Hi all,
My email has been running through wingate for ages now without any problems. After updating to the latest version 5.2.2 I found that I could not make any secure connections (SSL). I reinstalled the previous version 5.2 and found that the SSL problem (logging in to MSN or viewing webmail) was solved. However I'm now experiencing POP3 proxy problems in that I'm not getting any mail from my ISP or at an extremely low rate. When I disable the POP3 proxy there's no problem and the mail is received. Obviously that is not what I want as no internal mail is now accepted. Can someone look at the SSL problem with 5.2.2 so that I can upgrade and leave the POP3 problem behind, which seems to have been solved in the latest version.
Thanks,
Han.
Wingate 5.2 and POP3 proxy
Moderator: Qbik Staff
10 posts
• Page 1 of 1
by neil » Dec 15 03 11:07 am
How are you making these SSL connections?! I've just tried 5.2.2 here making SSL connections on port 443 via NAT and via direct WWW proxy, and succeeded both times. Are you using NAT? WGIC? do you have any policies set up? Do you mean hotmail when you say webmail?! ie are both of the things failing MS / passport related?! Does the connections attempt show up in GateKeeper?!
Regards
Neil
Regards
Neil
- neil
- Qbik Staff
- Posts: 356
- Joined: Sep 03 03 2:42 pm
- Location: Auckland
by han » Dec 15 03 10:06 pm
neil wrote:How are you making these SSL connections?! I've just tried 5.2.2 here making SSL connections on port 443 via NAT and via direct WWW proxy, and succeeded both times. Are you using NAT? WGIC? do you have any policies set up? Do you mean hotmail when you say webmail?! ie are both of the things failing MS / passport related?! Does the connections attempt show up in GateKeeper?!
Regards
Neil
Hi Neil,
Two situations. One connection made out through WWW proxy (LAN setting in browser pointing to the wingate server i.e. 192.168.1.1) with the https initially set as 'accept secure on all ports'. Connection attemps to webmail at university and my isp both failed. Nothing happened on the browser screen. The attemp showed up in gatekeeper as being made out on 443. I then changed the https tab to accept connections out on 443. This made no difference.
Second situation concerns MSN messenger. These are configured to connect out via the SOCKS proxy but when logging in they use the WWW proxy and port 443. Attempts to log in failed on both a client (pointing to 192.168.1.1) and the server (pointing to 127.0.0.1). When a direct connection, i.e. outside wingate was made from the server machine, there were no problems. Also version 5.2 gives no problems whilst no configuration changes have been made. The change to the https tab, i.e. to accept port 443, was still there after reinstalling the previous version 5.2.
As far as policies are concerned, there is only one policy at system level to only accept assumed users coming from 127.0.0.1 and 192.168.1.* Proxies have been bound to 127.0.0.1 and 192.168.1.1 if thats the correct term.
Think thats about it. Hope you'll come up with something. In the meantime things seem to be working although the pop3 proxy remains unstable.
Regards,
Han.
- han
- Posts: 30
- Joined: Dec 14 03 7:18 am
by han » Dec 17 03 10:38 am
Hi there,
Just wondering if you have come up with anything yet? The mail is really getting in very slowly if at all under the current wingate version. Tried installing the new one again but with the same results described above.
Keep up the good work!
Han.
Just wondering if you have come up with anything yet? The mail is really getting in very slowly if at all under the current wingate version. Tried installing the new one again but with the same results described above.
Keep up the good work!
Han.
- han
- Posts: 30
- Joined: Dec 14 03 7:18 am
by adrien » Dec 18 03 1:08 pm
yep, 5.2 had some problems with POP3 with small files if you were using scanning on the POP3 proxy.
As for MSN using SSL tunnelling when it is configured to use SOCKS - that is MS for you.
Even Outlook will use the internet connection settings configured for IE rather than its own, which means it will use SSL tunnelling (CONNECT method via HTTP) or SOCKS if IE is configured to use that.
For IE, it will use SOCKS only if a specific proxy is not specified for the protocol in question, i.e. if you have a proxy set for HTTP, but not Secure or FTP, and a SOCKS server specified, it will use SOCKS for Secure, FTP etc, but not HTTP.
Adrien
As for MSN using SSL tunnelling when it is configured to use SOCKS - that is MS for you.
Even Outlook will use the internet connection settings configured for IE rather than its own, which means it will use SSL tunnelling (CONNECT method via HTTP) or SOCKS if IE is configured to use that.
