Results 1 to 5 of 5
  1. #1
    Untangler
    Join Date
    Aug 2018
    Location
    Copenhagen, Denmark
    Posts
    48

    Smile Best practice for setup UT

    Hallo Guys

    What would be considered best practice in my current case.

    1. Use router as router and use UT in bridge mode

    2. Use router in bridge mode and set UT as addressed.

    I want to install Wireguard VPN, so in case 1 I guess I need to forward port 51820, and if I go with case 2, I guess it is done automatically.

    My assumption is that I get an extra security layer with option 1, but I am not sure.

    Thanks.

    /Ulf
    Last edited by UlfLaursen; 01-07-2022 at 11:56 PM.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,393

    Default

    You need to be a ton more clear, because what are you referring to as a router?

    If you want to use VPN with Untangle at all... do yourself a favor and do whatever you have to do to get a real internet routable IP address on Untangle and have Untangle be a router.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Aug 2018
    Location
    Copenhagen, Denmark
    Posts
    48

    Default

    Thanks a lot, Rob. Here is a bid more in depth explanation.

    I have only access to 4G/5G broadband where I live, so no fast copper or fiber connections here.

    So I have bought the Zyxel NR7101:

    https://www.routerdistributor.com/zy...router-nr7101/

    It can be configures both as a traditional router and run in bridge mode, so I guess that you are suggesting that I run in bridge mode, so that all traffic is handled and routed by UT, right?

    Thanks.

    /Ulf

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,393

    Default

    It may not make a difference... I'm not sure how things work in Denmark on your cellular networks but here in the states it's VERY uncommon to get a cellular connection that isn't using cgnat. That's Carrier Grade NAT.

    What that means is our cellular devices, never get a publicly routable IP address. And when we perform NAT at the edge of our networks, regardless of device that's doing it... we're now doing double NAT and get all the headaches that come with it.

    So you're going to have to do some testing with that Zyxel, does it get a real IP address? If it's in bridge mode can you move that real address to the Untangle? If both are true, then yes make Untangle do all the routing and bridge the Zyxel. That configuration will make your life by far the easiest.

    If you're stuck behind CGNat... you're STILL probably going to want to make Untangle a router, unless that Zyxel lets you input static routes, you won't have the tools to deal with the insanity you're about to go through to make Wireguard work. The site you're describing will have to be the client side of the tunnel, connecting to another system that has a more reasonable connection. That is assuming you're not forced to put something in the cloud somewhere.

    You're working with some seriously fundamental stuff that's going to force you into one of three rabbit holes, so until you find out if you can have a public IP address on your gear at all... you're stuck. So focus on that for now.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangler
    Join Date
    Aug 2018
    Location
    Copenhagen, Denmark
    Posts
    48

    Default

    Thanks a lot, Rob - you have been a great help - really appreciate it. You guys rock!!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2