Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / [SOLVED] Asterisk not completely removed, now no incoming calls.
« on: July 29, 2010, 10:31:52 pm »
Tried asterisk module, then removed and uninstalled it using ebox gui. But apparently it was not removed completely. Now I cannot receive incoming calls using either using ATA or softphone.
I do not have any other asterisk server at all on my network!!! But syslog shows for each incoming call.
I do not have any other asterisk server at all on my network!!! But syslog shows for each incoming call.
Code: [Select]
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_substring_candidates: (AstExtension) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (AstContext) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (AstPriority) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (displayName) not indexed
Jul 29 16:20:14 eboxcomp slapd[4084]: <= bdb_equality_candidates: (gidNumber) not indexed
Jul 29 16:20:14 eboxcomp last message repeated 2 times
Jul 29 16:20:14 eboxcomp slapd[4084]: connection_read(36): no connection!
Jul 29 16:20:14 eboxcomp slapd[4084]: connection_read(36): no connection!
2
Installation and Upgrades / How delete orphan printers?
« on: June 02, 2010, 06:26:45 pm »
Ebox-> Users and Groups -> Users ->[User Name] -> Printers
shows names of old computers that are no longer there.
Is there any way to delete those entries manually?
shows names of old computers that are no longer there.
Is there any way to delete those entries manually?
3
Installation and Upgrades / Radius server Error: TLS_accept failed in SSLv3 read client certificate A
« on: May 27, 2010, 06:42:32 pm »
Trying to setup RADIUS. Followed eBox 1.4 for Network Administrators manual.
Configured:
- radius server module with ebox
- ap /wireless router with WPA2/radius
- windows client.
When windows client is trying to connect radius server logs:
Do I have to install any of the certificates that could be found in /etc/freeradius/certs in windows client?
Do I have generate /re-generate any certificates or they are generated by enabling ebox radius module?
Do I have to change any configs in /etc/freeradius/ directory?
Any specific steps when setting up windows client?
Configured:
- radius server module with ebox
- ap /wireless router with WPA2/radius
- windows client.
When windows client is trying to connect radius server logs:
Code: [Select]
Cat /var/log/freeradius/radius.log
Thu May 27 12:07:06 2010 : Error: TLS_accept:failed in SSLv3 read client certificate A
Thu May 27 12:07:06 2010 : Error: rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Thu May 27 12:07:06 2010 : Error: SSL: SSL_read failed inside of TLS (-1), TLS session fails.Do I have to install any of the certificates that could be found in /etc/freeradius/certs in windows client?
Do I have generate /re-generate any certificates or they are generated by enabling ebox radius module?
Do I have to change any configs in /etc/freeradius/ directory?
Any specific steps when setting up windows client?
4
Installation and Upgrades / pdc + radius for wireless clients, is it possible?
« on: May 07, 2010, 08:44:23 pm »
Current setup:
----------------
ebox (firewall, pdc, openvpn) |---> wired switch|---> comp #1, #2, #3
| |---> printer #1
|---> wireless router (bridged) --> laptop #1, #2
ebox serves 192.168.1.0/24 addresses computers #1, #2, #3
ebox serves 192.168.2.0/24 addresses laptops #1, #2 and 10.0.1.0/24 trough OpnVPN
users of laptop #1, #2 could use printer #1 on {GREEN} as fully authenticated by ebox (PDC+ OpenVPN)
Intended setup:
----------------
ebox (firewall, pdc, radius) |---> wired switch|---> comp #1, #2, #3
|- --> printer #1
|---> wireless router (bridged) --> laptop #1, #2
ebox serves 192.168.1.0/24 addresses computers #1, #2, #3 and to laptops #1, #2 through PDC + radius
The idea is to have users of laptops #1,#2 securely logged in to the wired network using ldap/radius components of the ebox and wireless switch. Is it even possible? Anyone care to share his setup/configuration? Can I keep wireless router in a bridged mode (basically using a switch) and have ebox serving all ips? Or I have to use it as a wireless router/hot spot as radius server configuration requires an ip to be entered.
