Good news here as well. We're running two firewalls (at two different locations) with 5.011 and the major problems seem to have disappeared. One thing still not working correctly, however, is the viewing of internal websites using an externally resolved IP address -- that still results in a proxy error. For example, if you run a web server on your internal network and have a DNAT rule to permit external access using the IP address of the external interface, and you try to access this website from INSIDE the network using the public URL, it fails every time. This didn't occur in v4, so this is some sort of proxy issue. It's been reported to Astaro, guess the fix didn't make this up2date.
After I updated from 5.010 to 5.011. Astaro displays some wrong IPs in "Licensing > Licensed users (IPs)". Before the update it displayed IPs, like "192.168.1.2, 192.168.1.3, 192.168.1.4" and so on. Now it displays IPs from some of the websites I visit and my DNS server.
Hello, Just wanted to chime in a say thanks for such a great product. I am looking forward to using v5.
Is the issue concerning using an external IP to access an internal box (webserver, mail server etc..) truly a bug?
I would think that's how it should work. Perhaps it's more of a feature to have the router "redirect" traffic pointed to the external IP to the actual internal IP.
[ QUOTE ] Hello, Just wanted to chime in a say thanks for such a great product. I am looking forward to using v5.
Is the issue concerning using an external IP to access an internal box (webserver, mail server etc..) truly a bug?
I would think that's how it should work. Perhaps it's more of a feature to have the router "redirect" traffic pointed to the external IP to the actual internal IP.
just my 2 cents...
JM
[/ QUOTE ]
Yep, it's a known bug. Let's say you have a company mail server inside your network that provides webmail, and to get to it your users browse to "webmail.mycompany.com". That should definitely work even if you're inside the network, but with ASL 5 it does not, you just get an error page. Until this bug is fixed, the only way in this example to get to the webmail server is for the users to browse using the fixed internal IP address. Could this be solved by using an internal DNS? Yes, of course, but not everyone has one -- and even if they did, many of them would have to set up a split DNS arrangement to deal with this.
About the user ip listing showing external addresses ... does this have any effect on the IPSec VPN availability from external networks? I seem to have experienced this. Sometimes I cannot connect to the IPSec VPN from an external address. The connection works most of the time but others, my SSH icon flashes red and says to check that the gateway is online, yada yada. I am beginning to wonder if this has something to do with the fact that I'm licensed for 10 users but my usage is many times that due to the external addresses showing up in "licensed users".
You don't need to worry about the license IP count for now. That feature is not yet implemented by Astaro -- the counts are all wrong and they're busy on more important fixes at the moment.
Then, has anyone else experienced flakey PPTP and IPSec vpn performance and reliability? Sometimes users can connect to either type and other times they can't ... for no apparent reason.
Like I said in my previous posting, I think the direction that Astaro is taking with v5 is great but I think releasing it to the public was premature, considering all of the problems/bugs in this release. Supporting customers running v5 is likely to be difficult at best until a lot of the problems are solved.
[ QUOTE ] Like I said in my previous posting, I think the direction that Astaro is taking with v5 is great but I think releasing it to the public was premature, considering all of the problems/bugs in this release. Supporting customers running v5 is likely to be difficult at best until a lot of the problems are solved.
-- Clay
[/ QUOTE ]
Those of us who are partners with Astaro are REALLY feeling the heat -- the problems with v5 are massacreing our bottom lines. Astaro knows this, and they're sympathetic, so I really don't want to beat them up. Look at it this way: at least Astaro is a good company and they give a damn. They made a mistake in the way that v5 was released, but that's all water under the bridge at this point and we just have to go forward positively. Our whole business surrounds the Astaro product, so you can imagine what our staff is doing right now (basket weaving, anyone?). We WERE deploying 5.011 and about two days ago called off all our jobs while we wait for the next up2date. Fortunately, I don't drink much.
