Jump to content
RESET Forums (homeservershow.com)
  • One of the best ways to protect yourself when you are out with your laptop or other portable device that requires wireless access is to use a VPN.  Though not necessarily the most user friendly product to setup, the benefits in security can be worth the trouble.  There are many ways to setup a VPN using software only, but today I would like to cover OpenVPN that is built in to Untangle.  Early versions of the Untangle router software included OpenVPN which allowed you access to your network, however starting with version 9.3, it includes a full tunnel option not previously available.  In my opinion, this is a game changer for Untangle.




    Background and Rationale


    What is a full tunnel and why do I want it?  A VPN can be configured in two basic ways, a split tunnel and a full tunnel.  A split tunnel is only secure when accessing your network such as your files, NAS or computer.  When you are browsing, you are completely unsecure and open to threats.  A full tunnel routes everything to your router and is then sent to the internet from there.  Another words, you will establish a secure connection to your router from your laptop, and your router will route the request to where you want to go.  Why is that important?  Say you are at a Starbucks or other public WiFi and you want to surf the internet.  The entire time you are surfing, you are exposed even when going to safe sites.  Granted, if you connect to say your bank, you will be accessing a secure connection, but everywhere else you are open for people to sniff what you are doing and where you are going in hopes of capturing personal information.  When using a VPN tunnel, your connection from your laptop is made to your VPN and never leaves it.  When your request to go to a web site, the request is made from your laptop, through the secure VPN connection, and your router will send that request to the site.  The information is then routed back from the that site back to the router, and from the router back to your laptop.  Just to be clear, only the connection is secure, and of course it does not stop you from going to malicious sites, but it does protect you from what happens when you are using a public hotspot (see the lower section for additional benefits of using a VPN).






    What are the drawbacks?  For starters, the main drawback is that depending of the hardware you have and the speed of your internet connection, it can be a bit slower.  Since the traffic has to go to your router/firewall, get routed to the site, and then back to router then back to laptop, there could be some very minor delays.  The faster the connection, the less the problem.  The other drawback is that it is a bit more complicated to setup.  Many solutions out there offer VPN but only a few offer full tunneling.  In the end it is all about how important security is to you.  For me, the choice is simple.  Since I do occasionally have to use public hotspots as well as having access from work, a tunnel is the only way I can go.  Lastly, setting up something like Untangle with OpenVPN can be a bit more expensive.  The software is free, but you will need an old PC (or a low cost one such as an atom based pc) that will be dedicated to the task.  I will not walk through the full setup of Untangle as there are many tutorials for that so lets walk through how easy it is to setup OpenVPN.




    Hardware requirements


    The hardware requirement for running untangle in its basic form are not very much.  You can use an old PC or pick up an Atom board like the one that has been running in mine for almost two years along with at least one additional NIC card.


    P1020383  P1020384




    OpenVPN Setup


    Assuming you have Untangle configured and working correctly, the process of setting up OpenVPN is pretty easy.  There are two basic steps in setting up the software.  First there is the Sever side (Untangle Box) and secondly the clients.


    SNAG-0258  SNAG-0265




    Server Setup

    • Go into your Untangle Console and click on the “Settings” button.  You will be prompted to setup as a Server or a Client.  Select “Server”, answer the questions and once you have completed, you will end up with a screen like the one below.





    Client Setup


    To Setup the client, again go back to “Settings”, click on the “Clients” tab, and select “Add”.  Create a new client name and click on “Done”.  You should now see the client listed.  The VIrtual address will show “unassigned until you click on “Apply”.




    When you are done, it will look something like this.




    To install access to your PC or Mac, click on distribute and it will generate the client package.  If you are a Windows user, click on the link for the Windows client and it will generate a “Setup” file for you to run on your client.  If you use a MAC, click on the other link and refer to your MAC OS documentation on how to setup a VPN using the supplied key files.




    The last step you have to do is to set the tunneling option.  Go back to the OpenVPN settings and click on the “Advanced” tab.  You should see your default network listed.  Click on “Edit” and “Enable” the tunneling option.










    The easiest way to test and confirm that your tunneling is working is to go to a site called “Whatismyip.com”.  Once the page loads, you will be prompted with your IP address given to you by your provider.  Next, go to the local Starbucks (or anywhere that has WIFi outside your network) and do the same thing.  The IP address will of course be different.  Now connect your VPN by right clicking on the icon in your task tray that was created during the setup, and once again go back to the same site and you will see the same IP address that you saw at home indicating you are tunneled to you home network.  You are now running a secure connection using the WiFi hotspot.  In addition to more secure surfing, you can now run an RDP session to any computers on your network, access files from any computer on your network, as well as other devices such as printers and NAS units.