Any suggestions are welcomed.
----------------
ebox (firewall, pdc, openvpn) |---> wired switch|---> comp #1, #2, #3
| |---> printer #1
|---> wireless router (bridged) --> laptop #1, #2
ebox serves 192.168.1.0/24 addresses computers #1, #2, #3
ebox serves 192.168.2.0/24 addresses laptops #1, #2 and 10.0.1.0/24 trough OpnVPN
users of laptop #1, #2 could use printer #1 on {GREEN} as fully authenticated by ebox (PDC+ OpenVPN)
Intended setup:
----------------
ebox (firewall, pdc, radius) |---> wired switch|---> comp #1, #2, #3
|- --> printer #1
|---> wireless router (bridged) --> laptop #1, #2
ebox serves 192.168.1.0/24 addresses computers #1, #2, #3 and to laptops #1, #2 through PDC + radius
The idea is to have users of laptops #1,#2 securely logged in to the wired network using ldap/radius components of the ebox and wireless switch. Is it even possible? Anyone care to share his setup/configuration? Can I keep wireless router in a bridged mode (basically using a switch) and have ebox serving all ips? Or I have to use it as a wireless router/hot spot as radius server configuration requires an ip to be entered.
Any suggestions are welcomed.
5
Installation and Upgrades / Firewall drops forwarded ports when request comes from internal interface
« on: February 28, 2010, 06:21:33 pm »
eth0 - external NIC (216.115.X.X)
eth1 - internal NIC (192.168.1.1)
Forwarded port 12345 to computer 192.168.1.5
Forwarding works, but Firewall drops forwarded ports when request comes from internal interface:
eth1 - internal NIC (192.168.1.1)
Forwarded port 12345 to computer 192.168.1.5
Code: [Select]
Interface Orig. dest. Orig. dest. port Protocol Source Dest. IP Port
eth0 eBox 12345 TCP/UDP Any 192.168.1.5 Same Created a rule allowing all traffic from internal interfaces to eboxCode: [Select]
Decision Source Destination Service
ACCEPT Any Any any Forwarding works, but Firewall drops forwarded ports when request comes from internal interface:
Code: [Select]
In. int. Out. int. Source Dest. Protocol Source port Dest. port Decision
eth1 192.168.1.5 216.115.X.X TCP 53216 12345 DROP
6
Installation and Upgrades / Asterisk - configuration question
« on: February 09, 2010, 09:06:43 pm »
Testing Asterisk module.
On the SIP provider tab I filled all the fields
Provider: CallCentric
Name: CallCentric
Username: 1777XXXXXXX
Password: PASSWORD
Server: callcentric.com
Recipient of incoming calls: 2125555555 <- did number
On tab Users and groups I created extension for my users 1001, 1002
Using soft phone I can call from extension (1001) to (1002) internally - it works.
All outgoing calls fail. Let say I call 2129999999:
By the way, for incoming calls which extension supposed to ring 1001, 1002, default?
Any way I could assign extension to the device (ip) rather then user (domain user)?
Only one DID supported?
I am prepared to edit sip.conf and extensions.conf by hand if required.
On the SIP provider tab I filled all the fields
Provider: CallCentric
Name: CallCentric
Username: 1777XXXXXXX
Password: PASSWORD
Server: callcentric.com
Recipient of incoming calls: 2125555555 <- did number
On tab Users and groups I created extension for my users 1001, 1002
Using soft phone I can call from extension (1001) to (1002) internally - it works.
All outgoing calls fail. Let say I call 2129999999:
Code: [Select]
tail -f /var/log/asterisk/messages
Call from user <user_name> to extension '2129999999' rejected because extension not foundAll incoming calls fail as well.Code: [Select]
tail -f /var/log/asterisk/messages
Call from '1777XXXXXXX' to extension '2125555555' rejected because extension not foundBy the way, for incoming calls which extension supposed to ring 1001, 1002, default?
