VPN Service with UTM recommendations?

If you use Google, shop at Amazon or Walmart or do any of dozens of other things, your life already is an open book.  In any case, if you want to encrypt all of the traffic out of your UTM and hide your IP, you will need an additional device as the UTM doesn't have the possibility of being a VPN client itself.

Cheers - Bob

Bob -

I understand the UTM cannot act as a client, that's not what I am trying to do.

I have a VPN service on my phone, Tunnelbear, and was trying it out on my desktop as well, but the UTM was blocking both from connecting to their servers.  Just curious if others have tried some of the other VPN services already (ie, NordVPN), settled on oneand if it required any configurations to make them work.

My corporate Cisco VPN works no problem through the UTM without any configuration required.  So I'm not sure why Tunnelbear would be blocked.

Thanks.

I would assume the firewall is blocking it...did you make rules to allow the connection out?  Check you logs.

Darrell probably nailed it, but you might check #1 in Rulz.

Cheers - Bob

I got it working with a FW rule to allow the specific NordVPN server the client was trying to connect to.

Is there a way to specify multiple servers (hostnames, not IPs) in a FW rule? IE, Nord has a lot of servers in the US, so I'd like to create a rule that will allow the traffic to any of the US servers, not just one.

FYI, throughput wasn't bad actually.  I installed the Win10 app, and over Wifi, on speedtest.net I was getting 60/60mbps. 

I'd imagine you would create the hosts as dns hosts and then add them to an availability group which you add as the destination.

What Louis said.

If there are multiple IPs associated to a single FQDN, create a DNS Group definition instead of a DNS Host - I would be surprised if NordVPN did that though.

Probably, your best bet is to allow the port you're using for NordVPN to "Any" or "Internet" instead of individual servers.

Cheers - Bob

Not multiple IPs associated to one fqdn, but multiple, hundreds it appears, of fqdns that the app chooses between based on load I presume.

https://nordvpn.com/servers/

Will look at what port it might be using that and try that route.

Bob - 

Thanks for the direction again!

I've got a simple rule now allowing the ports used (OpenVPN and IKEv2/IPSEC) and it is working nicely.

Whiltst on this subject, I've often thought if the UTM could act like a client ie it's wan connection could be set to that it terminated on one of these services so that traffic was encrypted until it hit the egress point (sort of orion router really) to prevent your ISP spying on you?

Maybe these services should allow site to site?

I know its an old question but i am facing the same UTM Blocking, Will it also work for other VPN, Like i am also trying to create a rule for allowing dns groups and portals for PureVPN, Will it also work on it? These are its servers.

www.purevpn.com/server-location

Hi, I have NordVPN. Can you advise how I can configure this to my XG firewall. I want to open NordVPN port in my firewall. Currently whenever I activate the VPN, it cripples traffic.

Thanks

Hi, I have NordVPN. Can you advise how I can configure this to my XG firewall. I want to open NordVPN port in my firewall. Currently whenever I activate the VPN, it cripples traffic.

Thanks