Just curious if/how many people are having problems when their 5.03 machines are upgraded to 5.2? We've got a client site that was up on Friday running with an Untangle XD (has been up for almost 6 months) box but we can't reach the network or the Untangle box today. No access at all - remote, SSH, e-mail, VPN. Haven't confirmed that it's Untangle yet - no one is onsite today but we will have to make the trip tomorrow so that they are not in a jam Monday morning.

Has anyone seen any problems with the upgrade? We haven't made any changes since yesterday, and I'm just curious if the box upgraded from 5.03 to 5.2 last night or early today. I'll post back tomorrow when I know for sure what the problem is.

Doug
www.vbcnetworks.com

we haven't started upgrades to 5.2 available to 5.0.3 boxes yet
(except for special requets...)

Thanks for the reply, Dirk.

I thought I'd read a post that upgrades had started happening a few at the time for those boxes that had auto upgrade selected.

The Untangle box is the gateway on that network and the upgrades were one of the first things that came to mind. The external Untangle interface is the first connection to the outside world and we can't reach it at all. Until today, we have connected remotely to it when needed. I'll post back tomorrow when we see what's happened.

Doug
www.vbcnetworks.com

Just to update - Untangle was not at fault in any way.

One of the T1 lines went down at the client site over the weekend. Everything internally, including Untangle, is running fine. The Untangle box is still at 5.03

Doug
www.vbcnetworks.com

My 5.1 box did the auto update to 5.2 over the weekend and now the SMTP gateway is not accepting any inbound connections. I've not had time to go through all the logs yet, and luckily I still had my old IPCop box laying around that I reverted back to until I could get this issue resolved. Any Ideas?

My 5.1 box did the auto update to 5.2 over the weekend and now the SMTP gateway is not accepting any inbound connections. I've not had time to go through all the logs yet, and luckily I still had my old IPCop box laying around that I reverted back to until I could get this issue resolved. Any Ideas?

Actually no, since there isn't any real fix that went in that would affect inbound connections and or SMTP.

Went through all the logs and no errors were being logged by the system. Guess I'll be wiping this box and reverting back to 5.1.

Hope you have it on CD. Otherwise, you'll auto-upgrade to 5.2 before you can do anything. You could always post your SMTP forwarding settings so we have a chance to help.

Went through all the logs and no errors were being logged by the system. Guess I'll be wiping this box and reverting back to 5.1.

Can we get more details of the problem to help debug and troubleshoot it?

Sorry for the late post, but I must declare MDH is the man! OK here's the scenario, my original firewall rule in 5.1 stated the following, Pass SMTP traffic on client interface "any", server interface "any", source address "any", destination address "<external IP address>", source port "any", destination port "25" (key word here being "any"). This worked fine in 5.1 because the forwarding rules took care of routing the packets to the proper server address on the inside. 5.2 did not like this rule and had to be changed to the following. Pass all traffic destined for port 25, client interface="External", server interface="Internal", destination address="<Internal Server IP>", source address="any", source port="any". This worked like a charm, thanks for all your help MDH your the best!

the first of (3) 5.0.3 to 5.2 auto upgrade completed just fine. Only thing was it did it at 2:09 PM instead of 2:09 AM. My Internet and vpn was down for about 15-20 minutes. But the system came back up re-established vpn to a 5.0.3 unit at the other branch, (without rebooting the 5.0.3 box by the way). Way To Go!!! Untangle!!! Still need to check that remote access works. Wonder when the other 2 boxes will update?

Hi guys,

Just wondering if there's a timeframe to when we a general 5.03-5.2 upgrade roll-out can be expected?

/Pete

Hi guys,

Just wondering if there's a timeframe to when we a general 5.03-5.2 upgrade roll-out can be expected?

/Pete

We are slowly rolling it out to 5.0x folks. There are over 2k worth of machines to update.

We are not doing any upgrades over the Memorial Weekend because we didn't want to ruin anyone's weekend holiday.

= Gentle reminder - if you would like to 'cut in line' please send me your box activation key, make sure that auto-upgrades are turned on. If you have more than one box (say you're doing OpenVPN from two Untangles), You must do ALL your boxes at once.. So please provide all the box keys you want upgrade.

