Overclock.net banner
Cancel
Create thread New Forums

Untangled router/firewall etc no [Official]?

Jump to Latest
1 - 20 of 20 Posts

Laithan

· Maximum_Unleashed
Joined
·
4,360 Posts
Discussion starter · #1 ·
Maybe I'm just having a bad search day on OCN but is there no "[Official} Untangled" thread? I see there are some equivalent threads for Pfsense but not for Untangled but I could just be missing it. I'm looking for a good "one stop shop" for general discussion, information, results, tweaks, hacks, reviews and testimonials for Untangled. I recently bought a mini-pc with the intention of installinf Pfsense (which I did) to replace my aged D-Link router when I was made aware of Untangled. I wiped Pfsense and currently running Untangled.. so far so good, I'm up and running on the new hardware but now it's time to dig deeper. I'm running the latest version 13.

Thanks all!
thumb.gif
 
Save
Reply Quote Rep+ Rep+
Discussion starter · #3 ·
Quote:
Originally Posted by beers View Post

How would you compare the two?
Click to expand...
I couldn't honestly provide any feedback.... other than the initial installation...I was able to install both without issue but the interface for Untangle was more user friendly. As I have been using Untangle for a couple days now I'm starting to get a feel for it. Overall it has passed any pen test I could throw at it so far and performance is as expected.

I'm struggling a little with trying to use a separate interface for my wireless network. It could just be me not the implementation.
 
Save
Reply Quote Rep+ Rep+
#4 ·
I tried to see if Untangle would work for me just a few days ago, turns out it cant install the bootloader on an NVME drive. Which is the same problem I had with a lot of these sort of firewall distros.

One thing I noticed is that while Untangle does have one of the best virus blockers, that uses BitDefender, that looks like it only uses the good AV for the paid for version. Free comes with AV Lite, which looks like it uses ClamAV like all other firewall distros do. I saw ClamAV get installed when Untangle was being installed, and if you go to the web pages for Virus Blocker and Virus Blocker Lite, only the paid for AV makes any mention of BitDefender.

https://www.untangle.com/shop/virus-blocker-lite/

https://www.untangle.com/shop/virus-blocker/

The paid for AV starts at $10 a month, so $120 a year, or comes with the paid for Home version for $50 a year. The paid for version also has an SSL inspector for firewalling and scanning encrypted web traffic going in and out of your network.
So to me, Untangle looks like the best firewall distro out there for home users. However, only if you are going to use the paid for version. The free version doesnt seem to have or do anything extra over OPNsense, IPfire, or pfsense.
 
Discussion starter · #5 ·
Quote:
Originally Posted by EniGma1987 View Post

I tried to see if Untangle would work for me just a few days ago, turns out it cant install the bootloader on an NVME drive. Which is the same problem I had with a lot of these sort of firewall distros.

One thing I noticed is that while Untangle does have one of the best virus blockers, that uses BitDefender, that looks like it only uses the good AV for the paid for version. Free comes with AV Lite, which looks like it uses ClamAV like all other firewall distros do. I saw ClamAV get installed when Untangle was being installed, and if you go to the web pages for Virus Blocker and Virus Blocker Lite, only the paid for AV makes any mention of BitDefender.

https://www.untangle.com/shop/virus-blocker-lite/

https://www.untangle.com/shop/virus-blocker/

The paid for AV starts at $10 a month, so $120 a year, or comes with the paid for Home version for $50 a year. The paid for version also has an SSL inspector for firewalling and scanning encrypted web traffic going in and out of your network.
So to me, Untangle looks like the best firewall distro out there for home users. However, only if you are going to use the paid for version. The free version doesnt seem to have or do anything extra over OPNsense, IPfire, or pfsense.
Click to expand...
Good post! Informative!
biggrin.gif
Thx