Any way I could assign extension to the device (ip) rather then user (domain user)?
Only one DID supported?
I am prepared to edit sip.conf and extensions.conf by hand if required.
7
Installation and Upgrades / samba login too long
« on: February 08, 2010, 11:00:38 pm »
Each logging from windows machine using ebox as PDC takes ~ 60-120 seconds. Is it normal?
Comp1 - log off , then log on ~60s
Comp2 - log on ~120s
Comp1 - log off , then log on ~60s
Code: [Select]
[2010/02/08 16:53:15, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/02/08 16:53:15, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
[2010/02/08 16:53:19, 1] smbd/service.c:1047(make_connection_snum)
comp1 (192.168.1.30) connect to service <user_name> initially as user <user_name> (uid=2001, gid=1901) (pid 6489)
[2010/02/08 16:53:33, 1] smbd/service.c:1226(close_cnum)
comp1 (192.168.1.30) closed connection to service <user_name>
[2010/02/08 16:53:39, 1] smbd/service.c:1047(make_connection_snum)
comp1 (192.168.1.30) connect to service netlogon initially as user <user_name> (uid=2001, gid=1901) (pid 6489)
[2010/02/08 16:53:51, 1] smbd/service.c:1226(close_cnum)
comp1 (192.168.1.30) closed connection to service netlogonComp2 - log on ~120s
Code: [Select]
[2010/02/08 17:37:10, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client comp2 machine account comp2$
[2010/02/08 17:37:48, 1] smbd/service.c:1047(make_connection_snum)
comp2 (192.168.1.29) connect to service <user_name> initially as user <user_name> (uid=2001, gid=1901) (pid 10564)
[2010/02/08 17:38:01, 1] smbd/service.c:1226(close_cnum)
comp2 (192.168.1.29) closed connection to service <user_name>
[2010/02/08 17:38:58, 1] smbd/service.c:1047(make_connection_snum)
comp2 (192.168.1.29) connect to service netlogon initially as user <user_name> (uid=2001, gid=1901) (pid 10578)
[2010/02/08 17:39:13, 1] smbd/service.c:1226(close_cnum)
comp2 (192.168.1.29) closed connection to service netlogon
[2010/02/08 17:39:43, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/02/08 17:39:43, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
8
Installation and Upgrades / slapd: connection_read(XX): no connection!
« on: February 08, 2010, 10:45:31 pm »
I have thousands of following in my syslog:
Please, help how to debug.
Code: [Select]
Feb 8 08:00:04 <ebox_name> slapd[XXXXX]: connection_read(XX): no connection!
Feb 8 08:00:04 <ebox_name> slapd[XXXXX]: connection_read(XX): no connection!
Feb 8 08:00:11 <ebox_name> slapd[XXXXX]: connection_read(XX): no connection!
Feb 8 08:00:11 <ebox_name> slapd[XXXXX]: connection_read(XX): no connection!Please, help how to debug.
9
Installation and Upgrades / route from one subnet to another
« on: January 21, 2010, 02:05:21 am »
I set up ebox with 3 Nics:
eth0 = wired (internal) static 192.168.0.1
eth1 = internet (external) dhcp, ISP provided
eth2 = wireless (internal) static 192.168.1.1
Is it possible to add a route to the ebox to let computers connected to eth0 [192.168.0.0/24] "see" computers connected to eth2 [192.168.1.0/24]?
Do I have to add any firewall rules as well?
eth0 = wired (internal) static 192.168.0.1
eth1 = internet (external) dhcp, ISP provided
eth2 = wireless (internal) static 192.168.1.1
Is it possible to add a route to the ebox to let computers connected to eth0 [192.168.0.0/24] "see" computers connected to eth2 [192.168.1.0/24]?
Do I have to add any firewall rules as well?
10
Installation and Upgrades / ebox firewall drops requests on port 67-68
« on: January 21, 2010, 01:32:14 am »
eth1 connected to the internet
10.X.X.X series of ips are not on my network.
Is something is configured incorrectly?
