Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    May 2020
    Posts
    33

    Default Moving from USG, can Untangle help me...

    I've been using the Unifi platform at home and while it is very stable, it is severely lacking in features. I've replaced the USG with an Untangle box and have gotten my APs and internet working. I want to do the following with Untangle and am hoping someone can guide me in the right direction

    1) Have two or three Wi-Fi networks, one of which is routed through my VPN provider which is AirVPN
    2) Is it worth creating a separate network for my IoT devices (Ring doorbell and cameras, Hue bulbs, Alexa/Google assistants)
    3) Can I limit my kids online time? Ideally by two methods- a total number of hours per day as well start/end times. Would also like to make sure they're not accessing the wrong kind of content.

  2. #2
    Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    94

    Default

    Quote Originally Posted by ajaffarali View Post
    I've been using the Unifi platform at home and while it is very stable, it is severely lacking in features. I've replaced the USG with an Untangle box and have gotten my APs and internet working. I want to do the following with Untangle and am hoping someone can guide me in the right direction
    I'm a fairly recent Untangle user myself, but - until the local exberts ( ) chime in, perhaps these remarks will do:

    1) Have two or three Wi-Fi networks, one of which is routed through my VPN provider which is AirVPN
    Yes, that is possible. To route some or all of your traffic through a VPN service use the TunnelVPN app. If you want to have different Wi-Fi networks wtih different routing options, you can accomplish this by using a seperate subnet for each. That requires either that the Untangle hardware has a free NIC or that the wireless AP supoports VLANs. IIRC the Ubiquity Unifi devices do support VLANs. Or if you happen to have a switch that supports VLANs, then the switch could separate the VLANs, you'd then need multiple AP devices though.

    2) Is it worth creating a separate network for my IoT devices (Ring doorbell and cameras, Hue bulbs, Alexa/Google assistants)
    Again this will require either an extra free NIC or VLAN support somewhere. I certainly would separate those out, but then my Untangle device has 6 NICs, so I'm not facing any shortage in that respect.

    3) Can I limit my kids online time? Ideally by two methods- a total number of hours per day as well start/end times. Would also like to make sure they're not accessing the wrong kind of content.
    You can limit your kids' online time by start-/end-times with time-based policies, but - to the best of my knowledge - not by hours per day.

    Untangle has apps that can flag and block content that you deem inappropriate, e.g. Web Filter, Application Control. Some of those apps may required the paid "Home Pro" subscription, but you can try them out for free during a 30 day trial.

    Please note that these apps generally work via domain-based filtering. If you need deeper and/or more granular filtering, then you'd need to use the Untangle SSL-Inspector app and install certificates on your kids' devices, so Untangle can crack open the encryption and inspect the details of the traffic. I've never done this, so I'm not sure how well this works with Android and/or iOS devices. But I'm not sure that you'd need to go this far.

  3. #3
    Master Untangler
    Join Date
    Dec 2008
    Location
    Greater Omaha Area
    Posts
    253

    Default

    Long time Ubiquiti and Untangle user, installer and fan ...

    1) Don't see the need for this but then I've never used a 3rd party VPN service, always used OpenVPN which is available with Untangle.

    2) Yes, typically we always segment internal WiFi users, especially for Guest and/or IoT networks. Usually using VLAN and switching via managed switch and separate LAN port on Untangle device.

    3) Yes, can you get very creative and I would recommend that you review the Untangle HomePro subscription for $50 per year which gives you full licenses to Untangle which would be needed to use the Policy Manager, Web Filter, etc.

  4. #4
    Master Untangler
    Join Date
    Oct 2013
    Posts
    203

    Default

    1. I did something similar. I used a dedicated DD-WRT router to connect to StrongVPN. This seems to be the supported approach (as far as StrongVPN is concerned). I have tried, numerous times, to have Untangle connect to to StrongVPN directly but it just doesn't work. Neither Untangle or StrongVPN will provide any help with the integration (for good reason), so I just gave up and did it the long way round. Anyway, I've set aside VLAN80 for anyone who needs to be on the VPN. In other words, any device that connects to it will be able to access geo-locked content.

    2. This should be based on your own use case. I had to implement multiple VLANs / SSIDs to accommodate all 4 of my extended families, all with their own smart devices/IOTs. This prevents one family's Alexa from discovering other families' smart devices and vice versa.

    3. You can use Untangle's Policy Manager to set time-of-day and/or day-of-week. But as was mentioned above, it doesn't support "total hours per day"*.

    *For the latter, I am using ESET's Parental Control, as my kids are both using Android mobile devices, as a way to set their maximum daily screen time. On the PC, I take advantage of Windows 10 Family Options. You can check these products out to get a skinny on their complete features, but let me just say that both these products provides filtering and reports so you can monitor how much time they spend on which app and what websites they've been to, among many others.

    I am the Visio type so apologies for posting a lot of diagrams. English is also not our main language so I'm hoping that illustrations might help provide better clarity:
    Jim.Alles likes this.

  5. #5
    Untangler
    Join Date
    May 2020
    Posts
    33

    Default

    Thanks everyone for their responses! Glad to see an active community helping each other. I read up a little bit more and have been able to accomplish the first item on my list. Here is how I did that in case anyone else needs help with it.

    I have a UniFi Switch and APs so that first step was actually quite easy. I created a VLAN (VLAN20 with ID 20) with an IP on 192.168.20.x and a DHCP server for it. I then created a VPN tunnel to my provider (AirVPN) by generating a router based OpenVPN config from their end and uploading it to Untangle. Once that was done, I set the rule that if Source IP address is in the 192.168.20.1/24 range, then tunnel it through my VPN. On the UniFi side, I created a VLAN-only network with VLAN ID 20 and also a new Wireless network with VLAN ID 20. And it just all automagically works when I connect to my new Wireless Network with all traffic going over the OpenVPN tunnel

    My next step would be digging a bit deeper to see if I can also allow any VoIP traffic from my non-VPN network from apps such as WhatsApp or Instagram to also tunnel through the VPN as my ISP doesn't allow VoIP.
    Last edited by ajaffarali; 05-30-2020 at 10:34 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2