Router in front of Untangle UTM

Question

I want to put a pfSense router in front of my Untangle UTM. There is only one thing I am not too sure about.

If the Untangle box will sit behind another router and run OpenVPN, all I need to do to route traffic to the Untangle through the pfSense is add a static route on the pfSense box and open the port used by OpenVPN right?

Right now the Untangle box is the router.

Old now, but why would you do this? Untangle can do anything you wanted pfSense to do. — Joel Coel, Jul 13 '15 at 05:06

score 3 · Accepted Answer · answered Jun 29 '11 at 01:31

3

In most cases, not even a route. A port map/forward entry on the pfSense to the Untangle should be all that is needed.

answered Jun 29 '11 at 01:31

user48838

7,431
2
18
14

Really? That simple? – AtomicPorkchop Jun 29 '11 at 01:36
1

Yup... Just "poking" the right hole(s) and directing them to the correct inside host. – user48838 Jun 29 '11 at 01:49
Well I finally did the switch, and something went horribly wrong, so this idea was a bust. Thanks for the advice anyway. – AtomicPorkchop Jul 06 '11 at 00:03
What went wrong? – user48838 Jul 06 '11 at 01:45
As far as I can tell, Untangle was not allowing most traffic through the VPN. No one could login to the AD domain, no email in remote offices, no DNS in remote offices... Yet, get this. I could browse windows shares on the remote server and the remote office could see the main office. So I reverted back to the old way, which was Untangle as the primary router and everything is working fine now. – AtomicPorkchop Jul 06 '11 at 04:26
Any chance you still have DHCP enabled on the Untangle system? If so, you might consider disabling it and allowing pfSense to take over the management of the local network. – user48838 Jul 06 '11 at 08:28
No I checked that, we use our AD server as the DHCP for network. – AtomicPorkchop Jul 06 '11 at 18:28
Hmmm... How about possible firewall rules on Untangle, maybe needing "rework" to reflect the reconfiguration/new placement? – user48838 Jul 06 '11 at 19:59
That is what I was thinking but I could not figure it out. I am a member of the Untangle forums and I have a support contract. I will have to use those resources. I am sure I can figure it out. – AtomicPorkchop Jul 06 '11 at 21:01

score 0 · Answer 2 · answered Jul 05 '11 at 12:48

0

Why not use Openvpn server in pfsense ?

answered Jul 05 '11 at 12:48

Ninja

192
1
6

I did not want to use the pfsense OpenVPN because every so often I hear how they are going to drop it in the future version. I don't want to get commited to something and then have it blow up in my face. – AtomicPorkchop Jul 06 '11 at 00:02
Okay wasn't aware of that, I haven't read about they are dropping it – Ninja Jul 06 '11 at 06:50
They might not be dropping it, I just read somewhere they may be, Come to think of it that might have been m0n0wall I was thinking of. They had dropped OpenVPN sometime back. – AtomicPorkchop Jul 06 '11 at 18:29

score 0 · Answer 3 · edited Apr 28 '12 at 12:18

0

A static route on in the Pfsense for the OpenVPN address pool pointing to you Untangle server will be needed or to activate the "Route VPN traffic that would go through the Bridge".

Just port forwarding will just allow the tunnel to be established but if clients/servers on the other side have Pfsense as there GW they will need the route back. (or Packet filter rule).

edited Apr 28 '12 at 12:18

Ben Pilbrow

12,041
5
36
57

answered Apr 28 '12 at 10:59

WebFooL

51
1
6

Router in front of Untangle UTM

3 Answers3