Thank you

Hey There -


How do I get on the "list"??

I've got a XD Box that I'd like upgraded - not sure how to do it (no cdrom)

Currently the web filtering does not work on this box (5.03) - I've removed it, added it again and even used the blocked URL's with no luck.

So my suggestion is upgrade the box and see if the new components work. I'd prefer to upgrade instead of a full reload.

Do I need to call support to enable this?


bl-

bloodline,

Turn on AUTO-UPGRADE in CONFIG->UPGRADE->SETTINGS. Go to CONFIG->SETUP INFO and get the 16-character activation key. PM it to me, and I will get you on the list for Tuesday night.

P.S. I be Support!

After automatic 5.2 upgrade Sonicwall Site-to-Site VPN's have no access to network shares or Windows resources i.e. exchange. The only way I can make it work is physically bypassing the Untangle. The Untangle is in bridge mode between the ISP --> Sonicwall --> Untangle --> LAN. All local access to shared folders and exchange works fine. The problem did not existing before the 5.2 upgrade. Any sugestions?

Local LAN 192.168.1.0/24
Gateway 192.168.1.1
Untangle 192.168.1.4

Remote LAN 192.168.16.0/24
Remote Gateway 192.168.16.1
Test Client 192.168.16.185

Test Client can ping, tracert, nslookup, HTTP - Just can't get to any shared folders on any server via name or ip \\server3 \\192.168.1.117, "net time" also fails.

If I bypass the Untangle via cabling everything works fine including "net time"

C:\Documents and Settings\administrator.BUCKEYEDIST>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : PBWKS005
Primary Dns Suffix . . . . . . . : buckeyedist.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : buckeyedist.local
buckeyedist.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : buckeyedist.local
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
Physical Address. . . . . . . . . : 00-13-72-DC-B8-45
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.185
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DHCP Server . . . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.1.112
192.168.1.111
68.94.156.1
Primary WINS Server . . . . . . . : 192.168.1.112
Lease Obtained. . . . . . . . . . : Monday, May 26, 2008 8:46:43 PM
Lease Expires . . . . . . . . . . : Tuesday, May 27, 2008 8:46:43 PM

C:\Documents and Settings\administrator.BUCKEYEDIST>tracert 192.168.1.111

Tracing route to adserver.buckeyedist.local [192.168.1.111]
over a maximum of 30 hops:

1 21 ms 20 ms 35 ms adserver.buckeyedist.local [192.168.1.111]

Trace complete.

C:\Documents and Settings\administrator.BUCKEYEDIST>net time
System error 5 has occurred.

Access is denied.

C:\Documents and Settings\administrator.BUCKEYEDIST>

I have a customer that has an Untangle 5.0.3 box that autoupdated. Now they cannot access some of their network resourses. A prime example is www.printonlinenow.com It pops causes an untangle message "The requested resource (/branding/) is not available. " They are getting the same issue when trying to access an order entry application within their company.

I have a customer that has an Untangle 5.0.3 box that autoupdated. Now they cannot access some of their network resourses. A prime example is www.printonlinenow.com It pops causes an untangle message "The requested resource (/branding/) is not available. " They are getting the same issue when trying to access an order entry application within their company.

Same thing happened here. Ours upgraded this morning, and now our exchange OWA is not accessable. Also the router is missing from the rack and I cant find it to install.

Peter

Same thing happened here. Ours upgraded this morning, and now our exchange OWA is not accessable. Also the router is missing from the rack and I cant find it to install.

Peter
Hi Peter

The router has been removed. You will find that all the networking now has been consolidated under the CONFIG > Networking.

You can configure, set up your DNS, DHCP, Port Forwarding, and advance features such as Packet Filter and ByPass rules.

To see all the changes made - http://wiki-beta.untangle.com/index.php/5.1_Changelog
and
http://wiki-beta.untangle.com/index.php/5.2_Changelog

There has been a LOT of changes to the networking especially.

As for your OWA not being accessable, my first suggestion would be to go look at the Networking settings and look over your port forwarding rules.

