Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Other modules / Using Zentyal generated VPN with VPN router
« on: February 10, 2021, 02:57:57 pm »
Hello,
I'm trying to link two locations via VPN. Up to now, I'm using Zentyal-to-Zentyal tunnels for that, but in this new location I only have two machines, a computer and a scanner, and didn't want to keep another computer always on to act as the Zentyal-to-Zentyal client.
I was wondering if it is possible to export the VPN configuration to a VPN router to make this proccess more manageable. Reading the Z-2-Z exported configuration file makes me think that it would only be understanded by another Zentyal machine (as expected from the "Zentyal-to-Zentyal tunnel" name).
I managed to make a router connect via VPN to the Zentyal server, but in this case I used a remote client (road warrior) configuration file. So the router itself connects to the VPN, but none of the computers conected to its LAN can access this VPN.
Is it possible to make a router work with Zentyal VPN so the machines behind this router can connect via the VPN? Would it be as easy as just exporting the configuration from Zentyal to the router? If not, do you know any tutorial to do this?
My knowledge about networking is quite limited, so if my message lacks any important piece of information or I'm using the wrong terminology please let me know so that I can clarify my question.
Thank you in advance,
I'm trying to link two locations via VPN. Up to now, I'm using Zentyal-to-Zentyal tunnels for that, but in this new location I only have two machines, a computer and a scanner, and didn't want to keep another computer always on to act as the Zentyal-to-Zentyal client.
I was wondering if it is possible to export the VPN configuration to a VPN router to make this proccess more manageable. Reading the Z-2-Z exported configuration file makes me think that it would only be understanded by another Zentyal machine (as expected from the "Zentyal-to-Zentyal tunnel" name).
I managed to make a router connect via VPN to the Zentyal server, but in this case I used a remote client (road warrior) configuration file. So the router itself connects to the VPN, but none of the computers conected to its LAN can access this VPN.
Is it possible to make a router work with Zentyal VPN so the machines behind this router can connect via the VPN? Would it be as easy as just exporting the configuration from Zentyal to the router? If not, do you know any tutorial to do this?
My knowledge about networking is quite limited, so if my message lacks any important piece of information or I'm using the wrong terminology please let me know so that I can clarify my question.
Thank you in advance,
2
Other modules / Re: Directing webserver domain to internal server
« on: June 28, 2019, 09:28:29 am »
Ok, so I will do.
Thank you
Thank you
3
Other modules / Re: Directing webserver domain to internal server
« on: June 27, 2019, 08:31:17 pm »
After reading the article you linked, I think Port Forwarding plus Virtual Hosts isn't the solution either.
As far as I could understand, with Port Forwarding I can only assign an IP to an incoming port. What I want is all the requests to the webapps to be made through one port, and then Zentyal to direct them to the right IP inside my local network.
Each webapp is hosted in a different web server (a different phisical machine) inside my LAN, so they are not virtual but "real" hosts, each having their own IP. The reasons why they aren't all hosted in my Zentyal machine and thus, virtual hosts can't be used, are explained in m first post (they need different libraries, different resources and, in some cases, web servers that are not Apache).
I have to clarify that these apps haven't been made by us, but they are open source ones, so we couldn't choose to make them all compatible or use similar software so that all of them could be hosted in virtual hosts in a same machine.
I have attached a diagram to, hopefully, make it easier to understand what I need. I have to insist that it is already working correctly if the request is made from inside my lan, I just need to make it work the same when somebody makes the same request from the internet.
Please let me know if there is something else that I can explain better.
Thank you again.
Edit: the diagram couldn't be uploaded because some lack of space (not sure what the message meant). I'll try to recreate it here though it will look uglier:
I want that, if somebody from the internet requests app3.mydomain.com, webserver3 to serve it, but if app1.mydomain.com is requested, webserver1 will serve it
As far as I could understand, with Port Forwarding I can only assign an IP to an incoming port. What I want is all the requests to the webapps to be made through one port, and then Zentyal to direct them to the right IP inside my local network.
Each webapp is hosted in a different web server (a different phisical machine) inside my LAN, so they are not virtual but "real" hosts, each having their own IP. The reasons why they aren't all hosted in my Zentyal machine and thus, virtual hosts can't be used, are explained in m first post (they need different libraries, different resources and, in some cases, web servers that are not Apache).
