Page 8 of 8 FirstFirst ... 678
Results 71 to 77 of 77
  1. #71
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,193

    Default

    of course there is also this:
    But I really need compression
    In most cases this is more a perceived need than a real need.

    - Most traffic is not compressible since it is either already compressed (e.g. large downloads) or is encrypted and cannot be compressed.
    - VPN compression is fairly inefficient compared to normal compression. Only one packet at a time (~1400 bytes) is compressed. It is always better compress data at a higher protocol layer.

  2. #72
    Newbie
    Join Date
    Nov 2019
    Posts
    3

    Default

    Quote Originally Posted by jcoffin View Post
    Many third party OpenVPN client applications are updating and no longer accept lower level encrypted certificates which was generated on version 12 or earlier of Untangle. Even if you upgraded your Untangle to the latest version, the OpenVPN certificate is still the same as we do not generate a new certificate on upgrade so OpenVPN connections won't break. Thus some OpenVPN connections will fail due to third party VPN clients restrictions.

    The solutions is to generate a new OpenVPN certificate and redistributing the OpenVPN config files for each OpenVPN user.
    Steps:
    - Export the server remote clients, groups, and networks from /admin/index.do#service/openvpn/server
    - Remove OpenVPN app from Untangle by clicking the remove button at the bottom of /admin/index.do#service/openvpn/status
    - Install OpenVPN again.
    - Import all the previous exports for server remote clients, groups, and networks
    - Send the new client config files to your OpenVPN clients.
    I learned my lesson - No more auto updates for my Untangle boxes anymore. The auto updates broke all my remote OpenVPN routers/clients and I have quite a lot. Setting up all 50+ remote users will take some time. I will definitely have to consider other OpenVPN platforms so I can avoid things like this in the future.

  3. #73
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,522

    Default

    Quote Originally Posted by bitvoip View Post
    I learned my lesson - No more auto updates for my Untangle boxes anymore. The auto updates broke all my remote OpenVPN routers/clients and I have quite a lot. Setting up all 50+ remote users will take some time. I will definitely have to consider other OpenVPN platforms so I can avoid things like this in the future.
    This is exactly the opposite of how Untangle upgrades. We don't update the certificates and encryption at upgrade to prevent existing clients from breaking on upgrade.

    Since this is your first post, it might be best to discuss your issue.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #74
    Newbie
    Join Date
    Nov 2019
    Posts
    3

    Default

    Quote Originally Posted by jcoffin View Post
    This is exactly the opposite of how Untangle upgrades. We don't update the certificates and encryption at upgrade to prevent existing clients from breaking on upgrade.

    Since this is your first post, it might be best to discuss your issue.
    We'll I'll correct myself that it was half broken because the box kept updating automaticly but I had no idea that not updating the certs will brake the VPN at some point. Any new clients that I created could not connect, so I used the fix described on the forums to remove the app add it again and it will fix the problem. So it did, but only the new clients could connect. All the old clients created 2-3years ago stopped working..and the site-to-site Untangle connections broke too. It would have been nice to see a message in the Untangle Dashboard .."hey opeVPN will no longer work with bla bla bla.."
    This way while trying to fix the new client connections I broke all the existing.

    This is not my first time on the forum, but the password reset procedure did not work last night..it kept looping me in a circle until I got blocked for failing to login with the password I was sent..so..yeah..Not much fun lately

  5. #75
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,189

    Default

    The fix for the new clients not working is in this thread, along with how to connect via SSH and verify the use of an MD5 certificate.

    The notifications of all of this were in the release notes for v11, we're now on v14. I realize additional visibility is possible, and potentially warranted, an admin alert for MD5 certificates being present would be nice. But honestly, again look at this thread... it's WELL documented, and many of us have spent buckets of time working to mitigate it... and I'm not even referring to Untangle employees, I've spent weeks on this issue over the last few years.

    So the fact that you got the wake up call on a server that's obviously been neglected isn't a bad thing to me. One of the things I love about Untangle is its ability to just sit quietly working for years on end, but that's also a bad thing. You let your server go unattended and working for so long you forgot the password! That's not good!
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #76
    Newbie
    Join Date
    Nov 2019
    Posts
    3

    Default

    Quote Originally Posted by sky-knight View Post
    The fix for the new clients not working is in this thread, along with how to connect via SSH and verify the use of an MD5 certificate.

    The notifications of all of this were in the release notes for v11, we're now on v14. I realize additional visibility is possible, and potentially warranted, an admin alert for MD5 certificates being present would be nice. But honestly, again look at this thread... it's WELL documented, and many of us have spent buckets of time working to mitigate it... and I'm not even referring to Untangle employees, I've spent weeks on this issue over the last few years.

    So the fact that you got the wake up call on a server that's obviously been neglected isn't a bad thing to me. One of the things I love about Untangle is its ability to just sit quietly working for years on end, but that's also a bad thing. You let your server go unattended and working for so long you forgot the password! That's not good!
    We'll I cant bash Untangle about its stability and its been doing a phenomenal job for the past years. I have no regrets using it. For me faster fix was to reinstall from scratch then to digg tru the forums honestly. Again I will say, After lets say 2-3 updates after an admin logs in Untangle it will be a great feature to see what has changed since the last login and what features are end of life and such. As admin I dont really have time to read every single release note on every product out there. Its just too much information to swallow.

    Cheers,

  7. #77
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,189

    Default

    Quote Originally Posted by bitvoip View Post
    We'll I cant bash Untangle about its stability and its been doing a phenomenal job for the past years. I have no regrets using it. For me faster fix was to reinstall from scratch then to digg tru the forums honestly. Again I will say, After lets say 2-3 updates after an admin logs in Untangle it will be a great feature to see what has changed since the last login and what features are end of life and such. As admin I dont really have time to read every single release note on every product out there. Its just too much information to swallow.

    Cheers,
    I'm right there with you, which is also why I'm not happy about the current OpenVPN implementation. If you nuked and paved just the OpenVPN module, you would have done enough to get things going again. BUT, the new defaults still contain compress directives, and those directives are ALREADY deprecated. So if you've pushed these clients out everywhere, and you didn't know to go exclude the compress directives from both the client and server configurations, you're basically signed up to do all this again soon.

    When is soon? I have no idea... And the first thing that will bite you, is iOS and Android OpenVPN clients not connecting because these platforms require the user to manually enable compression before they'll actually pass traffic.

    And I agree, we're all busy. But that's also why these forums exist.

    Untangle's OpenVPN module is amazing, but it has one massive weakness... the OpenVPN clients are all configured with local configuration files. We have no way to input a change on the server, and have the clients just get those changes. You have to either redistribute the clients, or find a way to edit all the deployed configuration files.

    This is a problem with the way OpenVPN works as a platform, Untangle is just wrapping it.
    Kyawa likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 8 of 8 FirstFirst ... 678

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2