dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1580
share rss forum feed

inTulsa
Premium
join:2002-02-24

Kerio use of Proxy

Apparently Kerio uses the IE proxy settings to look for updates. When I have the "Check for new versions of Personal Firewall" option enabled I get prompted during startup. It would be better if Kerio let me specify what proxy (if any) it should use instead of assuming whatever I specified for a browser.

Unfortunately, my proxy is started by a link in the StartUp folder and Kerio is starting via the RunServices and VXD registry entries. The proxy is not yet running when Kerio tries to use it.

inTulsa
Premium
join:2002-02-24
Click for full size
Upon further investigation, I am unable to get Kerio to utilize a proxy. I've tried to configure various proxy IP#'s, hostnames, and port values (in MSIE). Kerio uses MSIE proxy settings but apparently there is a problem.

In the attached picture I created a rule for Kerio to display an alert for its use of a proxy port. The message box indicates that it was trying to use IP 127.0.0.1, but its own alert shows the IP as 0.0.0.0. It seems to always end up trying to use a zero IP# for the proxy.

I've tried other proxies and even set up dummy listening servers in the proxy ports. I can not find any way to get Kerio to make contact with a proxy running in the same PC.

Unfortunately, Kerio has locked up on several occasions (inconsistently) when trying proxy variations - none of its screens would redraw or close. If I then terminate it using TaskManager, I can never restart the administration screens without a complete reboot, probably because parts of it were running as a service.

I've tested using the "Check for new versions" option and (mostly) using the License Registration button. This happens with version 2.1.1 and the prior version, using Win98SE. This only applies if a HTTP proxy is configured in IE. IE need not be running at the time, that's just where Kerio looks for proxy settings.


Murray3

join:2001-03-06
Texas
reply to inTulsa
Odd. Very odd.

I use a local Proxy and Kerio 2.1.1 (though not with 'Check for Updates' set).

Well, I went ahead and check-marked the 'Check for Updates' field in Kerio and restarted it.

No connection problems at all.

Do you have the following entry in your HOSTS file?...

127.0.0.1 localhost

inTulsa
Premium
join:2002-02-24
Yes, I have localhost defined in HOSTS. Specifying localhost for the IE proxy didn't work either.

Did Kerio actually contact your proxy? I often don't get notified of the failure using the 'Check for Updates' unless I create a rule for it.

For me, when a HTTP proxy is configured in IE, Kerio never contacts the proxy nor does it bypass it using port 80.


Murray3

join:2001-03-06
Texas
said by inTulsa:
For me, when a HTTP proxy is configured in IE, Kerio never contacts the proxy nor does it bypass it using port 80.
That's what I thought too. I would guess that Kerio would be independent of any third party software such as a Proxy.

However, something is definitely up as we can see, from the screenshots above. Very odd.

inTulsa
Premium
join:2002-02-24
This is one of the scenarios I tried: Using my Dlink Di-704, I blocked all outgoing TCP and UDP packets except for DNS. The Dlink log will then show me any attempted outgoing communication.

When a proxy is Not configured in IE, Kerio does try to communicate to 194.213.194.16 (updates.tinysw.cz) on port 80. This shows up in the router log.

To eliminate any particular proxy issue, I set up a dummy listener on port 8080 using »www.xploiter.com/tambu/tambudummy.shtml

When IE is configured to use that for a proxy, Kerio never contacts it. Nor does it bypass the proxy as nothing shows up in the router log for it. In IE, I've tried to specify 'localhost', '127.0,0,1', and the PC's intranet IP to no avail.

I'm mostly concerned about the occasional inconsistent lockup that may be triggered by having a proxy configured in IE. Without asking Kerio to look for updates or register then the proxy issue does not arise.


gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1
reply to inTulsa
Well, it would probably assume it was a remote (gateway) proxy. Remember, Kerio is identical between the free and the corporate versions... it might be nice to have some sort of control over it, indeed, but I can see exactly where they're coming from. In a lot of corporate (and even some home) installs, the "proxy" is at the gateway or offsite, not running on local machine. Hmmm... I wonder... this could be fun to tinker with, later on... but that's my general thought, just to start off...
--
Would you care for a rat? Or..just...just the biscuits then.

inTulsa
Premium
join:2002-02-24
Click for full size
Whether the proxy specified is local or remote doesn't seem to make any difference, Kerio still ends up trying to use a zero IP.