I assume there may be a workaround for NVMe but beyond my ability at this point to help.What kind of machine are you running that on a VM box? I currently have this machine. It has an Intel J1900 Quad core, 8GB of ram with a 128GB SSD and all Intel Gigabit ports (plus sips power). I was going to run this off my ESXi host but I wanted it to be dedicated. It also has wireless which seems to be a waste, I should have ordered itr without (I can remove the card). I don't think the WiFi implementation is very good on this Mini-PC and doesn't appear that Untangle even supports WiFi anyway so buyer beware if you like this one get the version without WiFi (if you are going to use Untangle anyway).
http://www.ebay.com/itm/262983199859?_trksid=p2060353.m1438.l2649&ssPageName=STRK%3AMEBIDX%3AIT



I had a D-Link WNDR3700v2 that I was using for my AP and I just flashed it with DD-WRT.. MUCH better than stock..
http://www.dd-wrt.com/wiki/index.php/Netgear_WNDR3700

What I'm trying to do is have my Wireless network run off a different interface on the router. I am OK with it being a separate subnet (but it would have to be able to talk to some of my servers on a different subnet like DHCP, DNS, etc). My reasoning is because I want to restrict Wifi access to a dedicated interface because it not only runs at a different MTU (1500 vs 9000 as I use jumbo frames) from the rest of my LAN (just being picky) but I don't want to allow that interface to connect to my internal storage and other devices.. I want the interface to only be able to talk to DNS, WINS, DHCP servers and then the router only, everything else on the network(s) are restricted via that interface this way all wireless clients will be restricted automatically as well. Perhaps there is a better way but it is what I am trying to figure out now. I'm a little unclear between using bridged mode and addressed on the 3rd interface.

I'd love suggestions... if I even made any sense
smile.gif


So.. A/V at the router... good enough to where the clients don't NEED local A/V anymore or just supplemental to local A/V?
 
Save
Reply Quote Rep+ Rep+
#6 ·
Running the wifi on a different interface and subnet should be possible with Untangle, it is with every other distro I have seen. I cant really tell you how to do it just yet as I dont yet have a normal SSD to install this on to get to the configuration.

On IPfire, the wireless would simply be called the "blue" interface. IPfire has the best wireless card support of all these firewall distributions I have found. During install you pick which interfaces are for what, with Red being the WAN, Green being LAN< and Blue is wifi. The difficulty comes in that IPfire only supports 3 interfaces like this, and you have to install a script post-installation to bridge more ports onto one of the interfaces. It only takes half an hour to figure it all out with the script and get it working, but it is still a pain to have to manually install a script over CLI.

As far as I remember, pfsense asks you during install if you want to use an optional interface. This "opt1" would be your wireless interface. It automatically goes on a different subnet and has its own DHCP server.

UbiquitiOS lets you install as many additional ETH# interfaces you want, and you place these on different subnets and DHCP servers when you activate the interfaces. Though you have to do a pain in the butt script config for this OS too in order to bridge these interfaces onto a single subnet if that is what you are wanting later down the road (bridges as in acts like a switch for all the physical plugs on the router).

So I would imagine Untangle would have an option somewhere for an Optional, or Eth2, or Blue interface setup.

Do you know if it is possible with Untangle to bridge physical ports to a single LAN subnet? I dont mean run the Untangle box in a "full bridge" mode between a router and the LAN. I would want Untangle to be the router and firewall, but I just want 8 of the ports on the box that I have all on the same LAN subnet and those 8 ports acting like a switch.

EDIT: Looks like it can, in the Network Configuration page under the "additional port" it talks about bridging more physical ports onto the same zone/interface.

Also in this section it talks about having multiple zone/interfaces on different subnets using different physical ports. So your question on how to configure your box like this should be somewhere on or nearby this web page.
EDIT again: here you go:
http://wiki.untangle.com/index.php/Installation#Configure_Other_Interfaces
 
Discussion starter · #7 ·
Thanks very much for this reply I am digging a little deeper and I think I should be able to make it work. I'll report back when I get a chance but the good weather has been pulling me outside away from the screen
biggrin.gif
 
Save
Reply Quote Rep+ Rep+
#8 ·
I tried The trial version of Untangle a few days ago and was really impressed .

