Multi site VPN

[bmdz]

I have a license question, where do the OpenVPN connections count against the device count in a site to site configuration?

Thanks

[dmorris]

In a site to site, they don't.

If you do full-tunnel they do.
Basically any non-WAN device that creates a scanned udp/tcp *to the internet* is counted as "active"

[sky-knight]

Yep, you'd be counting devices filtering through Untangle. So that's any remote clients using Untangle full tunnel, or any devices beyond another router that's full tunnel to the Untangle server too.

The tunnels themselves don't count, but the devices using them might.

[bmdz]

So would I be paying for a license for the same device at multiple locations?

[jcoffin]

No, since a device is most likely only to go out the WAN through one Untangle.

[sky-knight]

So would I be paying for a license for the same device at multiple locations?

No, the device count is a based on current use. Unless you've got a really long range WiFi I cannot see how a device can be in two places at once!

[dmor]

So would I be paying for a license for the same device at multiple locations?

No. Because OpenVPN and TunnelVPN are free features in Untangle, you wouldn’t have to license your remote sites. Just configure TunnelVPN to route all their internet traffic over the OpenVPN tunnel to your HQ. Then you’d only need a license on your Untangle firewall at your HQ. It would need to be a license tier covering the quantity of all devices across all your sites.

I would configure the VPN to NOT NAT the traffic over the VPN. This way you’d have full visibility for the internet traffic of all endpoints across all your sites. The only NAT should happen on the WAN interface at your HQ. (And NAT would be configures on the WAN interfaces of your remote sites, but that wouldn’t really apply to the endpoints being routed over the tunnel anyway.)

My $0.02.


Sent from my iPhone using Tapatalk