Jump to content
RESET Forums (homeservershow.com)
  • Sign in to follow this  

    Untangle OpenVPN with Full Tunneling


    One of the best ways to protect yourself when you are out with your laptop or other portable device that requires wireless access is to use a VPN.  Though not necessarily the most user friendly product to setup, the benefits in security can be worth the trouble.  There are many ways to setup a VPN using software only, but today I would like to cover OpenVPN that is built in to Untangle.  Early versions of the Untangle router software included OpenVPN which allowed you access to your network, however starting with version 9.3, it includes a full tunnel option not previously available.  In my opinion, this is a game changer for Untangle.




    Background and Rationale


    What is a full tunnel and why do I want it?  A VPN can be configured in two basic ways, a split tunnel and a full tunnel.  A split tunnel is only secure when accessing your network such as your files, NAS or computer.  When you are browsing, you are completely unsecure and open to threats.  A full tunnel routes everything to your router and is then sent to the internet from there.  Another words, you will establish a secure connection to your router from your laptop, and your router will route the request to where you want to go.  Why is that important?  Say you are at a Starbucks or other public WiFi and you want to surf the internet.  The entire time you are surfing, you are exposed even when going to safe sites.  Granted, if you connect to say your bank, you will be accessing a secure connection, but everywhere else you are open for people to sniff what you are doing and where you are going in hopes of capturing personal information.  When using a VPN tunnel, your connection from your laptop is made to your VPN and never leaves it.  When your request to go to a web site, the request is made from your laptop, through the secure VPN connection, and your router will send that request to the site.  The information is then routed back from the that site back to the router, and from the router back to your laptop.  Just to be clear, only the connection is secure, and of course it does not stop you from going to malicious sites, but it does protect you from what happens when you are using a public hotspot (see the lower section for additional benefits of using a VPN).






    What are the drawbacks?  For starters, the main drawback is that depending of the hardware you have and the speed of your internet connection, it can be a bit slower.  Since the traffic has to go to your router/firewall, get routed to the site, and then back to router then back to laptop, there could be some very minor delays.  The faster the connection, the less the problem.  The other drawback is that it is a bit more complicated to setup.  Many solutions out there offer VPN but only a few offer full tunneling.  In the end it is all about how important security is to you.  For me, the choice is simple.  Since I do occasionally have to use public hotspots as well as having access from work, a tunnel is the only way I can go.  Lastly, setting up something like Untangle with OpenVPN can be a bit more expensive.  The software is free, but you will need an old PC (or a low cost one such as an atom based pc) that will be dedicated to the task.  I will not walk through the full setup of Untangle as there are many tutorials for that so lets walk through how easy it is to setup OpenVPN.




    Hardware requirements


    The hardware requirement for running untangle in its basic form are not very much.  You can use an old PC or pick up an Atom board like the one that has been running in mine for almost two years along with at least one additional NIC card.


    P1020383  P1020384




    OpenVPN Setup


    Assuming you have Untangle configured and working correctly, the process of setting up OpenVPN is pretty easy.  There are two basic steps in setting up the software.  First there is the Sever side (Untangle Box) and secondly the clients.


    SNAG-0258  SNAG-0265




    Server Setup

    • Go into your Untangle Console and click on the “Settings” button.  You will be prompted to setup as a Server or a Client.  Select “Server”, answer the questions and once you have completed, you will end up with a screen like the one below.





    Client Setup


    To Setup the client, again go back to “Settings”, click on the “Clients” tab, and select “Add”.  Create a new client name and click on “Done”.  You should now see the client listed.  The VIrtual address will show “unassigned until you click on “Apply”.




    When you are done, it will look something like this.




    To install access to your PC or Mac, click on distribute and it will generate the client package.  If you are a Windows user, click on the link for the Windows client and it will generate a “Setup” file for you to run on your client.  If you use a MAC, click on the other link and refer to your MAC OS documentation on how to setup a VPN using the supplied key files.




    The last step you have to do is to set the tunneling option.  Go back to the OpenVPN settings and click on the “Advanced” tab.  You should see your default network listed.  Click on “Edit” and “Enable” the tunneling option.