Untangle has THE best antivirus of all UTMs and the ad blocker is exceptional. I've not tried pfsense but what I noticed about Untangle was it that it "just worked" out of the box and you don't have to go about installing scripts. Untangle actually asks you which network cards you wish to assign to the external WAN and the internal LAN at install time.

But the most impressive feature of Untangle is the GUI-based management interface that lets you configure the UTM right on the gateway itself. No need to use a CLI or set it up on another PC having to use web based management.

Untangle it a breeze to setup and deploy unlike the UTMs such as Sophos XG Home, which is a complete NIGHTMARE to deploy since it uses the 172.16.16.X address range by default instead of the 192.168.X.X range that 99% of existing home routers use.
 
#9 ·
Quote:
Originally Posted by Laithan View Post

So.. A/V at the router... good enough to where the clients don't NEED local A/V anymore or just supplemental to local A/V?
Click to expand...
With an antivirus gateway you get one shot to detect a virus and that's it. If the virus makes it's way onto a client before the signature database is updated, it won't do you any good it's a good first line of defense but you should always have an active antivirus on each device.

Also, that mini-pc you bought looked similar to one I was going to get before I realized that the OS cannot boot from the 2.5" SSD and you have to have an mSATA drive. Is this correct, did you have to have an mSATA to boot from?
 
#10 ·
I actually Moved to Untangle a few months ago, Tried the free version for the first couple months. Just ended up buying the Home Licence for $50 for a year. Which IMO is not a bad deal for what you get.

The Router side is actually not bad, but it is no PfSense. Sometime in the future I will pickup a low power box running esxi and use PfSense for the router and Untangle as only a UTM. But for now I'm happy with Untange handling the Routing. PfSense sucks as a UTM device, so I'm happy so far with the switch. Untangled for $50 a year isn't outrageous either.

It works well with VLANs and supports UPnP, which is something that was a must for me as we do use Consoles from time to time.

Would like to see a NAS app though, granted I have a Data Server. But would be nice for those that didn't.

Untangle hasn't been trouble free though, the amount of emails I get is crazy. I just need to change some settings, mostly in web monitor. I don't need to know that I'm looking at porn.
tongue.gif
 
#11 ·
Quote:
Originally Posted by DzillaXx View Post

I actually Moved to Untangle a few months ago, Tried the free version for the first couple months. Just ended up buying the Home Licence for $50 for a year. Which IMO is not a bad deal for what you get.

The Router side is actually not bad, but it is no PfSense. Sometime in the future I will pickup a low power box running esxi and use PfSense for the router and Untangle as only a UTM. But for now I'm happy with Untange handling the Routing. PfSense sucks as a UTM device, so I'm happy so far with the switch. Untangled for $50 a year isn't outrageous either.

It works well with VLANs and supports UPnP, which is something that was a must for me as we do use Consoles from time to time.

Would like to see a NAS app though, granted I have a Data Server. But would be nice for those that didn't.

Untangle hasn't been trouble free though, the amount of emails I get is crazy. I just need to change some settings, mostly in web monitor. I don't need to know that I'm looking at porn.
tongue.gif
Click to expand...
Why not run pfSense as your router/dhcp server on one system and run Untangle in bridge mode on a second system? I tried ESXi before and could never really grasp the concept of why anyone would WANT to use it. With ESXi could you have these two operating systems running in tandem as gateway/ bridge on the same system? I can only imagine how complex such a setup would be and how many NIC interfaces you would need.
 
#12 ·
Quote:
Originally Posted by aweir View Post

Why not run pfSense as your router/dhcp server on one system and run Untangle in bridge mode on a second system? I tried ESXi before and could never really grasp the concept of why anyone would WANT to use it. With ESXi could you have these two operating systems running in tandem as gateway/ bridge on the same system? I can only imagine how complex such a setup would be and how many NIC interfaces you would need.
Click to expand...
One thing I have heard, but dont yet have experience with myself, is that ESXi has basically the best NIC support you can get. It supports near anything. When you run Untangle, or pfsense, or whatever in a VM on ESXi, you assign the NIC and it works, even if the distro you are using doesnt have drivers built in for that specific NIC. This in turn means that you greatly increase your compatible hardware base and no longer need to worry about what will work and what will not. It also allows you to do things like run pfsense as the router and Untangle as UTM on the same box. Saving rack space (or in a home, shelf space. lol) and usually power.
 
