Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Newbie
    Join Date
    Dec 2020
    Posts
    12

    Default Using UT with VPN

    Hopefully this question makes sense - I am using UT as my firewall, web filter etc and I'm happy with it. I also use of the popular Private VPN products (Nord VPN, ExpressVPN, etc) on my computer.

    With the VPN enabled, of course UT does not see a lot of what I'm doing. For example the web filter is not invoked on sites that would be blocked without it.

    So my question is, does using the VPN in some way lessen the security of my system since in theory it is allowing me to bypass some of the function of what UT is meant to do?

  2. #2
    Master Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    131

    Default

    Hi Glen,

    I got around this by setting up Nord on Untangle with the TunnelVPN service app and just tagging the devices that I wanted to go over the VPN. I set the Nord client app on my laptop and phone to trust my home WiFi and not connect when logged onto that.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    I'm just here waiting for someone to tell me exactly how a 3rd party VPN actually does anything to secure anything... but whatever.

    If you use a VPN service, Untangle is going to see a mangled mess of encrypted packets going to the VPN provider and nothing else. If you want Untangle to be inspecting your traffic so it can use its job, you'll need to use the TunnelVPN app to connect to your VPN services while you're behind Untangle.
    dashpuppy likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Master Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    131

    Default

    Quote Originally Posted by sky-knight View Post
    I'm just here waiting for someone to tell me exactly how a 3rd party VPN actually does anything to secure anything... but whatever.
    Better yet, tell us why it doesn't and save us some bucks!

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    Quote Originally Posted by Armshouse View Post
    Better yet, tell us why it doesn't and save us some bucks!
    That's just it isn't it? The VPN provider has provided you no proof their service actually does what they claim it does, yet you believe it?

    This concept boils down to trust. Do you trust your ISP? If you don't, then you use a VPN provider. But then you have to trust the VPN provider! No matter what there's a single point of access that has all your browsing habits.

    Then there's the tracking scripts run by companies like Google that are so ubiquitous that the point at which you access the Internet is irrelevant, it knows where you are. Facebook knows who you're going to vote for before you do for crying out loud! These things are based on information sources beyond your local connection, and utterly bypass the VPN itself.

    3rd party VPN providers do one thing, and one thing only... allow you to bypass geo-fences. Which remains one of the primary reasons why I say such techniques to "secure" anything are pointless. Now, if you're a world traveler, 3rd Party VPN provides an easy means to keep your browsing experiences stable, because again you can bypass that geo-fence. You will always present to the Internet based on the server you're routing through. That has value. As does using it to get around irrational geographic distribution of content limitations.

    But nowhere in any of this have you improved your supposed anonymity, or your security.

    If you've bought into the security myth of 3rd party VPN, congrats... you're a victim of the Internet's latest lottery scheme. Just as any lottery is a tax on those that can't do math... 3rd party VPNs for the most part are a tax on those that don't know how the Internet works.
    Last edited by sky-knight; 01-03-2021 at 12:21 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Master Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    131

    Default

    Quote Originally Posted by sky-knight View Post
    That's just it isn't it? The VPN provider has provided you no proof their service actually does what they claim it does, yet you believe it?

    This concept boils down to trust. Do you trust your ISP? If you don't, then you use a VPN provider. But then you have to trust the VPN provider! No matter what there's a single point of access that has all your browsing habits.
    True, I don't have proof, but they claim to offer a zero-logs VPN service; which includes connection timestamps, session information, bandwidth usage, traffic data, IP addresses, etc. What's more, they invited a fairly well-known auditing firm to perform an audit of those no-logging claims. The report concluded that their policy description was fair and accurate. My ISP on the other hand... I'm pretty sure they'd have a tough time equaling that.

    Quote Originally Posted by sky-knight View Post
    Then there's the tracking scripts run by companies like Google that are so ubiquitous that the point at which you access the Internet is irrelevant, it knows where you are. Facebook knows who you're going to vote for before you do for crying out loud! These things are based on information sources beyond your local connection, and utterly bypass the VPN itself.
    Would that I could; I'm not trying to duck Google so much. I choose to have a relationship with them. For sure, it probably goes deeper than I'd like, but such is the nature of the beast. Facebook, I'm not on.


    Quote Originally Posted by sky-knight View Post
    3rd party VPN providers do one thing, and one thing only... allow you to bypass geo-fences. Which remains one of the primary reasons why I say such techniques to "secure" anything are pointless. Now, if you're a world traveler, 3rd Party VPN provides an easy means to keep your browsing experiences stable, because again you can bypass that geo-fence. You will always present to the Internet based on the server you're routing through. That has value. As does using it to get around irrational geographic distribution of content limitations.

    But nowhere in any of this have you improved your supposed anonymity, or your security.
    Not sure I agree with that. It's not just geo-fences... When I use public hotspots on the train etc, they like to dictate what sites you can visit, how much bandwidth you get for certain traffic vs another. Many of those restrictions go away when using a VPN. Not to mention that I don't exactly want the train company's Wi-Fi operator keeping some record of what I do and selling that data to the highest bidder in the name of market research, advertising etc.

    Are you also claiming that if you were to use a VPN service on your personal laptop whilst connected to your employer's Wi-Fi say, that they would be able to tell what sites you were browsing? (assuming that you're using the VPN providers DNS servers over the tunnel).

    Quote Originally Posted by sky-knight View Post
    If you've bought into the security myth of 3rd party VPN, congrats... you're a victim of the Internet's latest lottery scheme. Just as any lottery is a tax on those that can't do math... 3rd party VPNs for the most part are a tax on those that don't know how the Internet works.
    To me it's not about trying to be completely invisible or anonymous. It's about minimising the number of footprints I do leave and choosing as much as possible in whos yard I leave them in. Like you said at the start, it's about trust and I trust my VPN provider to be more discreet than my ISP. I wouldn't like it if the postal service was keeping a note of who I sent letters to or who sent them to me (and potentially what was inside if the envelopes weren't suitably opaque).

