Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » HTTPS, Skype, Yahoo Messenger are not working
  •  
declspec

Messages: 4
Karma: 0
Send a private message to this user
Hello all.

I have just installed Kerio WinRoute Firewall 6.1.4. I configured the NAT / firewall and my local network computers were able to use HTTP right away. The problem is that they can't access *any* HTTPS sites (everything works fine on my firewall computer). Skype is unable to connect and Yahoo Messenger also.

My current settings are:

Name | Source | Destination | Service | Action | Log | Translation
_________________________________________________________
ICMP traffic | Firewall | Any | Ping | ALLOW | NONE | NONE
NAT | LAN | INTERNET | Any | ALLOW | NONE | NAT (Default outgoing interface)
Local Traffic | LAN + Firewall | LAN + Firewall | Any | ALLOW | NONE | NONE
Firewall Traffic | Firewall | INTERNET | Any | ALLOW | NONE | NONE
Ident | INTERNET | Firewall | Ident | DENY | NONE | NONE
Default Rule | Any | Any | Any | DROP | NONE | NONE

1. Does Kerio do "full" NAT or you still have to configure clients to use proxies? I ask this because i need a tool to give *full* internet access to my network users. There are a lot of applications that do not support proxies, thus i need this to be transparent to client computers.
2. What's wrong with my configuration and what's blocking my client access to HTTPS? I see the HTTPS connection under Status->Connections but nothing happens.
NOTE: I *DO NOT* have any other security / firewall applications on my client or host computers.

Thank you.
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
To prevent confusion, are you using 6.1.3? 6.1.4 is not released yet Wink

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
declspec

Messages: 4
Karma: 0
Send a private message to this user
Kerio_ktrumbull wrote on Fri, 23 December 2005 23:52

To prevent confusion, are you using 6.1.3? 6.1.4 is not released yet Wink

Yes, you're right. My version is 6.1.3 build 789 (patch1).

Unfortunately this does not solve my problem Twisted Evil
  •  
caquisto

Messages: 1
Karma: 0
Send a private message to this user
I have de same problem. I can´t login in my gmail acount by example!
Someone can help me?
  •  
Agent Orange

Messages: 1
Karma: 0
Send a private message to this user
I've got the same problem. Confused All secured connections via NAT are dropped. BTW, while using proxy all secure pockets are delivered and everything works great. Sadly not every software is supporting proxy connections (i.e. Outlook 2003)... Emm, I was trying that NAT with VMware network but it works the same with physical machines.
I hope someone from Kerio team will post a solution Rolling Eyes

cheers!
  •  
Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
Agent Orange wrote on Tue, 27 December 2005 21:23

I've got the same problem. Confused All secured connections via NAT are dropped. BTW, while using proxy all secure pockets are delivered and everything works great. Sadly not every software is supporting proxy connections (i.e. Outlook 2003)... Emm, I was trying that NAT with VMware network but it works the same with physical machines.
I hope someone from Kerio team will post a solution Rolling Eyes

cheers!


If HTTPS is working only from firewall and not from LAN and you're using some kind of DSL connection, there can be problem with MTU. Some broadband connections (PPPoE) are adding 20 bytes to each packet. Try to lower MTU (http://www2.kansas.net/downloads%5Cdrtcp020%5CDRTCP.exe)on each station or on firewall to for example 1450.

Petr Dobry
Product Development Manager | Kerio
  •  
declspec

Messages: 4
Karma: 0
Send a private message to this user
Kerio_pedobry wrote on Tue, 27 December 2005 22:36


If HTTPS is working only from firewall and not from LAN and you're using some kind of DSL connection, there can be problem with MTU. Some broadband connections (PPPoE) are adding 20 bytes to each packet. Try to lower MTU (http://www2.kansas.net/downloads%5Cdrtcp020%5CDRTCP.exe)on each station or on firewall to for example 1450.


I set MTU on each machine (firewall and lan) to 1450 and restarted both machines. Everything works fine on my firewall computer. HTTPs connections are shown in Kerio's Connections status window but nothing happens on my LAN computer.

Any ideas?

P.S.: Prior installing Kerio I tried to setup Windows XP ICS without any success. It's really frustrating - not being able to give LAN computers access to the internet. I'm tinking about installing *nix system on my firewall computer. Twisted Evil
  •  
Aurelian

Messages: 1
Karma: 0
Send a private message to this user
Something is happening. Im having same problem. And its from Kerio for sure. I uninstalled Kerio and put again normal internet connection sharing from windows and all worked fine.

It's strange that i remember when using 6.10 version all was ok. And now i cant even get back to that version, because something stays resident in memory of windows and i have to reinstall windows then old version of Kerio. I believe is something related to NAT. Also ODC is not functioning from Lan Computers.
  •  
declspec

Messages: 4
Karma: 0
Send a private message to this user
Aurelian wrote on Thu, 29 December 2005 17:17

Something is happening. Im having same problem. And its from Kerio for sure. I uninstalled Kerio and put again normal internet connection sharing from windows and all worked fine.

I would be glad to get back to "normal" internet connection sharing from windows, but i can't get it work, also. Basically, i don't need such an advanced tool like Kerio, but i need a way to setup my LAN.

Aurelian wrote on Thu, 29 December 2005 17:17


Also ODC is not functioning from Lan Computers.

At first i couldn't get DC running from my own (firewall) computer, and i had to add a rule that allows all (incomming and outgoing) traffic on TCP port 9865 and UDP port 9866 (custom choosed ports) on all network adapters. Then i set up my DC client to use these ports and everything worked just fine.

Kerio team: any other suggestions regarding HTTPS access? Thank you. Rolling Eyes

P.S.: I solved the problem temporary, by re-enabling Kerio proxy and setting up my web clients (opera & firefox) on my LAN computers to use HTTPS proxy, but, as i told you before, i need to make it work without the proxy.
Previous Topic: VPN - Interconnection of two private networks
Next Topic: ISS ORANGE WEB FILTER NOT AVAILABLE
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 02:53:11 CET 2017

Total time taken to generate the page: 0.00431 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.