#13 ·
Quote:
Originally Posted by EniGma1987 View Post

One thing I have heard, but dont yet have experience with myself, is that ESXi has basically the best NIC support you can get. It supports near anything. When you run Untangle, or pfsense, or whatever in a VM on ESXi, you assign the NIC and it works, even if the distro you are using doesnt have drivers built in for that specific NIC. This in turn means that you greatly increase your compatible hardware base and no longer need to worry about what will work and what will not. It also allows you to do things like run pfsense as the router and Untangle as UTM on the same box. Saving rack space (or in a home, shelf space. lol) and usually power.
Click to expand...
What's the performance hit? It sounds like you would need some pretty fast hardware to run two OSes virtually on the same machine. How many NIC interfaces would you need for this? 4?

Modem--> pfSesne WAN interface(port 1)
pfSense LAN interface (port 2)-->Untangle WAN interface(port 3)
Untangle LAN interface(port 4)-->switch/wireless AP
 
#14 ·
Quote:
Originally Posted by aweir View Post

Why not run pfSense as your router/dhcp server on one system and run Untangle in bridge mode on a second system? I tried ESXi before and could never really grasp the concept of why anyone would WANT to use it. With ESXi could you have these two operating systems running in tandem as gateway/ bridge on the same system? I can only imagine how complex such a setup would be and how many NIC interfaces you would need.
Click to expand...
Power usage for one. I want to get a 4 or 8 core atom server at home that pulls less than 40 watts from the wall. Right now I have a older dual core atom supermicro server that powers my untangle server and pulls around 40 watts from the wall. Pretty much as high as I would like in that regard, system uses the older atom arch, so no way would I try to run esxi on it.

Plus esxi would just have more setup time, which is fine for me. Not that hard to setup virtual nics. Esxi would also handle all the vlan to virtual nics as well. Iirc.
Quote:
Originally Posted by aweir View Post

What's the performance hit? It sounds like you would need some pretty fast hardware to run two OSes virtually on the same machine. How many NIC interfaces would you need for this? 4?

Modem--> pfSesne WAN interface(port 1)
pfSense LAN interface (port 2)-->Untangle WAN interface(port 3)
Untangle LAN interface(port 4)-->switch/wireless AP
Click to expand...
You would still only really need two physical Ethernet ports.

You could still use VLANS to a Smart Switch to create more virtual NICs in the server for more than one lan network. But having more than one physical nic for the lan side is still always the best if you really want multiple Lan side networks. VLAN Tagging is pretty easy once you learn. And creating Virtual NICs inside ESXI is not hard either.
 
Discussion starter · #15 ·
Quote:
Originally Posted by aweir View Post

With an antivirus gateway you get one shot to detect a virus and that's it. If the virus makes it's way onto a client before the signature database is updated, it won't do you any good it's a good first line of defense but you should always have an active antivirus on each device.

Also, that mini-pc you bought looked similar to one I was going to get before I realized that the OS cannot boot from the 2.5" SSD and you have to have an mSATA drive. Is this correct, did you have to have an mSATA to boot from?
Click to expand...
The one I bought came with an mSATA drive and I do boot from that. I installed via USB drive and then booted right away from the mSATA,

I understand they do have a version that accepts the 2.5" drives also. Yes I found it, here it is:

Code:

Code: 
Attention:
Qotom-Q190G4-S01 134*126*39mm, The height is too thin to install 2.5" HDD,So it only can support msata SSD.
Qotom-Q190G4-S02 134*126*47mm it can support 2.5" HDD and msata SSD at the same time.
I just bought the $50 home version also. Then turned off auto-renewal, never know if there might be something else out there in a year from now.
rolleyes.gif


I'm not having much as much success with the Ad Blocker TBH. It gave me issues with ebay so I shut it off.. I kept having to re-enter my credentials every time I clicked something. I shut it off and haven't seen it since so it appears to be related to the ad blocker. I may have to do more testing but it appears to be the culprit. There may be info for this out there already somewhere IDK.

