Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24
  1. #11
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    I am not a fool who is looking to jack around with my customer's businesses (and mine in turn) by messing around with bleeding edge. Your tech support is adamant that we update to the latest version with nearly every ticket I open.

    Why? Mostly bug fixes. Same idea behind your underlying components. 5.2.2 fixes a vulnerability and is not bleeding edge. It is 13 releases back & over 2 years old.

  2. #12
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    And I would think you guys would want to do everything you can to decrease the IPsec phone calls & forum posts where people are having problems.

  3. #13
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    vulnerabilities fixes (security) are backported.

    I agree. Frequently/always changing versions of 1500 packages would lead to total chaos and certainly decrease stability, testing, and overall satisfaction with the project.
    Thats why we don't do it.

    Its clear to me that you likely have some issue and have no idea what the issue is.
    Therefore you're assuming that a newer version would help. If you have an issue, there are lots of ways to get help! We're here to help.

    edit:
    Are you referring to CVE-2017-11185?
    The fix for that is included already.

    I'm really not sure what you're digging at. If you just want to provide feedback about our development process. Thanks. If you have an issue I would just start a thread.
    Last edited by dmorris; 11-18-2017 at 01:42 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #14
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    To be honest, you guys are so fantastic at your web & application control & bandwidth control. You stand out from the crowd. And your reporting these days is fantastic.

    I almost wish you would just remove all VPN functionality from Untangle altogether so we would get frustrated when it works less reliably than other solutions. Basically force us to use best in class. Then we can use you for the Internet control & associated security, and another vendor for the VPNs.

    That's kind of what we're already doing anyway in most cases. Just yesterday I signed a new MSP client who has SonicWalls. We diagnosed & fixed some of their network problems during the pre-contract phase by putting a loaner Untangle in front of their SonicWall in bridge mode. Suddenly we can see everything (had a paid Complete Package subscription of course).

    Then in my conversation with the customer about IT strategy going forward, they suggested they could just replace their SW's with Untangle. I told them that it may be better to run both, because of their need for IPsec between their 2 offices + another tunnel to RackSpace.

  5. #15
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Unfortunately you still haven't actually described any issue we could possible help with.
    Like I said, if you have an issue - we can help.

    If you want help on the forums I would start here: https://forums.untangle.com/announce...uidelines.html
    You can also contact us in support (much of the same advice will help but is not required).

    Best of luck!
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #16
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    Quote Originally Posted by dmorris View Post
    vulnerabilities fixes (security) are backported.
    I agree. Frequently/always changing versions of 1500 packages would lead to total chaos and certainly decrease stability, testing, and overall satisfaction with the project.
    Thats why we don't do it.
    I completely agree with this principal. So if you're saying there is still somone out there backporting security & stablity fixes to the current version of strongSwan being used, then I am satisfied on that one. I completely agree and understand the enormous burden that comes with each new *feature* (whether your own, or from an underlying component). So for me, security & stability are way way more important (as they really should be to everyone).

    Quote Originally Posted by dmorris View Post
    Its clear to me that you likely have some issue and have no idea what the issue is.
    Therefore you're assuming that a newer version would help. If you have an issue, there are lots of ways to get help! We're here to help.
    Well you probably saw my other post. So yeah. I got it working. But not in a way that seems correct. I think your tech support is closed Saturdays, right? I do normally open tickets for mission-critical issues and probably will on the issue discovered today. That wasn't entirely what prompted this thread though. I went to the IPsec forum category after making my other post and saw one of the most recent threads with users having to stop/start the ipsec app to get their tunnels back up. I 've had that problem with Untangle too and it was hard to hold back. Honestly, I don't care what version of strongSwan you use or whether you write your own ipsec from scratch. All I care about is that it works and we can sleep at night knowing we're not gambling with customer connections.

    I've had a ticket open for that very same problem that one of your techs was going back & forth with me on for months. I finally switched over to IKEv2 last week and it seems to have finally fixed it.

    I will also say that with that and another recent ticket where I had to teach your tech about Untangle's pre-nat / post-nat fields in the sessions table, both of these tickets got way better once that your tech support manager got involved.

    Cisco's CCIE's get special privileges to bypass the first few tiers of tech support. Maybe Untangle should consider something like that.

  7. #17
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    Here's the issue *I'm* having today: https://forums.untangle.com/networki...el-issues.html

    Anyway I do have subscriptions on both of these devices and will go ahead & create a ticket.

  8. #18
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    There's a lot I don't know about that issue, but that issue almost certainly has nothing to do with the version of strongswan/libc/kernel/etc etc.

    The only way to find out will be to troubleshoot the issue. If you opened a ticket we'll take a look! Thanks.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,412

    Default

    Also, Untangle has SSH access available, and the ucli commands. While I don't know what the specific commands are off the top of my head, it's possible to automatically remotely restart the IPSec module in the event of a connection fault. So if you have something monitoring network connectivity, and it detects a connection fault one of the automatic remediation options available to you via Untangle is to restart that service. A reboot fixed it isn't a fix of course, but it can be useful in maintaining up time while investigating what's going on.

    You simply cannot do that with anyone else at the router level. Ok well you can, but we're talking Cisco here... big money stuff.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #20
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    686

    Default

    Quote Originally Posted by dmorris View Post
    There's a lot I don't know about that issue, but that issue almost certainly has nothing to do with the version of strongswan/libc/kernel/etc etc.
    I agree. I was leaning toward the way you guys maintain existing sessions. IDK what your expiry period is, but when the phone keeps sending a SIP registration packet every second, it doesn't give Untangle the ability to let that session timeout occur so it can build up a new session mapping & NAT translation based on current routes. Just a wild guess .

    Thanks for your time. Ticket is open and we'll follow up next week.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2