Secure Remote Access with the Linux-based Untangle Gateway
Dynamic DNS, Remote Access, User Accounts
We've already seen how the open source Untangle Network Gateway can help protect, control, and monitor the Internet access for our entire network. In the first part, we did the basic configuration. In the second part, we set up the OpenVPN App to do site-to-site and client-to-site connections. Now we'll experiment with the Remote Access Portal App.
This remote access feature is one of Untangle's premium applications. It lets your users access access remote desktop connections, network shares, and quarantined email via a Web browser. Figure 1 shows an example of the Web portal.
Unlike the more traditional VPN technologies (OpenVPN, PPTP, or L2TP), this is a client-less solution using SSL with a Web browser to encrypt the connection between your Untangle server and the remote user.
Set up a dynamic DNS service if you don't have a static IP address
You'll probably be connecting to the portal via the Internet, which requires you to know your IP address--or maybe not. If you only get a dynamic IP address from your ISP, it will be hard to keep track of your IP when it changes while you're out of the office. However, you can sign up with a dynamic DNS service. It will give you a hostname (such as yourname.getmyip.net) that's always pointed to your current IP address. Even if you have a static IP address, this URL is much easier to remember.
The first step is to sign up with a dynamic DNS provider, such as DynDNS or ZoneEdit. You'll create an account and pick out your hostname. Then the second step is to enter your account credentials and hostname onto the Untangle server, so it keeps the provider updated when your IP changes. After you log into the Web-based Untangle Client, click Admin > Networking > Hostname. Then fill out the Dynamic DNS Client Configuration section with the details from your dynamic DNS provider. Don't' forget to hit Save.
Enable remote access to the Untangle Server
In order for users to access the portal from the external interface/Internet, Untangle must be configured to allow remote access. On the Untangle Client, click Admin > Administration. Then make sure the Enable External Administration checkbox is marked, as Figure 2 shows.
Plus optionally, select the Enable External Quarantine Viewing checkbox if you use the email services on Untangle and want remote users to be able to check for filtered messages.
If you aren't using Untangle as your router and gateway to the Internet, you must configure your main router to forward traffic on port 443 to the IP address of the Untangle machine.
Install and enable the Remote Access Portal
If you haven't already, you must install the Remote Access Portal App: select the Apps tab on the main page of the Untangle Client and click the Remote Access Portal icon or link. You'll be taken to a Web page where you can download the trial or purchase it--make sure the server is connected to the Internet. Once it's added to the rack, verify its power light is green.
Creating accounts for users
The Remote Access Portal can use the Local Directory of Untangle or a Microsoft Active Directory server to authenticate the remote users. So make sure each user wanting this remote Web access has an account on either of these servers. To use the local database, login to the Untangle Client and click Config > Local Directory and create accounts. Then make sure the Remote Access Portal can use these accounts: click Apps > Remote Access Portal > Global Settings. Now make sure the Create Accounts On Demand From User Directory option is marked, as Figure 3 shows.
- Skip Ahead
- 1. Dynamic DNS, Remote Access, User Accounts
- 2. Dynamic DNS, Remote Access, User Accounts
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: RHEL 6.7, BackBox Linux 4.3 and RoboLinux 8.1
- 2Linux Top 3: SLES 11 SP4, Chromixium OS 1.5 and Canonical Licensing
- 3Linux Top 3: VirtualBox 5, Point Linux 3.0 and OpenSUSE Leap 42.x
- 4Linux Top 3: Linux 4.2 rc1, 4MLinux 13 and antiX15
- 5Linux Top 3: Linux Mint Rafaela, OpenMandriva Lx 2014.2 and VectorLinux 7.1