For IE, it will use SOCKS only if a specific proxy is not specified for the protocol in question, i.e. if you have a proxy set for HTTP, but not Secure or FTP, and a SOCKS server specified, it will use SOCKS for Secure, FTP etc, but not HTTP.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by neil » Dec 18 03 5:06 pm
One other thing that just occured to me; you could try deleting the WWW proxy and recreating it. If there is some setting in there thats causing an issue this would flush it out.
I've tried using MSN messenger 6.1 here today, and i was connecting via socks, with the port 443 bit done via the www proxy and didn't experience a problem, so i'm fairly convinced that it must be some setting somewhere in your system (although why jsut changing the engine back to the 5.2 one should fix it i'm not sure).
ALso do you have the AV installed and active?! if so try turning this off in the WWW proxy, and see if that makes a difference.
Regards
Neil
I've tried using MSN messenger 6.1 here today, and i was connecting via socks, with the port 443 bit done via the www proxy and didn't experience a problem, so i'm fairly convinced that it must be some setting somewhere in your system (although why jsut changing the engine back to the 5.2 one should fix it i'm not sure).
ALso do you have the AV installed and active?! if so try turning this off in the WWW proxy, and see if that makes a difference.
Regards
Neil
- neil
- Qbik Staff
- Posts: 356
- Joined: Sep 03 03 2:42 pm
- Location: Auckland
by han » Dec 21 03 11:32 pm
Hi all,
Right here's what has happened after following your advise and some tweaking of my own. But first let me reiterate its not just a problem with MSN, its a problem with any https connection being made, including web mail throught IE as browser.
I uninstalled Wingate and KAV (all latest versions) completely and removed all references to KAV from the registry. I then installed Wingate 5.0.7 and VAV 4.3.3.1 (which was the last combination to work for me). When I was convinced after two days that all was working, I installed Wingate 5.2.2.
As soon as I tried logging in to MSN the old problem occurred. After switching off AV scanning in the WWW proxy, all was resolved and is working fine now. So although the problem is resolved I'm not to happy about the AV scanning being turned off in the WWW proxy. Please also note that the initial problem occurred with KAV installed but that I'm now using VAV again as scanner.
I haven't tried rebuilding the WWW proxy as suggested as I'm a little unsure there on how to proceed. Also having completely uninstalled and build up from scratch should cover that angle?
Thanks for the support up to now, looking forward to a reply.
Kind regards,
Han.
Right here's what has happened after following your advise and some tweaking of my own. But first let me reiterate its not just a problem with MSN, its a problem with any https connection being made, including web mail throught IE as browser.
I uninstalled Wingate and KAV (all latest versions) completely and removed all references to KAV from the registry. I then installed Wingate 5.0.7 and VAV 4.3.3.1 (which was the last combination to work for me). When I was convinced after two days that all was working, I installed Wingate 5.2.2.
As soon as I tried logging in to MSN the old problem occurred. After switching off AV scanning in the WWW proxy, all was resolved and is working fine now. So although the problem is resolved I'm not to happy about the AV scanning being turned off in the WWW proxy. Please also note that the initial problem occurred with KAV installed but that I'm now using VAV again as scanner.
I haven't tried rebuilding the WWW proxy as suggested as I'm a little unsure there on how to proceed. Also having completely uninstalled and build up from scratch should cover that angle?
Thanks for the support up to now, looking forward to a reply.
Kind regards,
Han.
- han
- Posts: 30
- Joined: Dec 14 03 7:18 am
by han » Dec 22 03 5:36 am
Hi all,
Think I've cracked it. Created a new WWW proxy server for secure connections with no scanning. Pointing IE for https to this proxy. All the other traffic is going through the original proxy with scanning on. No problems for the time being. Mind you would still like to know what the problem could be. This seems a bit cumbersome workaround.
Seasons greeting,
Han.
Think I've cracked it. Created a new WWW proxy server for secure connections with no scanning. Pointing IE for https to this proxy. All the other traffic is going through the original proxy with scanning on. No problems for the time being. Mind you would still like to know what the problem could be. This seems a bit cumbersome workaround.
Seasons greeting,
Han.
- han
- Posts: 30
- Joined: Dec 14 03 7:18 am
Same Problem with 5.2.3
by jiandc » May 22 04 8:29 pm
I recently upgraded to 5.2.3 and had this HTTPS access problem. I found this forum and disabled AV and everything worked fine.
jayson
jayson
- jiandc
- Posts: 85
- Joined: May 11 04 12:47 am
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 8 guests