Page 3 of 3 FirstFirst 123
Results 21 to 30 of 30

Thread: 1 nic / usb nic

  1. #21
    Untanglit
    Join Date
    Apr 2016
    Posts
    17

    Default

    Quote Originally Posted by blaize View Post
    But I've never had any issues with the ASIX controller on a 50MB fiber connection with netflix or otherwise.
    I use Sophos UTM at home (as we use it at work, dont need to learn 2 interfaces) with AX88179 USB3 adapter on my 150/15 broadband connection and its been rock solid as well...

  2. #22
    Untangler
    Join Date
    Feb 2008
    Posts
    80

    Default

    Quote Originally Posted by sky-knight View Post
    Of course you don't know too many folks that do that, you don't sell hardware to the world to give them an opportunity to blow up your phone!

    And trust me... they do indeed blow up your phone. I try to avoid it, but it still happens.

    So I stopped selling stuff that generated support calls.
    I don't sell it because Untangle sells it. Their hardware works just fine. Like I said, I use it on VM's, so no hardware is necessary and it is rather problem free, so no phone calls either.

  3. #23
    Untangler
    Join Date
    Feb 2008
    Posts
    80

    Default

    Quote Originally Posted by harrymcbean View Post
    UT IPSec server listen address doesn't follow the WAN address if it changes.
    It seems they are alone in this respect - I have been evaluating other UTM solutions recently and every other solution can do this fine...

    I did post here, but didnt get any responses: https://forums.untangle.com/ipsec-vp...n-address.html
    Sounds like a bug. I use OpenVPN though and haven't experienced that.

  4. #24
    Untanglit
    Join Date
    Apr 2016
    Posts
    17

    Default

    Quote Originally Posted by blaize View Post
    Sounds like a bug.
    Nope, looked further and its in the wiki:

    It is generally recommended to use IPsec VPN only on Untangle servers configured with static IPs. However, technically it can work with DHCP, but you will need to reconfigure the tunnel whenever the IP address actually changes. On some ISPs this is rare and servers will often have the same IP for months. On other ISPs IPs change daily.


    Wonder what they were smoking when they implemented this - it was the only thing stopping us moving approx 20 sales offices + head-office to them.

  5. #25
    Untangler
    Join Date
    Feb 2008
    Posts
    80

    Default

    Quote Originally Posted by harrymcbean View Post
    Nope, looked further and its in the wiki:

    It is generally recommended to use IPsec VPN only on Untangle servers configured with static IPs. However, technically it can work with DHCP, but you will need to reconfigure the tunnel whenever the IP address actually changes. On some ISPs this is rare and servers will often have the same IP for months. On other ISPs IPs change daily.


    Wonder what they were smoking when they implemented this - it was the only thing stopping us moving approx 20 sales offices + head-office to them.
    There you have it. Interesting

  6. #26
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    Most IPSec implementations are IP locked.

    Though yeah... being able to point those fields at the hostname seems rather 2016.

    OpenVPN site to site works fine with DHCP though. It is a bit slower though. Honestly, once you've used OpenVPN you'll be hard pressed to go back to IPSec, it's just so brain dead easy. IPSec can be a real chore.
    Last edited by sky-knight; 04-12-2016 at 07:41 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #27
    Untanglit
    Join Date
    Apr 2016
    Posts
    17

    Default

    Quote Originally Posted by sky-knight View Post
    Most IPSec implementations are IP locked.

    Though yeah... being able to point those fields at the hostname seems rather 2016.

    OpenVPN site to site works fine with DHCP though. It is a bit slower though. Honestly, once you've used OpenVPN you'll be hard pressed to go back to IPSec, it's just so brain dead easy. IPSec can be a real chore.
    IPSec VPN on iPad is real easy as well - just fill in user credentials, PSK and hostname and it just works...

    OpenVPN can't be installed due to company policy on third party apps. Well it could but I really havn't got the energy to write a business case to get it reviewed / approved etc when other UTM's IPSec VPN works out the box.

    Looks like CIO is going to re-signup with Sophos at the moment; UT was the closest to moving into proper pilot but this IPSec VPN madness put them out of the running.

    I guess I'll leave you all to it - have fun!!

  8. #28
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    Another catch, Untangle's IPSec implementation isn't compatible with client endpoints at all. You have to use L2TP for that. And that bit will work with DNS name, you just have to make sure DNS is doing its job.

    IPSec in Untangle is for site-to-site tunnels only.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #29
    Untanglit
    Join Date
    Apr 2016
    Posts
    17

    Default

    Quote Originally Posted by sky-knight View Post
    Another catch, Untangle's IPSec implementation isn't compatible with client endpoints at all. You have to use L2TP for that. And that bit will work with DNS name, you just have to make sure DNS is doing its job.

    IPSec in Untangle is for site-to-site tunnels only.
    On UT 12, you just fill in the details on the VPN tab of the IPSec app and enable Xauth and it just worked fine with the sales iPads; it all went wrong when the cell provider changed WAN IP address...
    Given these are mobile sales offices at shows, that happens frequently.

  10. #30
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,514

    Default

    Honestly, I'm surprised it works at all. Out here, the cellular providers hand your cellular router a 192.168, so you aren't terminating anything like IPSec on it.

    OpenVPN however, will go right through it because the client device just sets up a UDP stream to the server, what the client device goes through, layers of NAT involved, just doesn't matter.

    I'm rather sad to see you go because if that's your use case, OpenVPN really will treat you better.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 3 of 3 FirstFirst 123

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2