    To be honest, it's not so much that I don't trust my ISP. I get that they need a certain amount of info to do what they need to do. What I'm not so keen on is that they don't get to decide who they're legally obliged to surrender it to. So for that reason, I'd rather go with a VPN provider who says "We don't log it, so there's nothing to share".
    Last edited by Armshouse; 01-03-2021 at 01:45 PM. Reason: typos, doh!

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    Using it to bypass the access controls on the train, is using it to bypass yet another geo-fence!

    Also, if your VPN provider has "zero logs", they also have "zero ability to troubleshoot". Consider trying to figure out what's wrong with your Untangle without the report module installed...

    Go for it... You'll see what I mean in a real hurry. Zero logs is incompatible with good service in this case. They're mutually exclusive goals. Therefore, they have logs. Now how do they use those logs? That's the real question and we're back to trusting them over the ISP.

    But again, if you're using it to sanitize your Internet access as you work through various public networks, that's perfectly valid. It doesn't provide any real security. But it does make your life easier, and in that there's value.

    For my part, I just use my cellular connection. Using a VPN to bypass access controls of someone else's network is a breach of ethics. It's not my connection, and using it means accepting the limitations imposed by the property owner. Cellular connections solve that issue entirely, as it's mine.

    But that also brings with it ISP trust issues... those are omnipresent problems and yeah... there's a ton of stuff in that mess too.
    Last edited by sky-knight; 01-03-2021 at 03:26 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Master Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    131

    Default

    Quote Originally Posted by sky-knight View Post
    Using it to bypass the access controls on the train, is using it to bypass yet another geo-fence!
    Ah, OK. I figured geo-fencing was more to do with your example of presenting a particular geographical location etc. I'd consider the train example to be more of a walled garden - but yeah, I'm using the VPN to escape it as well as obscure my activity.

    Quote Originally Posted by sky-knight View Post
    Also, if your VPN provider has "zero logs", they also have "zero ability to troubleshoot". Consider trying to figure out what's wrong with your Untangle without the report module installed...

    Go for it... You'll see what I mean in a real hurry. Zero logs is incompatible with good service in this case. They're mutually exclusive goals. Therefore, they have logs. Now how do they use those logs? That's the real question and we're back to trusting them over the ISP.
    This is a good question, I'll ask them and see. My experience so far of their service is that most of my (noob) questions/issues have been dealt with via chat and troubleshot there and then without needing to know too much other than what server I was connecting to. I should imagine that, by and large, if their service is up and running and the majority of customers can connect, then you're gonna get the "It's fine our end" kind of response that an ISP would give you - not saying that's great, but availability and speed are the two main metrics that most people will be interested in.

    Quote Originally Posted by sky-knight View Post
    But again, if you're using it to sanitize your Internet access as you work through various public networks, that's perfectly valid. It doesn't provide any real security. But it does make your life easier, and in that there's value.
    If you mean it doesn't provide any real security in the sense that a lot of communications are already HTTPS, SSL etc then this is true. It does, however, provide added confidentiality and I'd suggest that there was value in that too. After all, I'd guess that Swiss bank accounts are a "thing" not because the banks in Switzerland have better vaults, but mainly because of the confidentiality and discretion they provide and the limits of legal instrumentation available to the state in that territory to pry.

    Quote Originally Posted by sky-knight View Post
    For my part, I just use my cellular connection. Using a VPN to bypass access controls of someone else's network is a breach of ethics. It's not my connection, and using it means accepting the limitations imposed by the property owner. Cellular connections solve that issue entirely, as it's mine.
    Yes, I definitely have a foot in both camps here. On the one hand at home, I'm trying to filter and monitor what my kids can do and on the other, I don't want the same scrutiny placed on me when I'm using someone else's connection. I'd only go so far as to say it was a breach of ethics if they specifically stipulate that connecting to a VPN (corporate or otherwise) is not OK. If the fact that their filtering etc no longer functions as a result, then that's more of an operational issue for them as far as I see it. Is their priority providing connectivity or knowing what I'm doing?

    Quote Originally Posted by sky-knight View Post
    But that also brings with it ISP trust issues... those are omnipresent problems and yeah... there's a ton of stuff in that mess too.
    Yes sir! One thing I'd add is that we're largely viewing this from a privileged position whereby most of us aren't really worried about people knowing what news sites we visit, our religious beliefs, political affiliations, sexual orientations etc. In another country under a different regime where the ISPs acquiesce that data, that sort of thing could be a legitimate concern and I'd say that a VPN service does more than just let you watch Netflix. Thing is... you don't even have to go too far back in our own histories before some of those things could have gone against you in our modern/democratic societies.

    Some might take the "If you have nothing to hide you have nothing to be worried about" stance. I'd say that what is considered something to hide can change at any time. What if governments decided that to help combat the spread of a pandemic, they were going to ask ISPs to hand over people's browsing data so that they could correlate it with this or that demographic/behaviour? At the point which you might feel whatever suggestion/scenario wasn't cool, your data might already be up for grabs. So yes, I'd rather trust a VPN provider who claims they don't store it than my ISP.

    But you're right... A whole can o' worms!

  9. #9
    Untangler
    Join Date
    May 2008
    Posts
    522

    Default

    This brings up a bigger question. Do we really trust Untangle? They seem to be desperate to increase their profits. They could collect more than anyone else.

    LOL

  10. #10
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,655

    Default

    Quote Originally Posted by donhwyo View Post
    Do we really trust Untangle?
    This is why our code is open source. https://github.com/untangle
    donhwyo and tcurtis like this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2