Pertino - Is Anyone Successfully Using Any Version Above 510 with DNS/AD Connect?

wrx7m

I have been having a heck of a time getting Pertino off the ground here. I trailed it last year and it worked fine. When I finally get purchase approval, I can't get it to work. It is one thing after the next.

Problem:
I tried using apt-get on an ubuntu server and the installer would fail. Although, now apt-get is working.

Solution:
Download the .deb package and install it manually.

Problem:
Installed 520 on my DCs. That caused a nightmare for me. Pertino prevented the dynamic records updating somehow but since I installed it on Friday and came back Monday, I didn't realize what was happening. All the systems that had gotten new DHCP addresses and so I would try connecting to a machine that has nothing to do with Pertino (on my LAN) via hostname and started seeing crossed records/IP addresses. It took me several hours to realize it was Pertino that was causing the problems. Uninstall Pertino client from the DCs and DNS records started updating as clients' IPs changed. This problem still exists in version 528, which was released last night.

Solution:
Pertino support sent me links for the 510 client and installed on all my DCs.

Problem:
Can't get traffic to flow through the pertino gateway feature

Solution:
TBD. I have been working with Pertino support for almost 3 weeks and have not been able to get this working. I have torn down and built a couple Ubuntu server VMs at least 10 times in different versions and also Centos in different versions. Nothing has worked.

Deleted74295

Never got as far as servers. Though it did do the strangest things on Windows desktop clients. Different OSes, different issues.

Combined with the cost, It's on the no buy list for now.

IRJ

Everytime I install it on a Linux system, it's like opening a box of chocolates. I never know what I am going to find inside. Usually it does some weird stuff and a combination of smashing keyboards against the wall, uninstalling/reinstalling, and Native American rain dancing makes it work

IRJ

They sold out, so I would expect higher prices and less reliability in the future.

http://pertino.com/cradlepoint-acquires-pertino

scottalanmiller

ZeroTier has shaken up the SDN market there rather significantly.

wrx7m

@IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.

wrx7m

@scottalanmiller said:

ZeroTier has shaken up the SDN market there rather significantly.

Yeah, I was trying it out with their hosted option but I need the DNS to work and a better gateway implementation.

Edit: Pretty much what I need Pertino to do ATM, LOL

scottalanmiller

@wrx7m said:

@IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.

Most everyone that I knew there has disappeared since the acquisition, definitively.

wrx7m

@IRJ said:

Everytime I install it on a Linux system, it's like opening a box of chocolates. I never know what I am going to find inside. Usually it does some weird stuff and a combination of smashing keyboards against the wall, uninstalling/reinstalling, and Native American rain dancing makes it work

Uninstall/reinstall - Check
Smash KB against the wall - Check
Native American rain dancing is what I was missing...

wrx7m

@scottalanmiller said:

@wrx7m said:

@IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.

Most everyone that I knew there has disappeared since the acquisition, definitively.

Bummer. How many people would you say it was? I was also told that the engineers were kept on.

wrx7m

Now the engineers want me to install the 528 client again on my DCs, which caused name resolution issues where the DNS/DC stops responding to requests, as well as preventing dynamic host record updates. They say that there are better logging options in it. I guess I can setup an isolated lab but this is just taking way too much time and effort for something that was supposed to work out of the box and does in 510.

And that is not even the gateway feature! We are moving backward!

scottalanmiller

@wrx7m said:

@scottalanmiller said:

@wrx7m said:

@IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.

Most everyone that I knew there has disappeared since the acquisition, definitively.

Bummer. How many people would you say it was? I was also told that the engineers were kept on.

Only a handful that I normally talk to. I know nearly everyone there as I've been out and met everyone multiple times.

hubtechagain

yeah, i've never not had issues with it. for atleast a year or so now.

adam.ierymenko

@wrx7m We've considered looking into this but (a) we don't use AD or Windows much at all, and (b) default gateway, while planned, is complex for us and is currently behind a few other more IoT/P2P focused efforts.

Default gateway is hard for ZT because it's p2p. Normal tunnel VPNs can do default gateway by simply excepting traffic from their upstream endpoint, but ZT has to except all its traffic to N random endpoints that are constantly changing. There are ways to do this by binding in the right way to the right interface, etc., but it involves OS-specific hacking and some refactoring. Can be done but hasn't been done yet.

As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service. As a result we find heroics to support legacy AD to be of debatable utility. It's something we plan to investigate once we have a bit more resources (which is hopefully soon) but for now the largest amount of paying customer attention we've received is from people who want P2P network overlays for IoT and distributed systems applications. Those don't care about either of these features but they do care a lot about reliability, monitoring, uptime, etc.

Dashrender

Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.

Currently many locally hosted options can't work with Azure AD, they require legacy AD, even if you host that legacy in an Azure DC, it's still legacy.

scottalanmiller

@Dashrender said:

Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.

I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.

FATeknollogee

@scottalanmiller said:

I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.

What is your new method of authenticating?

Dashrender

@scottalanmiller said:

@Dashrender said:

Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.

I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.

Oh i agree - and I'm trying to do the same, and I've already one it for one client.

Sadly another client has a business manager who thinks the cloud is the devil and somehow local servers are safer... so they won't be changing anytime soon.

scottalanmiller

@adam.ierymenko said:

As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service.

that hosted service is BRAND new, though. Only since Windows 10. So pretty much no one on it. I've seen way more people avoiding than people moving to it. It's the future of AD for sure, but AD is a huge market.

scottalanmiller

@FATeknollogee said:

@scottalanmiller said:

I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.

What is your new method of authenticating?

Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.

But when we need it, Azure AD.