Results 1 to 9 of 9
  1. #1
    Untangler
    Join Date
    Jul 2009
    Posts
    64

    Default IPsec Remote site hostname Support

    as untangle reseller im compiting againts sonicwalls and Junipers, everything its fine until, i need to add an ipsec site.

    lots of clients use dyndns for remote ends, but untangle doesnt let me add a hostname in the remote ip address =(.

  2. #2
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Since IPsec doesn't know anything about hostnames, it needs IPs in order to work. If the remote end changes it's IP address, the tunnel will break, no matter if we do the domain name resolution for you or not.

    So, in order to enable this, we'd have to resolve the IP address, create the IPsec link, monitor the link, and then when it breaks, try to reset it up with a new IP Address.

    If this is something you really need, you can file it at bugzilla.untangle.com. It seems there is a much cleaner/easier solution, which is to get a static IP at both ends.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  3. #3
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,051

    Default

    What he is saying, I think, is a Sonicwall device will let you stuff a DNS name in for the remote address. You don't have to have an IP address. When the connection is initiated it looks up the IP address of the name.

    We run a Sonicwall device at work and it works just fine with a DNS name. As soon as the tunnel drops from IP change it looks for a new IP address then tries again. We have zero trouble with IPSEC tunnels and dynamic IP addresses using our Sonicwall.

    This seems like it would be a good feature to add though just my . I would be VERY close to changing out the Sonicwall if IPSEC was implemented with more options and the ability to add in a hostname for the remote address.
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  4. #4
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Umm, yeah, that's what I said.
    Last edited by mrunkel; 08-20-2012 at 04:31 PM.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  5. #5
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,051

    Default

    Quote Originally Posted by mrunkel View Post
    Umm, yeah, that's what I said.
    lol I suppose I was trying to say it would be a good feature to have if you are trying to get people away from Sonicwall and such as they offer said feature. This is why we are still stuck with a Sonicwall as our edge device.
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  6. #6
    Untangle Ninja dbunyard's Avatar
    Join Date
    Nov 2008
    Location
    Westerville, Ohio, USA
    Posts
    1,051

    Default

    Seems like y'all didn't like my answer so let's break it down real quick. SonicWall and other such devices offer a hostname option for the remote site. While IPSEC as a protocol doesn't know about hostname the OS can take care of this quite easily. For those users with a dynamic IP address that need an fixed tunnel (such as those of us in IT) this poses a problem for the tunnel. We need 24/7 access to our work's LAN and IPSEC is the best way to do this. When I get a call at 3AM I don't want to have to figure out if the tunnel is up or not, I just need to troubleshoot the problem on the remote side and crawl back into bed with my wife. That being said, this is one of the problems transitioning away from SonicWall we have and also why none of us use an Untangle device as our gateway. I have an Astaro box as does my boss and one of my coworkers, the other has a simple Linksys device that takes care of it. Though again, just my for what little it's worth.
    Dan

    You may one day find something interesting here. Today is not that day. Tomorrow isn't looking too good either.

  7. #7
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Dan, relax.. I'm not sure why we're not communicating, so I'll try to restate:

    1.) I understand the point and your use case. I spelled out what needs to happen on our end to make it happen.
    2.) From my viewpoint, we already have OpenVPN for your use case and I fail to see how IPsec is in any way better for what you've described.

    I appreciate that you feel this is a need for you, I've already said what you have do to have this have a chance of ever becoming a reality.

    Go to bugzilla.untangle.com and file a bug with the feature enhancement request. Hope others vote on it.

    m.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  8. #8
    Untangler
    Join Date
    Jul 2009
    Posts
    64

    Default

    like dbunyard its very simple tweak that can help alot, currently i am stuck im trying to replace sonicwalls but i cant because some clients doesnt have fixed IPs.

  9. #9
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Quote Originally Posted by mrunkel View Post

    Go to bugzilla.untangle.com and file a bug with the feature enhancement request. Hope others vote on it.
    FWIW. It's not "simple" if it was simple, one of you guys would have supplied us with a patch.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2