Will / can IpSec do what i need?

[Mathiau]

I am new to IPSec and was curious if i understand it right.

currently we use OpenVPN for clients to connect to some externally hosted servers.

Each person needs the openvpn client on their system to connect.

Can IPSec be used to make a host to host connect to those server networks so that people can just connect directly with out the need of the OpenVPN client on their computers?

or do i got it all wrong?

[pazza3564]

I am new to IPSec and was curious if i understand it right.

currently we use OpenVPN for clients to connect to some externally hosted servers.

Each person needs the openvpn client on their system to connect.

Can IPSec be used to make a host to host connect to those server networks so that people can just connect directly with out the need of the OpenVPN client on their computers?

or do i got it all wrong?

If this is between 2 offices, with 2 ut boxes, you can setup a site to site vpn with OpenVPN.

[Mathiau]

but i cant use site 2 site and the vpn server at the same time though?

I have people who connect from outside our office to both networks, myself i connect for administration to our workstation network and others connect to our server network so hey are both running VPN server already.

also the other systems are running openvpn servers as well.

[sky-knight]

The IPSec module is independent of the OpenVPN module.

The IPSec module only supports site-to-site tunnels at this time.

So yes in theory you could run two Untangle servers, connected to each other via the IPSec module to do the site to site, and free up both servers' OpenVPN modules to now run in server mode to create a mesh network with roadwarrior OpenVPN localized access.

The routing details to make all that traffic move where it needs to go is making my head hurt... this would be an INCREDIBLY advanced deployment.

[Mathiau]

Sounds like it is over my head then for now it seems.

our other server networks we connect to use OpenBSD and openvpn server, i assume i cant do a site 2 site with them over IPsec, i have to have UT on the other end?

[jtaugher]

Which is faster IPSEC to IPSEC in Untangle? Or OpenVPN SSL to SSL?

Does VOIP traffic - 1 phone in a remote site work better over on VPN type or another in which requires a VPN to be up to work?

[sky-knight]

VPN performance is determined by your WAN link quality, not the encryption used. If I had to venture a guess on the hairs of difference? My money is on OpenVPN being slightly more efficient.

[jtaugher]

I have two locations that former to Untangle going in looked like this:

*HQ*
T1--DlinkFirewall--MultiTechRouter--InternalNetwork
...........|
...........|-Phone System

The other side was simply a:
*RemoteWorker*
DSL--DlinkFirewall--Switch w/ Phone and Computer


[Dlink and MultiTech - why the two? It was like this when we got there.]


Thus we now have:
*HQ*
Cable(50m/5m)--Untangle--InternalNetwork (w/ Switch and Phone and Computers)

*RemoteWorker*:
DSL (1.5mb/768k)--Untangle--Switch w/ Phone and Computer


The outcome - using Untangle OpenVPN/SSL in the same config of computer and phone is a Panasonic IP Phone that says: POOR LAN CONNECTION.

This is where I wondered if we should put in a Cisco RV110W or RV042 at the RemoteWorker's location, and then configure IPSEC on the Untangle at HQ?

[Computer at RemoteWorker can ping phone system @ HQ.]
[Computer at HQ can ping phone and computer at RemoteWorker.]

[sky-knight]

Without knowing what metric the phone is using, that makes no sense.

That said, DSL + Untangle bridge = problem in my experience. At least when it comes to VPN.

[jtaugher]

Without knowing what metric the phone is using, that makes no sense.

That said, DSL + Untangle bridge = problem in my experience. At least when it comes to VPN.

The Panasonic phone is using the G.722 codec. It appears (in the manual) to use the RTP and MGCP protocols in UDP.

At *RemoteWorker* the Untangle is setup as the Firewall/Router - as it has the PPPoE information in it.