Pertino - Is Anyone Successfully Using Any Version Above 510 with DNS/AD Connect?



  • I have been having a heck of a time getting Pertino off the ground here. I trailed it last year and it worked fine. When I finally get purchase approval, I can't get it to work. It is one thing after the next.

    Problem:
    I tried using apt-get on an ubuntu server and the installer would fail. Although, now apt-get is working.

    Solution:
    Download the .deb package and install it manually.

    Problem:
    Installed 520 on my DCs. That caused a nightmare for me. Pertino prevented the dynamic records updating somehow but since I installed it on Friday and came back Monday, I didn't realize what was happening. All the systems that had gotten new DHCP addresses and so I would try connecting to a machine that has nothing to do with Pertino (on my LAN) via hostname and started seeing crossed records/IP addresses. It took me several hours to realize it was Pertino that was causing the problems. Uninstall Pertino client from the DCs and DNS records started updating as clients' IPs changed. This problem still exists in version 528, which was released last night.

    Solution:
    Pertino support sent me links for the 510 client and installed on all my DCs.

    Problem:
    Can't get traffic to flow through the pertino gateway feature

    Solution:
    TBD. I have been working with Pertino support for almost 3 weeks and have not been able to get this working. I have torn down and built a couple Ubuntu server VMs at least 10 times in different versions and also Centos in different versions. Nothing has worked.


  • Service Provider

    Never got as far as servers. Though it did do the strangest things on Windows desktop clients. Different OSes, different issues.

    Combined with the cost, It's on the no buy list for now.



  • Everytime I install it on a Linux system, it's like opening a box of chocolates. I never know what I am going to find inside. Usually it does some weird stuff and a combination of smashing keyboards against the wall, uninstalling/reinstalling, and Native American rain dancing makes it work



  • They sold out, so I would expect higher prices and less reliability in the future.

    http://pertino.com/cradlepoint-acquires-pertino


  • Service Provider

    ZeroTier has shaken up the SDN market there rather significantly.



  • @IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.



  • @scottalanmiller said:

    ZeroTier has shaken up the SDN market there rather significantly.

    Yeah, I was trying it out with their hosted option but I need the DNS to work and a better gateway implementation.

    Edit: Pretty much what I need Pertino to do ATM, LOL


  • Service Provider

    @wrx7m said:

    @IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.

    Most everyone that I knew there has disappeared since the acquisition, definitively.



  • @IRJ said:

    Everytime I install it on a Linux system, it's like opening a box of chocolates. I never know what I am going to find inside. Usually it does some weird stuff and a combination of smashing keyboards against the wall, uninstalling/reinstalling, and Native American rain dancing makes it work

    Uninstall/reinstall - Check
    Smash KB against the wall - Check
    Native American rain dancing is what I was missing...



  • @scottalanmiller said:

    @wrx7m said:

    @IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.

    Most everyone that I knew there has disappeared since the acquisition, definitively.

    Bummer. How many people would you say it was? I was also told that the engineers were kept on.



  • Now the engineers want me to install the 528 client again on my DCs, which caused name resolution issues where the DNS/DC stops responding to requests, as well as preventing dynamic host record updates. They say that there are better logging options in it. I guess I can setup an isolated lab but this is just taking way too much time and effort for something that was supposed to work out of the box and does in 510.

    And that is not even the gateway feature! We are moving backward!


  • Service Provider

    @wrx7m said:

    @scottalanmiller said:

    @wrx7m said:

    @IRJ I know that they were acquired some time last year. From what I understand the tech support team that existed prior to the acquisition was let go and now Cradlepoint is handling everything and have trained their staff on some of the features but not the gateway.

    Most everyone that I knew there has disappeared since the acquisition, definitively.

    Bummer. How many people would you say it was? I was also told that the engineers were kept on.

    Only a handful that I normally talk to. I know nearly everyone there as I've been out and met everyone multiple times.


  • Service Provider

    yeah, i've never not had issues with it. for atleast a year or so now.



