Topic: No client access to https websites

[zadeet]

Hi guys

Strange problem here with a new SME Server 7.4 installation.

The server is configured in server/gateway mode. Any client computer, win 7 win xp ubuntu using Firefox or IE is unable to access an EXTERNAL websites via https. This means no internet banking is possible. Strange thing is, however, the server manager page is accessible via https from any of these client computers. Using lynx browser on server itself I CAN access sites via https!! There is no relevant information in the logs.

This particular network was working perfectly before,with same dsl connection, but with an IPCOP machine as gateway. This IPCOP has been replaced with SME Server in question.

There is obviously something small and stupid that I am doing wrong here,but I am baffled!!

Any ideas?

Thank you

Craig

[cactus]

Do you have other switches/routers in the chain? Do they forward port 443 (needed for https)? Perhaps you can create a basic sketch of your network topology.

[zadeet]

Hi Cactus

A Quick update

I manually set proxy settings on one of the windows xp clients and straight away it could access a website via https. My understanding of the SME Servers transparent proxy is that you dont need to manually configure clients - correct me if im wrong..

Basically this is the setup of the lan in question:

DSL modem _______ SME Server/gateway_______gigabit switch______client computers

As I said, this network was working with an ipcop in place of the new sme server.

Is there a way of auto configuring client proxy settings if need be?

Thank you

craig

[cactus]

I manually set proxy settings on one of the windows xp clients and straight away it could access a website via https. My understanding of the SME Servers transparent proxy is that you dont need to manually configure clients - correct me if im wrong..

No you do not need to.

Basically this is the setup of the lan in question:

DSL modem _______ SME Server/gateway_______gigabit switch______client computers

A switch so I guess the subnets that SME Server is handing out is different to where the client computers are in. Am I correct?
Did you configure SME Server to have additional local networks and assign the IP of you switch as the gateway? See this: http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter11#Local_networks

[zadeet]

Hi Cactus

Not sure if im understanding you correctly, but my ethernet switch (or hub if you want) is unmanaged. It has no ip,you basically plug in ethernet cables from clients and away you go.

Further information:

SME Server is handing out ip address leases to lan via DHCP. Subnets are the same ie 255.255.255.0. In the old lan config, ipcop machine was handing out dhcp.

 I dont know if this is related, but someone just pointed out to me that she cant retrieve email from her external pop3 account with outlook express. I am yet to configure mail accounts in the server - all users are retrieving mail from their external pop accounts. They are, however, able to send mail using their external smtp accounts. Strange

Any other ideas you might will be appreciated..

Thank You

Craig

[CharlieBrady]

As I said, this network was working with an ipcop in place of the new sme server.

Are the existing clients still configured to use a proxy in the non-existent ipcop server?

[CharlieBrady]

I dont know if this is related, but someone just pointed out to me that she cant retrieve email from her external pop3 account with outlook express.

The clients have the wrong gateway address configured. Renewing DHCP leases should provide the correct gateway address (if SME server is the DHCP server for the network).

[axessit]

I have found web access slow if Win clients IE proxy is set to automatic, so I created a local hostname wpad.mydomain.com and in the primary html ibay have a wpad.dat file to automatically configure browsers and now I get instant access from clients. If windose doesn't see this file it seems to try and hang on to the last proxy settings which the ipcop may have dished out and tried to do something there. Also, have you checked the IE proxy advanced settings and checked the "use the same proxy server for all protocols", otherwise it may have a different or no proxy set for secure.

[CharlieBrady]

Also, have you checked the IE proxy advanced settings and checked the "use the same proxy server for all protocols", otherwise it may have a different or no proxy set for secure.

No proxy for secure should be fine, as long as default gateway is set correctly.