I have to clarify that these apps haven't been made by us, but they are open source ones, so we couldn't choose to make them all compatible or use similar software so that all of them could be hosted in virtual hosts in a same machine.
I have attached a diagram to, hopefully, make it easier to understand what I need. I have to insist that it is already working correctly if the request is made from inside my lan, I just need to make it work the same when somebody makes the same request from the internet.
Please let me know if there is something else that I can explain better.
Thank you again.
Edit: the diagram couldn't be uploaded because some lack of space (not sure what the message meant). I'll try to recreate it here though it will look uglier:
Code: [Select]
_> webserver1 containing app1.mydomain.com
|
Internet -> Zentyal machine -> Lan -> webserver2 containing app2.mydomain.com
|
_> webserver3 containing app3.mydomain.com
I want that, if somebody from the internet requests app3.mydomain.com, webserver3 to serve it, but if app1.mydomain.com is requested, webserver1 will serve it
4
Other modules / Re: Directing webserver domain to internal server
« on: June 26, 2019, 03:00:38 pm »
If I understand correctly, you are suggesting me to send the domains to their host machine depending on the port they are being accessed through.
What I want is all of them to be accessed through the default http(s?) port, and them serve them from their corresponding host machine. I already have them working like that inside my lan, but don't know how to do so when they are accessed from the internet.
Also, I don't know what you mean by "configure virtualhost". Maybe there is the solution?
What I want is all of them to be accessed through the default http(s?) port, and them serve them from their corresponding host machine. I already have them working like that inside my lan, but don't know how to do so when they are accessed from the internet.
Also, I don't know what you mean by "configure virtualhost". Maybe there is the solution?
5
Other modules / Re: Directing webserver domain to internal server
« on: June 24, 2019, 07:34:11 pm »
Ok, I pointed the domain to my public IP, and then forwarded the port 80 from the router to my zentyal machine. There, I configured a dns entry for each of the subdomains, pointing them to the respective machine ips, but still no luck.
From outside my lan, if I try to access app2.mydomain.com, I get a message from the server :
It works!
This is the default web page for this server.
The web server software is running but no content has been added, yet.
My guess is that the webpage is trying to load from the zentyal Webserver, instead of the second machine where that app is hosted.
From inside my lan everything works fine.
Thanks again for your interest
From outside my lan, if I try to access app2.mydomain.com, I get a message from the server :
It works!
This is the default web page for this server.
The web server software is running but no content has been added, yet.
My guess is that the webpage is trying to load from the zentyal Webserver, instead of the second machine where that app is hosted.
From inside my lan everything works fine.
Thanks again for your interest
6
Other modules / Re: Directing webserver domain to internal server
« on: June 21, 2019, 07:47:52 am »
Well, I came earlier to work today to try to configure the SNAT feature of the firewall, but I got lost with all the options, services and so on. I hope I can get a little more insight on how to setup SNAT if I provide an example of what I need:
I have a public IP, say 213.214.215.216. Under this IP, i have a few webpages and webapps. Due to configuration reasons, some of the apps are hosted in different servers inside my local network.
For simplicity, let's say I have app1.mydomain.com, app2.mydomain.com, app3.mydomain.com. They are hosted in three different internal webservers.
All three subdomains are directed to my public IP, and I have them configured in my Zentyal DNS so that they direct to the right webserver.
Now, that works ok from inside my local network, but when I try to access, for example, app2.mydomain.com from outside the local network, it won't work.
I have been checking this post which seems similar to my example, but wasn't able to get it solved.
https://forum.zentyal.org/index.php/topic,16572.30.html
Please, give me a hand on how to configure SNAT or DNS or both to achieve that result.
Thank you
I have a public IP, say 213.214.215.216. Under this IP, i have a few webpages and webapps. Due to configuration reasons, some of the apps are hosted in different servers inside my local network.
For simplicity, let's say I have app1.mydomain.com, app2.mydomain.com, app3.mydomain.com. They are hosted in three different internal webservers.
