[solved] Migrate to Zentyal

[weiliang]

Hello, I'm planning to migrate from smoothwall to zentyal, but I've some problem:
1. currently I have several sites that run smoothwall, and they don't run for 24 hours. so before the office close, they shutdown the server.In smoothwall, I can create separate user ONLY for shutdown/restart purpose, they can't change any setting from the server. I can't find any way to create additional admin user with limited rights in zentyal.
2. openvpn @smoothwall using p12 certificate file. I have tried several times to convert the p12 file to individual files but no luck, zentyal always reject the files.


I hope there is someone could help me with this problem. Thanks before..

[christian]

- So far, and as far as I know, there is no delegation model with Zentyal that would permit de create additional admin account with limited or at least controlled admin rights

- Regarding certificates for VPN: what does "Zentyal rejects it" means ? Is it because of file format  or because of untrusted cert?

[weiliang]

thanks for the reply..

so here how I did, correct me if I'm wrong...

• download client package from smoothwall, the sample file is attached: mdncpu.zip
• extract ca cert, client cert and private key from p12 file

Code: [Select]

openssl pkcs12 -in mdncpu.p12 -cacerts -out mdncpu.cacerts.pem
openssl pkcs12 -in mdncpu.p12 -clcerts -out mdncpu.clcerts.pem
openssl pkcs12 -in mdncpu.p12 -nocerts -out mdncpu.key.pem

• upload the .pem files through vpn client configuration page. After I click "change" button, it says "File supplied as client's private keys is not valid"

[christian]

Why not.... but could you explain the "-nocerts" directive ? 

[weiliang]

from the documentation:
-out filename The filename to write certificates and private keys to, standard output by default. They are all written in PEM format.
-nocerts no certificates at all will be output.

So with -nocerts, only private keys written to the files. Hahaha so I'm wrong about it?

EDITED:
I found out the working command for exporting private key from p12 file

Code: [Select]

openssl pkcs12 -in mdncpu.p12 -nocerts -nodes | openssl rsa > mdncpu.key.pemThe certificates and the key can be imported to zentyal now. The next thing to do is verifying if the connection is working well between smoothwall and zentyal. Thanks.

[weiliang]

Hello again, I have another problem regarding openvpn.
As I said on previous post, the certificate is accepted by zentyal server. But the vpn still cannot connect because the interface is not active (see screenshot)


so, I replace the .conf file find on /etc/openvpn/pbr.d with the one supplied by smoothwall. When I restart the vpn service, the .conf file is reverted back to original version.
my question is, how to change vpn configuration manually without being revert back by zentyal? Thanks before.

[christian]

As I said on previous post, the certificate is accepted by zentyal server. But the vpn still cannot connect because the interface is not active

Is it that "you can't connect because interface is not active" or rather "as I can't connect, interface is shown as "not active" ? "

For what I understand, it will be shown as "active" (in fact displaying VPN IP) only once connection is established.

Replacing Zentyal config with external config will not work because of this.
1 - What are the main differences between smoothwall's suggested config and Zentyal config ?
2 - while using Zentyal config, now that certificate is accepted, what are the error messages if any ?