Input Output Source Destination Protocol Source port Dest. port Decision
-------------------------------------------------------------------------------------------------------
eth1 10.5.48.1 255.255.255.255 UDP 67 68 DROP
eth1 10.32.80.1 255.255.255.255 UDP 67 68 DROP
eth1 10.32.80.1 224.0.0.1 2 DROP
eth1 10.1.1.133 255.255.255.255 UDP 67 68 DROP
10.X.X.X series of ips are not on my network.
Is something is configured incorrectly?
Input Output Source Destination Protocol Source port Dest. port Decision
-------------------------------------------------------------------------------------------------------
eth1 10.5.48.1 255.255.255.255 UDP 67 68 DROP
eth1 10.32.80.1 255.255.255.255 UDP 67 68 DROP
eth1 10.32.80.1 224.0.0.1 2 DROP
eth1 10.1.1.133 255.255.255.255 UDP 67 68 DROP
11
Installation and Upgrades / OpenVPN Ethernet Bridging
« on: January 14, 2010, 11:35:21 pm »
I have a few quick questions regarding the OpenVPN module:
1. Bridging mode is not implemented?
2. Only Routing mode is implemented? Client connects via routing, it uses its own separate subnet, and routes are set up on both the client machine and remote gateway so that data packets will traverse the VPN.
3. Is it possible to configure OpenVPN - Road Warrior to use ethernet bridging rather then tunneling by any means: gui, manual configuration, etc.?
Obviously, I much more interested in bridging mode. When a client connects via bridging to a remote network, it is assigned an IP address that is part of the remote physical ethernet subnet and is then able to interact with other machines on the remote subnet as if it were connected locally. Do you have plans to include it in the next realease? Is there any "ugly way" to do it myself, i.e. replacing the stub with completely hardcoded values?
The biggest problem with routing mode I have that clients must use a WINS server (such as samba) to allow cross-VPN network browsing to work. And still software that depends on broadcasts will not "see" machines on the other side of the VPN.
Using a gui I setup a vpn and connect and ping /browse all computers on my lan by ip. I checked
May be make stub changes using variables rather then hard coded values?
Still problem when ip is assigned using DHCP. As no DNS entry exists, no browsing by name those.
Regards,
Lelik.
1. Bridging mode is not implemented?
2. Only Routing mode is implemented? Client connects via routing, it uses its own separate subnet, and routes are set up on both the client machine and remote gateway so that data packets will traverse the VPN.
3. Is it possible to configure OpenVPN - Road Warrior to use ethernet bridging rather then tunneling by any means: gui, manual configuration, etc.?
Obviously, I much more interested in bridging mode. When a client connects via bridging to a remote network, it is assigned an IP address that is part of the remote physical ethernet subnet and is then able to interact with other machines on the remote subnet as if it were connected locally. Do you have plans to include it in the next realease? Is there any "ugly way" to do it myself, i.e. replacing the stub with completely hardcoded values?
The biggest problem with routing mode I have that clients must use a WINS server (such as samba) to allow cross-VPN network browsing to work. And still software that depends on broadcasts will not "see" machines on the other side of the VPN.
Using a gui I setup a vpn and connect and ping /browse all computers on my lan by ip. I checked
Code: [Select]
/etc/openvpn/openvpn.conf and the last line is indeed Code: [Select]
push "route 192.168.1.0 255.255.255.0". Then, I added Code: [Select]
push "dhcp-option DNS 192.168.1.1"
push "dhcp-option WINS 192.168.1.1"
push "dhcp-option DOMAIN mydomain" to the stub file. When I restarted openvpn on Windows machine, and checked the ipconfig, everything was pushed successfully. But still no browsing by name is available. Last step I had to do is make manual DNS entries for each computer on my lan. Now, I can browse by name. Any better solutions? May be make stub changes using variables rather then hard coded values?
Still problem when ip is assigned using DHCP. As no DNS entry exists, no browsing by name those.
Regards,
Lelik.
