Secure Remote Access with the Linux-based Untangle Gateway
Dynamic DNS, Remote Access, User Accounts
We've already seen how the open source Untangle Network Gateway can help protect, control, and monitor the Internet access for our entire network. In the first part, we did the basic configuration. In the second part, we set up the OpenVPN App to do site-to-site and client-to-site connections. Now we'll experiment with the Remote Access Portal App.
This remote access feature is one of Untangle's premium applications. It lets your users access access remote desktop connections, network shares, and quarantined email via a Web browser. Figure 1 shows an example of the Web portal.
Unlike the more traditional VPN technologies (OpenVPN, PPTP, or L2TP), this is a client-less solution using SSL with a Web browser to encrypt the connection between your Untangle server and the remote user.
Set up a dynamic DNS service if you don't have a static IP address
You'll probably be connecting to the portal via the Internet, which requires you to know your IP address--or maybe not. If you only get a dynamic IP address from your ISP, it will be hard to keep track of your IP when it changes while you're out of the office. However, you can sign up with a dynamic DNS service. It will give you a hostname (such as yourname.getmyip.net) that's always pointed to your current IP address. Even if you have a static IP address, this URL is much easier to remember.
The first step is to sign up with a dynamic DNS provider, such as DynDNS or ZoneEdit. You'll create an account and pick out your hostname. Then the second step is to enter your account credentials and hostname onto the Untangle server, so it keeps the provider updated when your IP changes. After you log into the Web-based Untangle Client, click Admin > Networking > Hostname. Then fill out the Dynamic DNS Client Configuration section with the details from your dynamic DNS provider. Don't' forget to hit Save.
Enable remote access to the Untangle Server
In order for users to access the portal from the external interface/Internet, Untangle must be configured to allow remote access. On the Untangle Client, click Admin > Administration. Then make sure the Enable External Administration checkbox is marked, as Figure 2 shows.
Plus optionally, select the Enable External Quarantine Viewing checkbox if you use the email services on Untangle and want remote users to be able to check for filtered messages.
If you aren't using Untangle as your router and gateway to the Internet, you must configure your main router to forward traffic on port 443 to the IP address of the Untangle machine.
Install and enable the Remote Access Portal
If you haven't already, you must install the Remote Access Portal App: select the Apps tab on the main page of the Untangle Client and click the Remote Access Portal icon or link. You'll be taken to a Web page where you can download the trial or purchase it--make sure the server is connected to the Internet. Once it's added to the rack, verify its power light is green.
Creating accounts for users
The Remote Access Portal can use the Local Directory of Untangle or a Microsoft Active Directory server to authenticate the remote users. So make sure each user wanting this remote Web access has an account on either of these servers. To use the local database, login to the Untangle Client and click Config > Local Directory and create accounts. Then make sure the Remote Access Portal can use these accounts: click Apps > Remote Access Portal > Global Settings. Now make sure the Create Accounts On Demand From User Directory option is marked, as Figure 3 shows.
- 1Linux Top 3: Fedora 24, Peppermint 7 and Solus 1.2
- 2Linux Top 3: Alpine Linux 3.4, deepin 15.2 and Linux Lite 3.0
- 3Linux 4.7 Set to Boost Live Patching, Security and Power Management
- 4Linux 4.6 Charred Weasel adds USB 3.1 Support
- 5Linux Top 3: OpenIndiana 2016.04, Ubuntu 16.04 and Debian's New Leader