Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / OpenVPN
« on: July 05, 2013, 06:54:02 pm »
Hi all,
OpenVPN Server can handle specific parameters (ccd) for each client, but I can not found any interface to implement this in zentyal.
My goal is to force the client ip in the vpn (push-ifconfig).
another module is it necessary ? or is it not implemented ?
Thanks,
Yannick
OpenVPN Server can handle specific parameters (ccd) for each client, but I can not found any interface to implement this in zentyal.
My goal is to force the client ip in the vpn (push-ifconfig).
another module is it necessary ? or is it not implemented ?
Thanks,
Yannick
2
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 05:59:18 pm »
it seems that the default SNAT rules (LAN to WAN with SNAT on default WAN interface) do not appear in the SNAT rules list ? you confrm ?
my snat rule for a specific server must be "read" before the default (order instead of priority ?) so if default rule do not appear, is custom rule read before ?
my snat rule for a specific server must be "read" before the default (order instead of priority ?) so if default rule do not appear, is custom rule read before ?
3
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 05:45:53 pm »
Default SNAT rule doesn't appear in Web GUI ? how to change priority ?
4
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 05:37:02 pm »
Default SNAT rule (LAN to WAN) do not appear in SNAT rules (Web GUI) ?
5
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 05:35:02 pm »
In my configuration, I have 3 WAN interfaces (WAN1, WAN2, WAN3)
Zentyal use WAN3 as default.
If I configure a port forward on WAN3 to internal web server, it's working. but I set port forward on WAN2 (the rule, just change 'interface') it's not working.
My first idea is that packets come back by the default (WAN3) interface instead of the original WAN.
Zentyal use WAN3 as default.
If I configure a port forward on WAN3 to internal web server, it's working. but I set port forward on WAN2 (the rule, just change 'interface') it's not working.
My first idea is that packets come back by the default (WAN3) interface instead of the original WAN.
6
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 05:27:47 pm »
I think I have an issue with port forwarding.
Zential use the last interface set by network.postsetconf as default interface (why not?).
If I do a port forward (http to an internal web server) it's work.
If I use another WAN interface, it don't work. an idea ?
Zential use the last interface set by network.postsetconf as default interface (why not?).
If I do a port forward (http to an internal web server) it's work.
If I use another WAN interface, it don't work. an idea ?
7
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 04:59:21 pm »
it is possible to create a cluster between two physical machine on Online network if they are in the same Datacenter. Online provide a private network to "join" many computers.
In addition, you can also payed for a SAN storage and ... create a cluster. So you are right, it's like a cluster.
my conf with network.postsetconf work as fine. I'm just enabled ping to WAN for test, and each reply correctly.
In addition, you can also payed for a SAN storage and ... create a cluster. So you are right, it's like a cluster.
my conf with network.postsetconf work as fine. I'm just enabled ping to WAN for test, and each reply correctly.
8
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 03:43:36 pm »
it's not WAN failover.
the name "IP failover" is perhaps a commercial terms for Online.
See it like a public IP that must be associated to a mac address and only one. So if you want a virtual server with multiple public ip, you must subscribe to "ip failover" and create an virtual netcard connected on your server for each.
French link to explain more : http://documentation.online.net/fr/serveur-dedie/reseau/ip-failover
the name "IP failover" is perhaps a commercial terms for Online.
See it like a public IP that must be associated to a mac address and only one. So if you want a virtual server with multiple public ip, you must subscribe to "ip failover" and create an virtual netcard connected on your server for each.
French link to explain more : http://documentation.online.net/fr/serveur-dedie/reseau/ip-failover
9
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 03:26:34 pm »
After configuring a hook network.postsetconf, my routing table works as fine.
I see a rt_tables.mas in /usr/share/zentyal/stubs/network but I can't found any Web GUI to used it. At this time, I have added all instructions in the network.postsetconf.
Perhaps, it could be better to use Web GUI for rt_table ?
I see a rt_tables.mas in /usr/share/zentyal/stubs/network but I can't found any Web GUI to used it. At this time, I have added all instructions in the network.postsetconf.
Perhaps, it could be better to use Web GUI for rt_table ?
10
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 01:41:03 pm »
do not confuce ip failover and wan failover. Wan Failover work by detecting an anaivalable gateway.
IP FailOver is more like additionnal IP Address provided by the hoster and availlable on all their datacenter.