I suppose it really doesn't matter that much, except that it occasionally dies when trying to access its site. Again, this would only affect IE proxy users and only if Kerio is trying to phone home. Maybe it's only Win9X/Me.


gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1

reply to inTulsa
I've never seen anything like that... NT, here, and what checking the update notification does is checks to see if one's available, if it is, it pops up a note telling you to go get it. It never tries to make a connection... are you sure you aren't trying to license it? Registration isn't required for personal use... though you can leave an e-mail at the homepage, and they'll put you on a mailing list, as will Tiny software...

--
Hurt not the earth, neither the sea nor the trees...

Revelations 7:3


[text was edited by author 2002-03-19 05:26:50]

[text was edited by author 2002-03-19 05:40:43]

inTulsa
Premium
join:2002-02-24
The attempt is to get Kerio to work when IE has a proxy configured, ANY proxy. The 0.0.0.0 isn't for listening - that's what Kerio is coming up with as the proxy to Connect to regardless of what proxy is specified in IE.

In the above example I used www.dslreports.com as the proxy address and it still came up as zero. The proxy I use runs on my own machine - the dslreports setting is just an example.

I've tried specifying IP's as well as various (valid) names. Kerio gets the port# right but does not resolve a name or IP for it to connect to a proxy. I have been unsuccessful in finding any way to get Kerio to make contact with a proxy, and I verified that it is not going around or ignoring the IE proxy setting.

It only tries to use the proxy when it needs to communicate out, as in checking for updates at startup or registration. Its attempt to use a proxy seems to trigger a bug that results in occasional lockup, perhaps due to some memory corruption. It killed my Win98SE on a few occasions.

I can live with it since I don't have a real need to have it contact its home site.


gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1

reply to inTulsa
Click for full size
Hmmm... OK, I see, thats not a source IP... sorry, getting screenshot-blind. Strange as heck. I have a proxy, too, and Kerio doesn't touch it, or, if it does, it's going out after login. Here it is, listening... and as it can be seen, it listens on 127.0.0.1, for connections from "unknown" (because it isn't connected, at the time)... when it connects, 127.0.0.1 becomes the remote IP, too... IE then shows connected out to localhost - I'll edit that last one, it just confiuses things, with this in mind... wow. I'm stumped. I had perfect luck with mine... now that I think of it, I think I got the message after I logged in, though. Funny... I can't replicate, obviously, since I'm updated... catch 22... but it seems like something, maybe IE or the proxy, must be misconfigured... or there's some weird bug with Kerio on your OS... or... heck, my mind boggles on this one...

--- just a thought... that screen says "licensing server". I can't figure out what it means, there. I wonder if it mayn't ne a good idea to backup your rules and reinstall, if you're sure all the proxy settings and IE settings are correct??? Just a thought... could be a corrupted install... Ahhh, ye gads, I'm starting to sound like Verizon tech supp... I better take a break!

--
Hurt not the earth, neither the sea nor the trees...

Revelations 7:3

[text was edited by author 2002-03-19 05:30:33]

[text was edited by author 2002-03-19 05:36:27]

inTulsa
Premium
join:2002-02-24
Thanks for looking into this. I should clarify that Kerio does work fine in its firewall functionality. IE and the proxy are working fine through Kerio. Netscape, Opera, Winamp, and other software also work fine through the proxy while Kerio is running.

The problem Only occurs when Kerio itself tries to use a proxy, and that's only when it goes looking for an update or if I use its registration screen. All other times everything operates fine.

I've never been able to see Kerio actually contact a proxy (by looking at the proxy log and router logs). I also set up a dummy listener using »www.xploiter.com/tambu/tambudummy.shtml instead of a real proxy, but Kerio never makes contact with that either. Others may have also run into this, the following contains reference to Kerio connecting to 0.0.0.0 port 8080 »Re: Kerio 2.1.1 Released

When it tries to 'phone home', Kerio always tries to use the proxy that is configured in IE but something fails. IE itself isn't used for this (whether open or closed doesn't matter), Kerio just uses IE's proxy settings from the registry:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
"ProxyServer"="http=127.0.0.1:8080;https=127.0.0.1:8080"

Interesting that on the screen captures Kerio includes the 'http=' portion of the registry setting. It may be including that prefix qualifier in its attempts to resolve the IP.


gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1
reply to inTulsa
Well, version 2.1.2 is now out.. --- just a heads up, I can't say what it does, I'm just getting my own set up, but thought I would pass that along, for you... »download.kerio.com/dwn/kpf2-win.exe
--
Hurt not the earth, neither the sea nor the trees...
Revelations 7:3

inTulsa
Premium
join:2002-02-24

I just did a clean install to version 2.1.2, but the zero IP proxy issue still remains. I only tested a couple of times without any lockup but I don't want to press my luck right now.

Seems strange to install software whose file timestamps are later than local time
[text was edited by author 2002-03-19 15:09:55]