Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Untangler
    Join Date
    Apr 2012
    Posts
    32

    Default

    Bump... Still waiting for a Official response.

  2. #12
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,665
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #13
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    And it's still a train wreck of an answer. The only thing that's worse is your Azure template.
    MNTech68 likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #14
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,665

    Default

    Quote Originally Posted by sky-knight View Post
    The only thing that's worse is your Azure template.
    I heard about your support call.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #15
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    Quote Originally Posted by jcoffin View Post
    I heard about your support call.
    There were two points that are all on me on that setup. But why the heck is that thing still v15.0?

    In the end though, the thing is online... and we have one less ConnectWise setup hanging out online without something in front of it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #16
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,665

    Default

    Quote Originally Posted by sky-knight View Post
    But why the heck is that thing still v15.0?
    Blame Microsoft's insane process for approval.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #17
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    Quote Originally Posted by jcoffin View Post
    Blame Microsoft's insane process for approval.
    Ouch...

    Well, I got to glue the huge L on my forehead... because I forgot the forwarding switch. Never forget the forwarding switch...

    That's 4 hours of my life I'll never get back.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #18
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,854

    Default

    Please continue. I want to know more.
    donhwyo likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,119

    Default

    Quote Originally Posted by jcoehoorn View Post
    Please continue. I want to know more.
    TLDR, Rob running on 3 hours of sleep isn't in great shape to take on new server deployments. He's also apparently incapable of READING because he missed two key details in the very clear, if a bit overly complex documentation provided by Untangle on the subject.

    https://support.untangle.com/hc/en-u...icrosoft-Azure
    and
    https://support.untangle.com/hc/en-u...icrosoft-Azure

    The there are three critical details about all of this that are easily overlooked if you're in a hurry like me, and fall flat into the hubris trap and assume you know Untangle.

    First, the default https password when you use the Azure template to get into the first boot wizard is NOT the password you set when you deploy the template, but the name of the VM itself. This password is immediately changed. Again this is documented in the first link above.

    Second, and this is NOT documented. Due to the nature of cloud services, SSH and HTTPs admin are enabled on External by default. The former I honestly do not understand... as we don't need SSH open during initial configuration. The fact that this is open isn't thrown in your face. To this end, the document provided by Untangle, again link one above is INCORRECT and recommends a horrifically dangerous configuration. To mitigate this, when deploying your External VNet in Azure, make sure your NIC network security group is set to basic or advanced, NEVER USE NONE. You can then deploy a security group rule to allow open access to the Untnagle VPS from a trusted IP address to complete configuration safely. This also means you'll need a rule here for each and every port forward or service access you want to allow. I understand why Untangle support doesn't want to support this configuration, but it's critical that anyone doing this wrap Untangle in Azure's own security or YOU WILL BE BREACHED.

    Which is precisely the reason that support call happened to begin with. Untangle and I now have a mutual customer that's been fighting a hacked box for over a month, and a box that's supposed to be defending an entire ConnectWise Control and Automate investment. Had the real services been breached, we'd be talking about yet another MSP level crypto assault.

    Now this isn't Untangle's fault directly, but it is recommending a dangerous configuration via documentation. That needs addressed.

    And finally, after 6 hours of upgrading the install from v15.0 to current, figuring out how the VNetworking in Azure works, locking down the install to prevent a repeat of all of the above, AND rebuilding the configuration necessary for the thing to actually do its job manually from screen shots. The port forwards wouldn't work... tcpdump showed them working... but nothing was flowing. 2nd link, step 4... enable IP forwarding. Any interface acting as a router in Azure must have forwarding enabled. This is backwards to Untangle running in most hypervisors, where you only need promiscuous mode / forwarding support for bridged interfaces.

    So yeah, all of the above learned the hard way, on 3 hours of sleep, over 12 hours. The last 4 of which were me in near total exhaustion wondering WTF is wrong with this mess until the ConnectWise support agent noticed the light switch was off. To which I've appropriately donned the dunce cap, and sat in the corner. Well, after I passed out anyway.
    Last edited by sky-knight; 07-30-2021 at 09:27 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2