    SNAG-0276t it






    You may have to use the IP address to access these devices but everything will accessible as if you where on your network.


    RDP any of your computers or servers from anywhere outside your network.




    Access your local resources and see your files just as if you are inside your network.  You can also open, copy or save to these locations.








    I have always been impressed with Untangle for safety and security, but the addition of Full Tunneling has turned “impressed” into “Awesome”.  This has increased the usefulness of Untangle for me by 10 fold.  No longer do I think of a router/firewall in the same way, as it has added a ton of usefulness and functionality for me.  The fact that I can not only increase security of my wireless access, but I now have full access to my files, as well as the ability to RDP from anywhere without the need for external programs like Mesh, or Logmein.  If you where on the fence about setting up something like untangle for your home router, than now if you time.  If you are already running it, than spend the five minutes it takes to setup and unleash the full power of the setup you already have.


    Windows 8


    I have been successful in running the client in Windows 8, however it did take a couple of attempts of installing and removing it for it to work correctly.  I am certain that updates will be coming out in the near future but in the interim you should be able to run on Windows 7 or Windows 8.


    User Feedback

    Recommended Comments

    How does untangle 9.3 compare to pfsense 2.0.1? While the full tunnel is interesting, pfsense already has this ability w/ OpenVPN as well as SSH. While untangle's UI seems a bit more polished, is it a step above or on par with pfsense? I couldn't live w/o my pf box so it would take a compelling case to consider untangle. I'm intrigued and want to hear others' takes.
    Link to comment
    Share on other sites

    I would say if you are already running pfSense, there really is not incentive to change. They are both good products once you get them setup. I found Untangle to be easier to install and more forgiving with hardware but once you get them running the way you want, it is all good. Thanks for the comments.
    Link to comment
    Share on other sites

    PFsense is a bit more capable but a bit more complex. In my experience, untangle holds your hand and does a good job of making things easy. PFsense is a key compoment in my work's VPN network, we couldn't do what we do without it. Also, its worth mentioning that you can add this functionality to any OpenVPN server with one command line/config file/ccd file option(push "redirect-gateway def1")
    Link to comment
    Share on other sites

    Full process of untangling OpenVPN with full tunneling was bit complicated to me but this particular instructive post quite helped me understand actually what's needed to done. Enjoyed the information and looking forward to learn more tutorial through reading this post!! Thanks.
    Link to comment
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

  • Our picks

    • RT6600ax tri-band Wi-Fi 6 router   Provide ultrafast and secure wireless connectivity to your home or office with support for the expanded 5.9 GHz spectrum,* combined wireless throughput of 6.6 Gbps, and a secure network infrastructure backed by the intuitive Synology Router Manager (SRM).
        • Like
      • 6 replies
    • I throw this out every once in a while.  Is anyone interested in writing up "semi-formal" reviews here on the forums?  I say semi-formal because they don't have to be pro level, just a good attempt at telling the story about the gear.  Something you have purchased lately.  You don't have to go buy stuff, just incorporate what you have already have purchased.  Hit me up with any questions.  You never know where it will lead!
        • Like
      • 5 replies
    • D-Link has dropped a couple of new products and additions to their lineup of smart home gear.  Hold on because there is a lot of gear!
      Let's start with cameras.  D-Link has new Wi-Fi cameras, the Full HD Pan and Tilt Pro Wi-Fi Camera (DCS-8302LH) and Full HD Indoor and Outdoor Pro Wi-Fi Camera (DCS-8526LH).  These are not just new, and good looking cams, they can now perform people detection and glass break detection.  The new cameras also feature expanded ways for customers to save video, including ONVIF Profile S, which enables custom storage and streaming options to personal NAS devices, built-in storage microSD capacity up to 256 GB, as well as free and paid cloud storage options. 

      This year's camera models include both an indoor and an outdoor model. The outdoor model features a spotlight and siren that can be triggered when motion is detected, deterring potential intruders. The indoor model pans around to give a full 360-degree view of any room and tracks motion. Both include two-way audio. 
      Full HD Pan and Tilt Pro Wi-Fi Camera is the model (DCS-8302LH), available in Q2, 2020, and retail pricing will be $99.99.
      Full HD Indoor and Outdoor Pro Wi-Fi Camera is the model (DCS-8526LH), available in Q3, 2020, and retail pricing will be $119.99.
      One of my favorite products is Wi-Fi.  D-Link has a whole lot of new products coming including Wi-Fi 6, Mesh, Alexa and Google Assistant integration, IFTTT, Parental Controls, and more!

