the other side. Many people use things like ZyWall appliances, or have corporate policies against third-party installs, etc.
    These policies may sound silly, but if you see how many third party tools are broken by OS upgrades and the like, it makes sense that you want your critical infrastructure from a single vendor.
    Every Mac e.g. comes with full IPSec installed on it. L2TP has a simple interface for enduser configuration, but the full monty is under the hood, and a free utility (IPSecuritas), allows you do configure it.
    Where I work, there's no way around IPSec.

    That said, it still leaves the option you mention of installing IPSec manually.
    The question is, how is that compatible with how untangle software updates work? Also, will IPSec tunnels show up as network interfaces just like ethernet interfaces or dial-up lines, which means I'd have the full complement of routing, filtering, anti-spam, etc. options, or would the IPSec tunnels more or less fly below the radar of untangle and bypass all of that?

    Does anyone have experience doing this? Also, what, if any, distribution and package system is used by the untangle Linux distribution?

    BTW: people interested IPSec support should vote for bug
    http://bugzilla.untangle.com/show_bug.cgi?id=3158
    and
    http://bugzilla.untangle.com/show_bug.cgi?id=4218
    Last edited by rcfa; 06-09-2008 at 12:41 PM. Reason: add on question

  5. #5
    Newbie
    Join Date
    Jun 2008
    Posts
    3

    Default

    Quote Originally Posted by donhwyo View Post
    I would be happy if it would just pass the nortel vpn client through. There is a setting to pass ipsec but apparently nortel does something non standard.
    Not sure about Nortel in specific, but for IPSec pass-through to work, you have to enable that not just on the firewall between the IPSec endpoints, but also on the two IPsec endpoints, at least if NAT is involved.

    On my ZyWall appliance (which I'm trying to replace with Untangle if I can get the IPSec matter resolved), you have to enable the "NAT Traversal" properties on both ends for that thing to work. (Or at least the documentation claims it, I personally never had to use it, because there's no NAT involved around here).

    Ronald

  6. #6
    Untangler
    Join Date
    May 2008
    Posts
    571

    Default

    Thanks for the reply. Nortell uses port 10001 for nat traversal and I had that forwarded for voip. Added a pass rule for that and all is well.

    Don

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by donhwyo View Post
    Thanks for the reply. Nortell uses port 10001 for nat traversal and I had that forwarded for voip. Added a pass rule for that and all is well.

    Don
    nice! thanks for reporting back
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2