You should probably read the documentation about the new port forwarding rule set up = it has been redesigned since 5.0x

http://wiki.untangle.com/index.php/Port_Forwards#Redirecting_External_and_Internal_Tr affic

Let me know if this helps

I have a customer that has an Untangle 5.0.3 box that autoupdated. Now they cannot access some of their network resourses. A prime example is www.printonlinenow.com It pops causes an untangle message "The requested resource (/branding/) is not available. " They are getting the same issue when trying to access an order entry application within their company.

I get a popup from the site saying Unable to show resource (which is different than yours)- and I am not behind an Untangle. The site seems to be doing a popups itself (had to turn off my Firefox Ad Blocker to see it) - because when I turned off the Firefox AdBlocker the popup says now 'you have popups disabled..... This site uses popups etc...'

As for the popup inside the company.

I will see what happens from work with this url.

A HA! Sorry I missed this post peeps but being a resident of Phoenix, AZ I have some insight into this nightmare....

You see, printonlinenow.com is hosted by Godaddy which is located right next door in Scottsdale. I have worlds of experience with their servers and services and I can tell you right now that the issues you're having are flatly because that web server is misconfigured.

Notice the shift to an IP address after the domain name resolves? This will cause any content filtration system to go bonkers.. then all the popups being generated with no domain name signature do the same.

Also, using an IP to reference a Godaddy server is sheer lunacy due to the fact that they are constantly rotating things around and moving customers from one VM or another. That is why you got /branding/ is unavailable. You were using a stale IP to a server that doesn't have the content on it anymore!

Long and short, get that domain name fixed you aren't the only one seeing this issue.

P.S. Never but NEVER use Godaddy shared hosting for a real commercial web site.. it is just too darn flaky. Get your own server and collocate with them if you want stability.

Well to be honest, I am not the one who set their hosting. Personally I really dislike Go Daddy's services and their tech support leaves a lot to be desired as well.

Since you are local in Phoenix, perhaps you could contact me and provide me with some suggestions. I know one thing I would really like to see in Untangle is a service redirection option. unless of course I can do that already and just haven't found it. I can tell you that in 5.0.3 my exchange server let me log in, but 5.1 it gives me the same Resource not available /exchange. I also believe I have seen the exact same response from other people having the same issue.

Thank you. BTW, I love this program. Kinda hard to understand from ground zero, but it had a rather short learning curve.

Hi Peter

The router has been removed. You will find that all the networking now has been consolidated under the CONFIG > Networking.



I've learned / resolved the issue. It's a firewall issue that doesn't like loop back to internal servers with external addressing. Using the server's internal address works fine.

I've learned / resolved the issue. It's a firewall issue that doesn't like loop back to internal servers with external addressing. Using the server's internal address works fine.

We experienced the same problem. In 5.03:

Going to outside alias, and back through to internal, from inside, worked. For example

Inside: 192.168.1.2
Outside: 1.2.3.4
Routing: 1.2.3.4 port 80 to 192.168.1.2 port 80

On 5.0.3, from inside, traffic to 1.2.3.4 port 80 is sent to port 80 on 192.168.1.2
On 5.2, from inside,traffic to 1.2.3.4 port 80 is sent to the untangle server's web interface (the quarantine/reports etc)

I bypass the problem by adding a DNS entry for the address to the untangle dns

Well to be honest, I am not the one who set their hosting. Personally I really dislike Go Daddy's services and their tech support leaves a lot to be desired as well.

Since you are local in Phoenix, perhaps you could contact me and provide me with some suggestions. I know one thing I would really like to see in Untangle is a service redirection option. unless of course I can do that already and just haven't found it. I can tell you that in 5.0.3 my exchange server let me log in, but 5.1 it gives me the same Resource not available /exchange. I also believe I have seen the exact same response from other people having the same issue.

Thank you. BTW, I love this program. Kinda hard to understand from ground zero, but it had a rather short learning curve.

Yeah that issue is rather nasty and I know the UT guys are working on a better solution. The bottom line is that UT uses port 80 and 443 to do it's management and processing for different things. Like the spam quarantine and the like.. now you can turn off port 80 management, and then you can change the ssl management port within UT. This will allow you to forward and use ports 80,443 on a web server but it breaks the module block warnings and a few other things...

I don't know why this issue extends to all IP addresses bound to the UT server so even if you have more than one wan IP and should be able to lock UT's management to one of them and use the rest for whatever the forwarding/routing rules specify...