      There are so many new SKU's that I can't make heads or tails of them!  I'm going to be speaking with D-Link more this week and will sort all of these out. I do want you to see all they are offering and what the release date and projected retail pricing will be.

      AC1900 Scalable Mesh Wi-Fi Router (COVR-1900-US), Q1 2020, $119.99
      AC1750 Mesh Wi-Fi Router (DIR-1750-US), Q1 2020, $99.99
      AC1900 Mesh Wi-Fi Router (DIR-1950-US), Q1 2020, $119.99
      AC1750 Mesh Wi-Fi Range Extender (DAP-1755-US), Q1 2020, $99.99
      AC1950 Mesh Wi-Fi Range Extender (DAP-1955-US), Q1 2020, $109.99
      Smart AX1500 Mesh Wi-Fi 6 Router (DIR-X1560-US), Q1 2020, $119.99
      Smart AX1800 Mesh Wi-Fi 6 Router (DIR-X1870-US), Q2 2020, $139.99
      Smart AX2400 Mesh Wi-Fi 6 Router (DIR-X2460-US), Q3 2020, $159.99
      Smart AX5400 Mesh Wi-Fi 6 Router (DIR-X5460-US), Q1 2020, $279.99
      AX1800 Mesh Wi-Fi 6 Range Extender (DAP-X1870-US), Q2 2020, $129.99
      AX1800 Whole Home Mesh System (COVR-X1872-US), QX22020, $269.99
        • Like
      • 0 replies
    • RESET Merch Shop
      Get ya Merch here!  I've created a T-Shirt shop with the famous RESET paperclip. I've pasted that clip on just about everything so you can wear it around town!  Cable bags, Coffee Mugs, T-Shirts, and more. 
      or you can get it it via
      Here is the main design.

      Below is a part of the order that I put in!  

      The Heather Grey above is the Extra Soft version and it is awesome.  I highly recommend the softness!    The "Chili Red" is the Tri-Blend and probably my favorite feel and color.

      This is the Zip-Up Hoody, Heather Indigo, Sponge Fleece, Men's, Large.  In my podcast I couldn't remember what style it was but it is Sponge Fleece. It's REALLY soft on the inside. Soft outside as well. The only problem is with the zip up hoody the logo is on the back. Regular hoody, it will be on the front.
      or you can get it it via
      Thank you for supporting this community. Everything you purchase will help keep the lights on the hard drives spinning.
      • 0 replies
    • OneDrive Personal Vault and expandable storage
      Microsoft's OneDrive has a few new features and options worth pointing out.  Personal Vault and Expandable Storage.
      Personal Vault is a protected area in OneDrive that can only be accessed with a strong authentication method or a second step of identity verification, such as your fingerprint, face, PIN, or a code sent to you via email or SMS. 
      Personal Vault gives you an added layer of protection for your most important files, photos, and videos—for example, copies of documents such as your passport, driver’s license, or insurance information—should someone gain access to your account or device.
      Plus, this added security won’t slow you down. You can quickly access your important documents, photos, and files with confidence wherever you are, on your PC, OneDrive.com, or your mobile device.

      Beyond a second layer of identity verification, Personal Vault also includes the following security measures:
      Scan and shoot—Using the OneDrive app, you can scan documents or shoot photos directly into your Personal Vault, keeping them off less secure areas of your device, like your camera roll.
      Automatic locking—No need to worry about whether you left your Personal Vault or your files open—both will close and lock automatically after a period of inactivity.
      BitLocker encryption—On Windows 10 PCs, OneDrive automatically syncs your Personal Vault files to a BitLocker-encrypted area of your local hard drive.
      Restricted sharing—To prevent accidental sharing, files in Personal Vault and shared items moved into Personal Vault cannot be shared.
      Taken together, these security measures help ensure that Personal Vault files are not stored unprotected on your PC, and your files have additional protection, even if your Windows 10 PC or mobile device is lost, stolen, or someone gains access to it or to your account.
      Expandable Storage
      If you are and Office 365 Subscriber you get 1 TB of OneDrive storage space with all the other Office goodies like Word, Excel, etc.  I know personally that I have gone over the 1TB limit and have always wanted to be able to add additional storage to my account.  Now you can!

      Pick and option and keep on hoarding, errr, I mean saving! Cancel anytime, upgrade at any moment.
      • 2 replies
  • Create New...