I have a license question, where do the OpenVPN connections count against the device count in a site to site configuration?
Thanks
I have a license question, where do the OpenVPN connections count against the device count in a site to site configuration?
Thanks
In a site to site, they don't.
If you do full-tunnel they do.
Basically any non-WAN device that creates a scanned udp/tcp *to the internet* is counted as "active"
Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
Yep, you'd be counting devices filtering through Untangle. So that's any remote clients using Untangle full tunnel, or any devices beyond another router that's full tunnel to the Untangle server too.
The tunnels themselves don't count, but the devices using them might.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
So would I be paying for a license for the same device at multiple locations?![]()
No, since a device is most likely only to go out the WAN through one Untangle.
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
No. Because OpenVPN and TunnelVPN are free features in Untangle, you wouldn’t have to license your remote sites. Just configure TunnelVPN to route all their internet traffic over the OpenVPN tunnel to your HQ. Then you’d only need a license on your Untangle firewall at your HQ. It would need to be a license tier covering the quantity of all devices across all your sites.
I would configure the VPN to NOT NAT the traffic over the VPN. This way you’d have full visibility for the internet traffic of all endpoints across all your sites. The only NAT should happen on the WAN interface at your HQ. (And NAT would be configures on the WAN interfaces of your remote sites, but that wouldn’t really apply to the endpoints being routed over the tunnel anyway.)
My $0.02.
Sent from my iPhone using Tapatalk