    The easiest way to test and confirm that your tunneling is working is to go to a site called “Whatismyip.com”.  Once the page loads, you will be prompted with your IP address given to you by your provider.  Next, go to the local Starbucks (or anywhere that has WIFi outside your network) and do the same thing.  The IP address will of course be different.  Now connect your VPN by right clicking on the icon in your task tray that was created during the setup, and once again go back to the same site and you will see the same IP address that you saw at home indicating you are tunneled to you home network.  You are now running a secure connection using the WiFi hotspot.  In addition to more secure surfing, you can now run an RDP session to any computers on your network, access files from any computer on your network, as well as other devices such as printers and NAS units.






    SNAG-0276t it






    You may have to use the IP address to access these devices but everything will accessible as if you where on your network.


    RDP any of your computers or servers from anywhere outside your network.




    Access your local resources and see your files just as if you are inside your network.  You can also open, copy or save to these locations.








    I have always been impressed with Untangle for safety and security, but the addition of Full Tunneling has turned “impressed” into “Awesome”.  This has increased the usefulness of Untangle for me by 10 fold.  No longer do I think of a router/firewall in the same way, as it has added a ton of usefulness and functionality for me.  The fact that I can not only increase security of my wireless access, but I now have full access to my files, as well as the ability to RDP from anywhere without the need for external programs like Mesh, or Logmein.  If you where on the fence about setting up something like untangle for your home router, than now if you time.  If you are already running it, than spend the five minutes it takes to setup and unleash the full power of the setup you already have.


    Windows 8


    I have been successful in running the client in Windows 8, however it did take a couple of attempts of installing and removing it for it to work correctly.  I am certain that updates will be coming out in the near future but in the interim you should be able to run on Windows 7 or Windows 8.

    Sign in to follow this  

    User Feedback

    Recommended Comments

    How does untangle 9.3 compare to pfsense 2.0.1? While the full tunnel is interesting, pfsense already has this ability w/ OpenVPN as well as SSH. While untangle's UI seems a bit more polished, is it a step above or on par with pfsense? I couldn't live w/o my pf box so it would take a compelling case to consider untangle. I'm intrigued and want to hear others' takes.

    Share this comment

    Link to comment
    Share on other sites
    I would say if you are already running pfSense, there really is not incentive to change. They are both good products once you get them setup. I found Untangle to be easier to install and more forgiving with hardware but once you get them running the way you want, it is all good. Thanks for the comments.

    Share this comment

    Link to comment
    Share on other sites
    google Microsoft warns of 'man-in-the-middle' VPN password hack

    Share this comment

    Link to comment
    Share on other sites
    PFsense is a bit more capable but a bit more complex. In my experience, untangle holds your hand and does a good job of making things easy. PFsense is a key compoment in my work's VPN network, we couldn't do what we do without it. Also, its worth mentioning that you can add this functionality to any OpenVPN server with one command line/config file/ccd file option(push "redirect-gateway def1")

    Share this comment

    Link to comment
    Share on other sites
    Full process of untangling OpenVPN with full tunneling was bit complicated to me but this particular instructive post quite helped me understand actually what's needed to done. Enjoyed the information and looking forward to learn more tutorial through reading this post!! Thanks.

    Share this comment

    Link to comment
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Our picks

    • Let's start small with the definition. If you know about podcasts already you can skip ahead.  
      What is a podcast?  There is no set definition but in general a podcast is a voice recording on a subject that you can usually listen to however and whenever you want.  Let's break these down a little bit and that will also help define the term for you.
      • 1 reply
    • Here is something that wasn't planned but came to me while I was at Unveiled.  The Unveiled event was a little lackluster so I had a little fun with the DJI Osmo Pocket.  Take a look.
      • 0 replies
    • It's the most important post covering CES.  The swag bag review.
        • Like
      • 0 replies
    • TP-Link's Wi-Fi 6 Routers
      I talked with TP-Link about their AX series routers.  The Deco X10 is a Tri-Band mesh router that will come in a pack of two for $350.  I was told Q3 for release but if that sounds like a long time don't forget that we don't have anything that will talk with the AX standard yet.  
      It's a good looking box that I hope will perform well and have plenty of features.  I've read good things about the Deco series and there were a few good sales last year on the M5.  I really should test the M5!

      Here it is.  Yes, it's huge! Not a hockey puck like the M5 is.  What do you think?
      • 1 reply
    • ASUStor AS4004T 10Gbe NAS Review
      ASUStor AS4004T NAS - Short and Sweet Review
      • 0 replies

  • Create New...