Sky-Knight
Well-Known Member
- Reaction score
- 5,513
- Location
- Arizona
If you're like me you're still trying to get all your stuff to v15.1! But now v16.0 is on the way.
The upgrade from v15.0 to v15.1 is a bit ugly, but the upgrade from v15.1 to v16.0 should be pretty clean. There is no kernel change, and no change to the OS.
What's changed?
Untangle v16.0 finally supports EFI booting, so no more BIOS emulation is required. Though if you've dealt with Debian on this you know how touchy it is, it's a critical feature but not something I'd call a cure all.
The big deal? Untangle v16.0 is coming with a brand new VPN option, Wireguard.
Wireguard is simply incredible technology, everyone on this board should be at least aware of it. It's lean, fast, easily managed, and simply doesn't care about network connectivity. What do I mean? Well, think about how Bittorrent works, you've got a tracker and members of the swarm. The tracker deals with keeping the swarm moving data around. Wireguard works very similarly, so you can cloud hose a wireguard service, and have things connect to it, the rules imposed by the tracker determine what tunnels get setup as needed to achieve connectivity. It's no longer a hub and spoke, it's a full mesh down to the individual endpoint. If that logic even applies, again it's a managed swarm.
So it's easier to manage relative to OpenVPN, which is already easier to manage relative to IPSec/L2TP.
It's more secure than the above technologies.
It's also FASTER than the above technologies.
And if that wasn't enough, at some point Microsoft has promised us a Wireguard VPN client for Windows native. Which means down the road you'll be able to use inTune policies, or GPOs to configure devices to use Wireguard VPN targets.
For now you must use the 3rd party client: https://www.wireguard.com/install/ Which comes as an MSI so easily published via InTune or GPO.
I don't have details on configuration yet simply because I haven't spent any time with Untangle's specific implementation. More data as it comes!
Oh, and if it wasn't clear, I see not reason to restrict upgrades at this time. If you're already on v15.1, moving to v16.0 should be automatic and painless.
The upgrade from v15.0 to v15.1 is a bit ugly, but the upgrade from v15.1 to v16.0 should be pretty clean. There is no kernel change, and no change to the OS.
What's changed?
Untangle v16.0 finally supports EFI booting, so no more BIOS emulation is required. Though if you've dealt with Debian on this you know how touchy it is, it's a critical feature but not something I'd call a cure all.
The big deal? Untangle v16.0 is coming with a brand new VPN option, Wireguard.
Wireguard is simply incredible technology, everyone on this board should be at least aware of it. It's lean, fast, easily managed, and simply doesn't care about network connectivity. What do I mean? Well, think about how Bittorrent works, you've got a tracker and members of the swarm. The tracker deals with keeping the swarm moving data around. Wireguard works very similarly, so you can cloud hose a wireguard service, and have things connect to it, the rules imposed by the tracker determine what tunnels get setup as needed to achieve connectivity. It's no longer a hub and spoke, it's a full mesh down to the individual endpoint. If that logic even applies, again it's a managed swarm.
So it's easier to manage relative to OpenVPN, which is already easier to manage relative to IPSec/L2TP.
It's more secure than the above technologies.
It's also FASTER than the above technologies.
And if that wasn't enough, at some point Microsoft has promised us a Wireguard VPN client for Windows native. Which means down the road you'll be able to use inTune policies, or GPOs to configure devices to use Wireguard VPN targets.
For now you must use the 3rd party client: https://www.wireguard.com/install/ Which comes as an MSI so easily published via InTune or GPO.
I don't have details on configuration yet simply because I haven't spent any time with Untangle's specific implementation. More data as it comes!
Oh, and if it wasn't clear, I see not reason to restrict upgrades at this time. If you're already on v15.1, moving to v16.0 should be automatic and painless.
