Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untangler
    Join Date
    May 2017
    Posts
    58

    Default Untangle as Only a WireGuard VPN Server?

    Can Untangle run as a single-entity device that serves only to be an endpoint for WireGuard VPN?

    I have a remote network I am trying to use WireGuard to VPN into that I want to serve only a subset of IPs - I know WireGuard is perfect for this as it does this.

    I do NOT want to use the firewall features of Untangle for this - merely just use it for WireGuard. I would be VPNing in from a secondary network remote/through the internet.

    Does Untangle allow itself to run as a single-nic/entity like this? If it does, I would set up two Untangle boxes - one on the remote network as a server, and then one on my local network as my firewall and set up a site-to-site tunnel that would feed only those specific IPs from my network.

    Thank you for your help.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,385

    Default

    Yes, you can run Untangle as a single NIC in this case. This is similar to the AWS Untangle setup. Unfortunately we don't license WireGuard app separately so it would require a complete license.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    May 2017
    Posts
    58

    Default

    Understood about the license. That's fine.

    How would I achieve this with a single-nic? I have set it up, but the handshake won't complete. I'm sure I have the interfaces incorrect.

  4. #4
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,206

    Default

    You can to it with just 1 Pysical interface.

    If you have another Router/GW you will have to ad a static route for the WireGuard subnet and pointing it to the Untangle IP.
    Else it should be as "normal"

  5. #5
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,442

    Default

    I see openwrt supports wireguard now. https://openwrt.org/start?q=wireguard&do=search You can run it on many types of hardware or as a vm. And it is free! Does it work? Untangle sd-wan uses it.

    And it supports ipv6.
    Last edited by donhwyo; 02-16-2021 at 07:59 AM.

  6. #6
    Untangler
    Join Date
    May 2017
    Posts
    58

    Default

    Quote Originally Posted by WebFooL View Post
    You can to it with just 1 Pysical interface.

    If you have another Router/GW you will have to ad a static route for the WireGuard subnet and pointing it to the Untangle IP.
    Else it should be as "normal"
    Unfortunately this still doesn't tell me how to do it.

    How is the one physical interface configured? External? Internal? WAN? NAT?

    It pulls a DHCP address on External right now from the main LAN IP pool. I want to use a secondary private IP range on the WireGuard interface, and share the main LAN IP network. Is that possible? Is that the right way?

    Some more detail on how to set this up would be very helpful.

    Thank you.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,667

    Default

    ??

    It's an external interface, and it's addressed... for sanity sake it should be static. External is ALWAYS this way, it's addressed. It's also always WAN. But he latter doesn't really matter in this use case.

    The Wireguard module has a clear location to configure the peer IP address pool, which takes care of the remaining requirement.

    So I'm confused... you're here asking for direction on settings that you've defined obvious answers to in every case. From what I can see here, the only reason it's not working is you haven't bothered to actually do it yet, because you're looking for someone's permission? It's your network man! GO FORTH do the things!

    If something doesn't cooperate, then come back and yell for help.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untanglit
    Join Date
    Sep 2009
    Posts
    23

    Default

    you don't need untangle for a simple server, any linux distro will do and 10 minutes of your time.

  9. #9
    Untangler
    Join Date
    May 2017
    Posts
    58

    Default

    Quote Originally Posted by sky-knight View Post
    ??

    It's an external interface, and it's addressed... for sanity sake it should be static. External is ALWAYS this way, it's addressed. It's also always WAN. But he latter doesn't really matter in this use case.

    The Wireguard module has a clear location to configure the peer IP address pool, which takes care of the remaining requirement.

    So I'm confused... you're here asking for direction on settings that you've defined obvious answers to in every case. From what I can see here, the only reason it's not working is you haven't bothered to actually do it yet, because you're looking for someone's permission? It's your network man! GO FORTH do the things!

    If something doesn't cooperate, then come back and yell for help.
    If you read through my first post, you'd see I already did try it. I have a server running, an external NIC pulling a private LAN address, and the WireGuard module running using a different private address pool. However, it is not handshaking. How could I know that if I haven't tried it?

    It's not working, and that's the whole point of my post.

  10. #10
    Untangler
    Join Date
    May 2017
    Posts
    58

    Default

    Quote Originally Posted by primerump View Post
    you don't need untangle for a simple server, any linux distro will do and 10 minutes of your time.
    I like Untangle's GUI.

    But, I'd be willing to attempt a Linux install if you have some pointers. I am not natively Linux, and the IP Tables are a little intimidating.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2