- app1.mydomain.com is hosted in the zentyal machine (gateway, firewall, webserver...) 192.168.0.1,
- app2.mydomain.com hosted in 192.168.0.2
- app3.mydomain.com being hosted at 192.168.0.3.
All three subdomains are directed to my public IP, and I have them configured in my Zentyal DNS so that they direct to the right webserver.
Now, that works ok from inside my local network, but when I try to access, for example, app2.mydomain.com from outside the local network, it won't work.
I have been checking this post which seems similar to my example, but wasn't able to get it solved.
https://forum.zentyal.org/index.php/topic,16572.30.html
Please, give me a hand on how to configure SNAT or DNS or both to achieve that result.
Thank you
7
Other modules / Re: Directing webserver domain to internal server
« on: June 20, 2019, 09:35:29 pm »
Thank you!
8
Other modules / Directing webserver domain to internal server
« on: June 18, 2019, 02:53:48 pm »
Hello:
I'm using Zentyal Community as a Gateway, web server, firewall and DNS server (among others). I have a few pages hosted in that machine, but there are also some web applications that are hosted in some internal servers other than that Zentyal main machine, either because the configuration required by this applications is not compatible with Zentyal or because I don't want to mess with Zentyal default configuration to be able to accomodate those requirements.
From inside my network, everything is working fine. But now I need to be able to access one of these web apps from outside my network. Is it possible to configure Zentyal so that it directs a domain to the server where the web app is hosted? (I insist my question only relates on how to be able to access it from outside our network, since I can use it correctly from inside)
Thank you,
I'm using Zentyal Community as a Gateway, web server, firewall and DNS server (among others). I have a few pages hosted in that machine, but there are also some web applications that are hosted in some internal servers other than that Zentyal main machine, either because the configuration required by this applications is not compatible with Zentyal or because I don't want to mess with Zentyal default configuration to be able to accomodate those requirements.
From inside my network, everything is working fine. But now I need to be able to access one of these web apps from outside my network. Is it possible to configure Zentyal so that it directs a domain to the server where the web app is hosted? (I insist my question only relates on how to be able to access it from outside our network, since I can use it correctly from inside)
Thank you,
9
Installation and Upgrades / Re: Scan for viruses
« on: October 17, 2014, 12:17:16 pm »
Sorry I couldn't reply sooner.
Thank you for your advice, I finally went with moving the pages to a external server, since I didn't feel safe having to scan manually or depend on so many conditions.
Thank you for your advice, I finally went with moving the pages to a external server, since I didn't feel safe having to scan manually or depend on so many conditions.
10
Installation and Upgrades / Scan for viruses
« on: June 26, 2014, 10:43:38 am »
Hello,
I'm using a Zentyal server, among other things, as a web server. I have the antivirus enabled, and web page files are shared via samba.
I found out recently that my server has been repeatedly attacked via wso shell trojans. They are all hosted at the web page directories.
My desktop antivirus detects the trojan and refuses to open the file, so I guess it shouldn't be that difficult for the Zentyal antivirus to spot and block, quarantine or delete them, but it obviously hasn't.
Do I have to manually launch the scan for viruses, or should it be something Zentyal does on its own? If so, why hasn't it helped my server from being attacked? Am I doing anything wrong?
Thank you!
I'm using a Zentyal server, among other things, as a web server. I have the antivirus enabled, and web page files are shared via samba.
I found out recently that my server has been repeatedly attacked via wso shell trojans. They are all hosted at the web page directories.
My desktop antivirus detects the trojan and refuses to open the file, so I guess it shouldn't be that difficult for the Zentyal antivirus to spot and block, quarantine or delete them, but it obviously hasn't.
Do I have to manually launch the scan for viruses, or should it be something Zentyal does on its own? If so, why hasn't it helped my server from being attacked? Am I doing anything wrong?
Thank you!
11
Installation and Upgrades / Re: Mail module and php mail function
« on: September 20, 2013, 09:03:35 am »
Ok, it seems that the module and the mail are actually working ok. The problem seems to be that I don't know how to tell Zentyal where to deliver the mail.
I have a domain, "mycompany.com". That domain is setup in Zentyal DNS to point to the Zentyal machine, so that when "mycompany.com" is typed in the browser, the webpage hosted in the Zentyal machine is displayed.