Overall I'm pretty happy with Untangle. I like the daily reports with all the graphs etc. too. This thing was so easy to set up too, it's a 10/10 in the "ease of installation" for sure. I'm still fiddling and getting some time logged for other judgments yet but first impressions are excellent.

Are there any 3rd party apps for Untangle? Any tricks/hacks that anyone knows of?
 
Save
Reply Quote Rep+ Rep+
#16 ·
I also had issues with the ad blocker. It takes about three tries of turning it on to get it to stay enabled. Not sure why.

Also the intrusion prevention system must be activated manually after install.

And SSL VPN seems to only offer 128 bit emcryption, whereas Sophos UTM offers every encryption option known, all the way up to 256 bit, and 4096 bit Diffie-Hellman. I think the config files must be edited to change those parameters when using Untangle.
 
Discussion starter · #17 ·
A few months under my belt with Untanlge... so far I am liking it.. I have some small nit-picks but functionally it seems to be doing the job well.

I've created some isolation through firewall and filter settings from my wireless network so that even if you gained access to my WiFi you won't be able to access my LAN. They are running on different interfaces (it was actually easy).

The intrusion detection app doesn't seem to be super robust.. it tells me things are detected and not blocked.. I probably could use some help with that portion.

Webcaching, A/V, and even adblocking seem to work to some extent (at least they don't give me any issues, I don't rely on them but consider them bonus protection).

Overall it's miles better than my old Linksys..

Would love to hear other stories especially those who have really learned and tweaked Untangle to get the most out of it.

thumb.gif
 
Save
Reply Quote Rep+ Rep+
#18 ·
Quote:
Originally Posted by Laithan View Post

A few months under my belt with Untanlge... so far I am liking it.. I have some small nit-picks but functionally it seems to be doing the job well.

I've created some isolation through firewall and filter settings from my wireless network so that even if you gained access to my WiFi you won't be able to access my LAN. They are running on different interfaces (it was actually easy).

The intrusion detection app doesn't seem to be super robust.. it tells me things are detected and not blocked.. I probably could use some help with that portion.

Webcaching, A/V, and even adblocking seem to work to some extent (at least they don't give me any issues, I don't rely on them but consider them bonus protection).

Overall it's miles better than my old Linksys..

Would love to hear other stories especially those who have really learned and tweaked Untangle to get the most out of it.

thumb.gif
Click to expand...
Yeah it is kinda a pain in the ass, as you pretty much have to setup everything yourself. Would have been nice to see some automated blocking option.
 
Discussion starter · #19 ·
Thanks for the reply.

Wonder if it would be appropriate to share some of the config people are using. I'm sure the IPs etc can be masked. I'm going to try and dig a bit deeper also. IDS is a bit new to me but everyone has to start somewhere
smile.gif


https://wiki.untangle.com/index.php/Intrusion_Prevention
 
Save
Reply Quote Rep+ Rep+
#20 ·
Intrusion Detection is just the detection part, so it doesnt auto block on its own. Intrusion Prevention usually comes with auto block rules. These dont always work great though and you can get some blocking of valid hosts and then websites fail to work or games wont connect. It is hard to strike a balance.
 
1 - 20 of 20 Posts
About this Discussion
19 Replies
5 Participants
Last post:
EniGma1987
Overclock.net
posts
28M
members
562K
Since
2004
The premier forum for overclocking experts and enthusiasts. Discuss hardware optimization, custom builds, benchmarking, cooling solutions, and pushing the boundaries of computing performance. From beginner guides to extreme overclocking, join our technical community to master system tuning.
Full Forum Listing
Explore Our Forums
Intel CPUs Hardware News NVIDIA PC Gaming Water Cooling