Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Wifi blocked

  1. #1
    Untanglit
    Join Date
    May 2016
    Posts
    26

    Default Wifi blocked

    I've been messing around with getting SSL inspector to work and got it working on my LAN but for some reason all my wifi devices are block, My google home's, android phones etc. I've narrowed it down to the SSL inspector but can't figure out why or how to unblock them so they can connect. What i'm seeing on my phone is a x over the wifi and it can't seem to obtain IP From the DHCP server I have on untangle. Here's a pic of my SSL inspector logs.

    Capture.JPG

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    abandoned means the client abandoned the connection because it didn't trust the CA

    you need to install the cert
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    May 2016
    Posts
    26

    Default

    I installed it onto my phone, Do I have to install it onto the wifi router to or something?

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    You need to install it on your ipad in a way that whatever browser you are using trusts the cert.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untanglit
    Join Date
    May 2016
    Posts
    26

    Default

    I tried installing the cert but it still won't let me connect to the internet . Not even my google home or anything else wireless will connect to the internet. How would I go about created an ignore rule for the google homes at least? It connects to the wifi on my android and shows an X though the wifi icon and the IP address on it says 'unavailable'.

  6. #6
    Untanglit
    Join Date
    May 2016
    Posts
    26

    Default

    Ok so I figured it out after a bit of googling. And since the windows 10 tablet and laptop I have both worked fine. Apparently Android phones need to have a secure connection to google services server, if something is 'between' that like A UTM or something it seems to affect that. That's why I was getting an X on my wifi icon. So I pretty much just unchecked the 'inspect google' in the SSL app and so far it's working perfectly. Not sure if it's a good thing to make an exception for everything google but...I mean Official google sites should be safe I would think, right? lol

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Usually the only reason you would want to do SSL inspection on google domains is for enforcing safe search and things like restricting gmail domains.

    As far as protection from google, malware on google servers is not something I have seen. In theory people could put malware on google drive, but google seems to be on top of that unlike some other storage providers. I'm looking at you dropbox.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Untangler
    Join Date
    Aug 2016
    Posts
    81

    Default

    At risk of incurring wrath due to thread jacking, I was going to ask for advice concerning SSL inspection for Google.

    I want to leave SSL inspection enabled so that I can enforce Safe Search and review search queries, but still have Android recognize that it has a functional internet connection via wifi.

    I have the IP address that fails the CA inspection, but when I ignore that single IP, I lose the benefits of SSL inspection for Google.

    Ideas? Obviously, I'm more than happy to paste actual IPs and current rules.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,553

    Default

    *sky-knight slaps ST3ALTHPSYCH0 around with a large trout!*

    Sadly, I don't have any suggestions. Google hard codes certificates into its devices, so any Android device is going to know about the man in the middle the inspector creates. Bypassing the IP addresses needed for the detection bit also bypasses the stuff you need to control.

    It's not a fun problem.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangler
    Join Date
    Aug 2016
    Posts
    81

    Default

    I thought I was being clever when I changed my inspect Google SSL rule to "certificate issuer *google*" AND "hostname "www.google.com"... no dice.

    It's really aggravating too that this issue only seems to be with our Nougat devices. The Marshmallow based devices have not complained once."
    Last edited by ST3ALTHPSYCH0; 02-08-2017 at 01:09 PM.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2