That domain is also used for emails, but they are managed by an external provider. Anytime a message is sent from outside Zentyal to akhasis@mycompany.com, the mail arrives to my external mail manager. The problem is when the message is originated inside Zentyal.
The e-mail is sent without problems, but it is delivered to the Zentyal machine, instead of the external mail provider. I have tried to set that provider's DNS in the Zentyal Mail Exchanger DNS for the domain, but the messages are still delivered to Zentyal.
How can I get messages to be sent to my e-mail provider?
I have a domain, "mycompany.com". That domain is setup in Zentyal DNS to point to the Zentyal machine, so that when "mycompany.com" is typed in the browser, the webpage hosted in the Zentyal machine is displayed.
That domain is also used for emails, but they are managed by an external provider. Anytime a message is sent from outside Zentyal to akhasis@mycompany.com, the mail arrives to my external mail manager. The problem is when the message is originated inside Zentyal.
The e-mail is sent without problems, but it is delivered to the Zentyal machine, instead of the external mail provider. I have tried to set that provider's DNS in the Zentyal Mail Exchanger DNS for the domain, but the messages are still delivered to Zentyal.
How can I get messages to be sent to my e-mail provider?
12
Installation and Upgrades / Mail module and php mail function
« on: September 06, 2013, 09:57:44 am »
Can anybody give me some advice on how to configure the "Mail" module in zentyal and php.ini so that I can use php mail() function to send emails?
I have been reading about it, but most of what I find implies third party mail servers.
Thanks in advance.
I have been reading about it, but most of what I find implies third party mail servers.
Thanks in advance.
13
Installation and Upgrades / Re: openvpn with multiple clients
« on: August 13, 2013, 08:40:33 am »
I had that problem once with two VPN clients. Since there were many other clients working, it was easy to diagnose. I just compared the IPs assigned by the VPN and saw that the two clients that had the problem shared the same IP, and it was because I had installed the same certificate in both, by mistake.
If installing different certificates doesn't solve your issue, check that the NAT option in the server is disabled, and issue a new certificate for every client.
If installing different certificates doesn't solve your issue, check that the NAT option in the server is disabled, and issue a new certificate for every client.
14
Installation and Upgrades / Solved (for me): Windows File Sharing over VPN unreliable
« on: August 13, 2013, 08:34:28 am »
Ok, in my case it finally didn't happen to do with any of the things I was investigating (domain issues, win7 mixed with win xp in the domain, master browser misconfiguration, etc...), but a much simpler reason.
I found out, by running net session in the file server to which the machines had to connect, that the IP address of all of them was the one of my Zentyal VPN server. That is, when a client connected, adopted that IP address. When a new one connected, adopted that very same address, throwing the first client out.
Once I knew what the problem was, it was very easy to solve: I just had to disable the NAT option and everything went smooth.
The thing is, that was one of the first things I tried and it didn't work at first, so I had to spend months trying other solutions. If you are in the same situation, if possible, create the VPN server from scratch and issue new certificates for every client.
I don't know if Vertel, the creator of the thread, has already fixed his problem with the VPN. Either if he has or he is not interested in it any more, I think this thread should be marked as solved, in case other people come here looking for a solution for a similar problem.
I found out, by running net session in the file server to which the machines had to connect, that the IP address of all of them was the one of my Zentyal VPN server. That is, when a client connected, adopted that IP address. When a new one connected, adopted that very same address, throwing the first client out.
Once I knew what the problem was, it was very easy to solve: I just had to disable the NAT option and everything went smooth.
The thing is, that was one of the first things I tried and it didn't work at first, so I had to spend months trying other solutions. If you are in the same situation, if possible, create the VPN server from scratch and issue new certificates for every client.
I don't know if Vertel, the creator of the thread, has already fixed his problem with the VPN. Either if he has or he is not interested in it any more, I think this thread should be marked as solved, in case other people come here looking for a solution for a similar problem.
15
Installation and Upgrades / Re: Crontab as user
« on: July 01, 2013, 08:33:39 pm »
That is very interesting, I had no idea I could connect as another user apart from root. Thank you!