  • @wrx7m We've considered looking into this but (a) we don't use AD or Windows much at all, and (b) default gateway, while planned, is complex for us and is currently behind a few other more IoT/P2P focused efforts.

    Default gateway is hard for ZT because it's p2p. Normal tunnel VPNs can do default gateway by simply excepting traffic from their upstream endpoint, but ZT has to except all its traffic to N random endpoints that are constantly changing. There are ways to do this by binding in the right way to the right interface, etc., but it involves OS-specific hacking and some refactoring. Can be done but hasn't been done yet.

    As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service. As a result we find heroics to support legacy AD to be of debatable utility. It's something we plan to investigate once we have a bit more resources (which is hopefully soon) but for now the largest amount of paying customer attention we've received is from people who want P2P network overlays for IoT and distributed systems applications. Those don't care about either of these features but they do care a lot about reliability, monitoring, uptime, etc.



  • Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.

    Currently many locally hosted options can't work with Azure AD, they require legacy AD, even if you host that legacy in an Azure DC, it's still legacy.


  • Service Provider

    @Dashrender said:

    Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.

    I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.



  • @scottalanmiller said:

    I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.

    What is your new method of authenticating?



  • @scottalanmiller said:

    @Dashrender said:

    Interesting - I don't expect to see AD leave the local LAN for at least another 5 years, for those that have it. That's a lot of SMBs that have a hard time using ZT.

    I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.

    Oh i agree - and I'm trying to do the same, and I've already one it for one client.

    Sadly another client has a business manager who thinks the cloud is the devil and somehow local servers are safer... so they won't be changing anytime soon.


  • Service Provider

    @adam.ierymenko said:

    As far as AD goes, our impression for a while has been that everything's moving to Microsoft's cloud AD service.

    that hosted service is BRAND new, though. Only since Windows 10. So pretty much no one on it. I've seen way more people avoiding than people moving to it. It's the future of AD for sure, but AD is a huge market.


  • Service Provider

    @FATeknollogee said:

    @scottalanmiller said:

    I've seen people look at phasing it out. Not common, but it is definitely happening and accelerating. We did, for example.

    What is your new method of authenticating?

    Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.

    But when we need it, Azure AD.



  • @Dashrender said:

    Oh i agree - and I'm trying to do the same, and I've already one it for one client.

    Same question for you @Dashrender What is your "AD"?



  • @scottalanmiller said:

    Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.

    But when we need it, Azure AD.

    Is there some form of SSO?



  • @FATeknollogee said:

    @Dashrender said:

    Oh i agree - and I'm trying to do the same, and I've already one it for one client.

    Same question for you @Dashrender What is your "AD"?

    Personally I have a Windows 2012R2 onsite AD system. VM's of course.


  • Service Provider

    @FATeknollogee said:

    @scottalanmiller said:

    Mostly... we aren't authenticating. It's not needed today like it used to be. Tons of companies are moving away from it today, it just doesn't have the value that it used to have.

    But when we need it, Azure AD.

    Is there some form of SSO?

    We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.



  • @Dashrender I thought you just said you got rid of AD?



  • Computers are moving more toward acting like phones. Instead of using WSUS, you'll use MDM to manage them. The laptop/desktop/tablet, whatever can check-in with the MDM server from anywhere, and get it's update instructions from there.

    Intune is a good example of this.



  • @scottalanmiller said:

    We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.

    That makes sense.
    For those of us with legacy apps, we have to wait for our vendors to "catch up"


  • Service Provider

    @FATeknollogee said:

    @scottalanmiller said:

    We only run so many apps, so nearly everything is inside of Office 365. So not SSO itself, but it acts basically that way.

    That makes sense.
    For those of us with legacy apps, we have to wait for our vendors to "catch up"

    Or not use AD. Always an option.



  • @Dashrender The cloud is the devil. Problem is that local servers are also the devil. :)



  • @scottalanmiller said:

    Or not use AD. Always an option.

    Not when you need the app & AD is the only option to authenticate!


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.