12
Installation and Upgrades / push dhcp-option OpenVPN
« on: September 22, 2009, 04:46:58 pm »
I would like to push a few dhcp-options when using OpenVPN such as:
I suppose I have to modify
or could I?
Which script ebox is using to start/stop open-vpn?
Is it /etc/init.d/openvpn? Probably not.
Code: [Select]
push "dhcp-option DOMAIN yourdomain.local"
push "dhcp-option DNS XXX.XXX.XXX.X"
push "dhcp-option WINS XXX.XXX.XXX.X"I suppose I have to modify
Code: [Select]
/etc/openvpn/OpenVPN.conf kill pid with openvpn running and start it again withCode: [Select]
#sudo /usr/sbin/openvpn/ --syslog OpenVPN --config /etc/openvpn/OpenVPN.conf or could I?
Which script ebox is using to start/stop open-vpn?
Is it /etc/init.d/openvpn? Probably not.
13
Installation and Upgrades / ebox as a router -> no internet
« on: September 18, 2009, 08:02:39 pm »
Spent two days on a simple setup and cannot figure this out:
ebox has two nic cards eth0 and eth2.
eh2 connected to the hw router (192.168.1.1) / internet
laptop connected to eth0
Configuration:
Network
Interfaces
eth2 DHCP External
eth0 Static Ip address: 192.168.0.101 Netmask: 255.255.255.0
DNS
empty
Gateways
empty
Diannosis
Name resolution cnn.com -> 157.166.224.26 1msec -> OK
Routes
empty
DHCP
Default gateway: eBox
Search domain: None
Primary nameserver: local eBox DNS
Dashbord:
eth2 = 192.168.1.5 -> assigned by hw router (DHCP), Status: up, link ok
ehh0 = 192.168.0.101 -> assigned by ebox (static), Status:up, link ok
laptop = 192.168.0.150 assigned by ebox (DHCP)
Laptop:
ipconfig
IPv4 Address...............192.168.0.150
Subnet Mask...............255.255.255.0
Default Gateway..........0.0.0.0
192.168.0.101 <-ebox
ebox eth0: ping 192.168.0.101 Ok <1ms
ebox eth2: ping 192.168.1.5 Ok <1ms
laptop: ping 192.168.1.5 Ok <1ms
hw router: ping 192.168.1.5 Reply from 192.168.0.150: Destination host unreachable
google.com: ping google.com Pinging google.com [74.125.47.100] with 32 bytes of data: Reply from 192.168.0.150: Destination host unreachable
What's missing? Thanks.
ebox has two nic cards eth0 and eth2.
eh2 connected to the hw router (192.168.1.1) / internet
laptop connected to eth0
Configuration:
Network
Interfaces
eth2 DHCP External
eth0 Static Ip address: 192.168.0.101 Netmask: 255.255.255.0
DNS
empty
Gateways
empty
Diannosis
Name resolution cnn.com -> 157.166.224.26 1msec -> OK
Routes
empty
DHCP
Default gateway: eBox
Search domain: None
Primary nameserver: local eBox DNS
Dashbord:
eth2 = 192.168.1.5 -> assigned by hw router (DHCP), Status: up, link ok
ehh0 = 192.168.0.101 -> assigned by ebox (static), Status:up, link ok
laptop = 192.168.0.150 assigned by ebox (DHCP)
Laptop:
ipconfig
IPv4 Address...............192.168.0.150
Subnet Mask...............255.255.255.0
Default Gateway..........0.0.0.0
192.168.0.101 <-ebox
ebox eth0: ping 192.168.0.101 Ok <1ms
ebox eth2: ping 192.168.1.5 Ok <1ms
laptop: ping 192.168.1.5 Ok <1ms
hw router: ping 192.168.1.5 Reply from 192.168.0.150: Destination host unreachable
google.com: ping google.com Pinging google.com [74.125.47.100] with 32 bytes of data: Reply from 192.168.0.150: Destination host unreachable
What's missing? Thanks.
Pages: [1]