Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33
  1. #11
    Master Untangler
    Join Date
    May 2016
    Location
    Singapore
    Posts
    101

    Default

    Yeah I agree of course it's the 10% of tech savvy users that use the VPN feature of the consumer routers.

    But those 10% of all consumers is the 100% market for Untangle at Home. Only those tech savvy home users would every consider to buy and install an Untangle NGFW at home. These are the users who will use VPN servers!

    Here the argument seems to be our target market is the top 10% of tech savvy users who want to use VPN at home. The remaining 90% of the market doesn't. So we design our product for the 90% of the market we don't want to sell to. Great idea!

  2. #12
    Master Untangler abailey's Avatar
    Join Date
    Mar 2016
    Posts
    102

    Default

    I am in the 10% of the users for home market and I use VPN with a dynamic WAN address. I use OpenVPN and have had no trouble.

  3. #13
    Master Untangler
    Join Date
    Oct 2014
    Location
    Norway
    Posts
    121

    Default

    Quote Originally Posted by abailey View Post
    I am in the 10% of the users for home market and I use VPN with a dynamic WAN address. I use OpenVPN and have had no trouble.
    That's good. But the problem is with ipsec vpn. Not open vpn. I'm with the other 90% that don't need vpn. So no problems here

  4. #14
    Master Untangler
    Join Date
    May 2016
    Location
    Singapore
    Posts
    101

    Default

    Quote Originally Posted by elmy79 View Post
    That's good. But the problem is with ipsec vpn. Not open vpn. I'm with the other 90% that don't need vpn. So no problems here
    Interesting! I didn't even look at Open VPN. I use IPSec VPN because I mainly have iOS/Mac devices and they have a Cisco IPSec client built in so no need to install extra software just configure it and you're done.

    I'd just like to point out again that this is not an IPSec VPN restriction. I use an IPSec VPN server on my main pfSense router box and it works with a dynamic IP as it binds itself to the "WAN interface" instead of to a specific IP of the WAN.

    I really don't know why the good folks at Untangle insist that IPSec VPN server needs a static public IP?

  5. #15
    Master Untangler
    Join Date
    Oct 2014
    Location
    Norway
    Posts
    121

    Default

    Ye. I don't know either. But it seems open vpn has no such problems from people using it.
    So if you are not restricted to using ipsec vpn. Then maybe you can just change it to open vpn setup.

  6. #16
    Master Untangler
    Join Date
    May 2016
    Location
    Singapore
    Posts
    101

    Default

    Yeah, have to look into this but at the moment I am running my pfSense box in front of Untangle to deal with this issue.

    What's get's me most is that the folks here at Untangle not even try to understand or help. Only answer I get you need an static IP for IPSec to work which is not a technical limitation just how Untangle is implemented.

    Dick Morris said int the recent Untangle at Home webcast that this is a major business area they want to expand into. Looks like he forgot to tell the rest of the folks at Untangle that home users are and important business opportunity.

  7. #17
    Master Untangler
    Join Date
    Oct 2014
    Location
    Norway
    Posts
    121

    Default

    Quote Originally Posted by anschmid View Post
    Yeah, have to look into this but at the moment I am running my pfSense box in front of Untangle to deal with this issue.

    What's get's me most is that the folks here at Untangle not even try to understand or help. Only answer I get you need an static IP for IPSec to work which is not a technical limitation just how Untangle is implemented.

    Dick Morris said int the recent Untangle at Home webcast that this is a major business area they want to expand into. Looks like he forgot to tell the rest of the folks at Untangle that home users are and important business opportunity.
    Well in his defense I would say that Untangle is not built with home users in mind.
    Now that they have gone this way. I would think that they will try to add features that are suited for home users too.
    But this will most likely take some time.

    Also ipsec vpn I'm sure was not thought of for home use. But I imagine it must be possible to change the way it works so it can be used with a dynamic ip.
    Last edited by elmy79; 05-30-2016 at 08:29 PM.

  8. #18
    Master Untangler
    Join Date
    May 2016
    Location
    Singapore
    Posts
    101

    Default

    Quote Originally Posted by elmy79 View Post
    Well in his defense I would say that Untangle is not built with home users in mind.
    Now that they have gone this way. I would think that they will try to add features that are suited for home users too.
    But this will most likely take some time.

    Also ipsec vpn I'm sure was not thought of for home use. But I imagine it must be possible to change the way it works so it can be used with a dynamic ip.
    Thank you so much for this! I wish an Untangle employee would see it the way you do and take the feedback onboard instead of just dismissing it like they did previously in this threat. Time is not a problem but acknowledgement of possible improvement is.

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    Technically speaking the IPSec specification requires static addressing. There are looser interpretations out there that allow for use of a DNS name instead to terminate tunnels, but there's a rather large fire of opinion on how secure such things are.

    For now, you just need know that IPSec on Untangle requires fixed addresses, OpenVPN does not.

    If memory serves, the IPSec module is built off of StrongSwan... perhaps it's simply a limit of that project?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #20
    Master Untangler
    Join Date
    May 2016
    Location
    Singapore
    Posts
    101

    Default

    Quote Originally Posted by sky-knight View Post
    Technically speaking the IPSec specification requires static addressing. There are looser interpretations out there that allow for use of a DNS name instead to terminate tunnels, but there's a rather large fire of opinion on how secure such things are.
    Sorry but as I have repeatedly highlighted this is not true. Here is a screen shot of my pfSense IPSec configuration and it clearly shows that it can be bind to WAN instead of needing an static IP address. I know that the Untangle supporters will keep on going how this is not technically possible but quiet frankly they are wrong!

    Again this is what I mention before, you can be open to customer feedback or you can just insist that is the way things are. If your Apple that might work but if you're Untangle maybe you don't have the same swagger.

    Screen Shot 2016-05-31 at 7.20.06 PM.png

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2