Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default Will / can IpSec do what i need?

    I am new to IPSec and was curious if i understand it right.

    currently we use OpenVPN for clients to connect to some externally hosted servers.

    Each person needs the openvpn client on their system to connect.

    Can IPSec be used to make a host to host connect to those server networks so that people can just connect directly with out the need of the OpenVPN client on their computers?

    or do i got it all wrong?
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  2. #2
    Master Untangler
    Join Date
    Dec 2010
    Location
    Echuca, Victoria, Australia
    Posts
    278

    Default

    Quote Originally Posted by Mathiau View Post
    I am new to IPSec and was curious if i understand it right.

    currently we use OpenVPN for clients to connect to some externally hosted servers.

    Each person needs the openvpn client on their system to connect.

    Can IPSec be used to make a host to host connect to those server networks so that people can just connect directly with out the need of the OpenVPN client on their computers?

    or do i got it all wrong?
    If this is between 2 offices, with 2 ut boxes, you can setup a site to site vpn with OpenVPN.

  3. #3
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default

    but i cant use site 2 site and the vpn server at the same time though?

    I have people who connect from outside our office to both networks, myself i connect for administration to our workstation network and others connect to our server network so hey are both running VPN server already.

    also the other systems are running openvpn servers as well.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    The IPSec module is independent of the OpenVPN module.

    The IPSec module only supports site-to-site tunnels at this time.

    So yes in theory you could run two Untangle servers, connected to each other via the IPSec module to do the site to site, and free up both servers' OpenVPN modules to now run in server mode to create a mesh network with roadwarrior OpenVPN localized access.

    The routing details to make all that traffic move where it needs to go is making my head hurt... this would be an INCREDIBLY advanced deployment.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default

    Sounds like it is over my head then for now it seems.

    our other server networks we connect to use OpenBSD and openvpn server, i assume i cant do a site 2 site with them over IPsec, i have to have UT on the other end?
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  6. #6
    Untanglit
    Join Date
    May 2008
    Posts
    29

    Default

    Which is faster IPSEC to IPSEC in Untangle? Or OpenVPN SSL to SSL?

    Does VOIP traffic - 1 phone in a remote site work better over on VPN type or another in which requires a VPN to be up to work?

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    VPN performance is determined by your WAN link quality, not the encryption used. If I had to venture a guess on the hairs of difference? My money is on OpenVPN being slightly more efficient.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untanglit
    Join Date
    May 2008
    Posts
    29

    Default

    I have two locations that former to Untangle going in looked like this:

    *HQ*
    T1--DlinkFirewall--MultiTechRouter--InternalNetwork
    ...........|
    ...........|-Phone System

    The other side was simply a:
    *RemoteWorker*
    DSL--DlinkFirewall--Switch w/ Phone and Computer


    [Dlink and MultiTech - why the two? It was like this when we got there.]


    Thus we now have:
    *HQ*
    Cable(50m/5m)--Untangle--InternalNetwork (w/ Switch and Phone and Computers)

    *RemoteWorker*:
    DSL (1.5mb/768k)--Untangle--Switch w/ Phone and Computer


    The outcome - using Untangle OpenVPN/SSL in the same config of computer and phone is a Panasonic IP Phone that says: POOR LAN CONNECTION.

    This is where I wondered if we should put in a Cisco RV110W or RV042 at the RemoteWorker's location, and then configure IPSEC on the Untangle at HQ?

    [Computer at RemoteWorker can ping phone system @ HQ.]
    [Computer at HQ can ping phone and computer at RemoteWorker.]
    Last edited by jtaugher; 07-24-2011 at 09:39 PM.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    Without knowing what metric the phone is using, that makes no sense.

    That said, DSL + Untangle bridge = problem in my experience. At least when it comes to VPN.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untanglit
    Join Date
    May 2008
    Posts
    29

    Default

    Quote Originally Posted by sky-knight View Post
    Without knowing what metric the phone is using, that makes no sense.

    That said, DSL + Untangle bridge = problem in my experience. At least when it comes to VPN.
    The Panasonic phone is using the G.722 codec. It appears (in the manual) to use the RTP and MGCP protocols in UDP.

    At *RemoteWorker* the Untangle is setup as the Firewall/Router - as it has the PPPoE information in it.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2