In fact, you have 3 WAN interface, each have a public IP : 88.190.1.2/32, 88.190.10.54/32, 88.190.20.72/32 (example).
My physical machine have this ip 88.189.50.2/24, and the gateway is 88.189.50.1.
So gateway for 3 WAN interface (vm) is the same 88.189.50.1
Each WAN is available at the same time like multi wan ip address one a single interface.
1. Zentyal do not allow by the GUI to have a 255.255.255.255 mask, I have change a template as posted here : http://forum.zentyal.org/index.php?topic=2393.0
2. Zentyal do not allow by the GUI to add a gateway that is not reachable by the interface. 88.189.50.1 is not on the same network that 88.190.1.2/32, so I must create a muti routing table (one for each interface) and add route to the gateway for each.
3. I have not found a method to create multi routing table in Zentyal.
After regarding the zentyal hooks, I think that the "postsetconf" method could do the trick on the network module.
IP FailOver is more like additionnal IP Address provided by the hoster and availlable on all their datacenter.
In fact, you have 3 WAN interface, each have a public IP : 88.190.1.2/32, 88.190.10.54/32, 88.190.20.72/32 (example).
My physical machine have this ip 88.189.50.2/24, and the gateway is 88.189.50.1.
So gateway for 3 WAN interface (vm) is the same 88.189.50.1
Each WAN is available at the same time like multi wan ip address one a single interface.
1. Zentyal do not allow by the GUI to have a 255.255.255.255 mask, I have change a template as posted here : http://forum.zentyal.org/index.php?topic=2393.0
2. Zentyal do not allow by the GUI to add a gateway that is not reachable by the interface. 88.189.50.1 is not on the same network that 88.190.1.2/32, so I must create a muti routing table (one for each interface) and add route to the gateway for each.
3. I have not found a method to create multi routing table in Zentyal.
After regarding the zentyal hooks, I think that the "postsetconf" method could do the trick on the network module.
11
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 11:01:53 am »
In fact my provider is Online, not OVH, but the goal (and method) is the same.
I have a physical machine that run under ProxMox.
a vm act as firewall for each other VM connected on a virtual lan.
At the beginning, we used Pfsense for that.
The firewall need to have a virtual mac address provided by the hoster (Online) for each additionnal IP (ip failover). When you have only one ip failover, all is beautiful and work, even with pfsense. but, if you need more than one ip failover on the same computer, you need to add a net card to your firewall (because 1 IP = 1 mac).
For all ip failover, the default gateway is the default gateway of the physical machine. So you have a gateway on a different subnet of your ipfailover that is the same for each interface. Zentyal Web GUI do not allow to add a gateway that is on a different subnet and do not allow to add static route on an interface (vs gateway). At this time, I haven't found any solution to manage multirouting table from the GUI.
Pfsense work on BSD but is not compilated with the support of multi routing table.
so I need a firewall, working under linux, using iproute2 (for support of multi routing table), with Web GUI, OpenVPN support and CA Authoritory.
After a lot of search, I discover Zentyal and decide to test it.
I have a physical machine that run under ProxMox.
a vm act as firewall for each other VM connected on a virtual lan.
At the beginning, we used Pfsense for that.
The firewall need to have a virtual mac address provided by the hoster (Online) for each additionnal IP (ip failover). When you have only one ip failover, all is beautiful and work, even with pfsense. but, if you need more than one ip failover on the same computer, you need to add a net card to your firewall (because 1 IP = 1 mac).
For all ip failover, the default gateway is the default gateway of the physical machine. So you have a gateway on a different subnet of your ipfailover that is the same for each interface. Zentyal Web GUI do not allow to add a gateway that is on a different subnet and do not allow to add static route on an interface (vs gateway). At this time, I haven't found any solution to manage multirouting table from the GUI.
Pfsense work on BSD but is not compilated with the support of multi routing table.
so I need a firewall, working under linux, using iproute2 (for support of multi routing table), with Web GUI, OpenVPN support and CA Authoritory.
After a lot of search, I discover Zentyal and decide to test it.
12
French / Re: IPFailOver
« on: July 05, 2013, 09:10:10 am »
Topic en doublon, la suite ici http://forum.zentyal.org/index.php/topic,16684.0.html
13
Installation and Upgrades / Re: Use iproute2
« on: July 05, 2013, 09:09:18 am »
ok. I'm adding a link to this post in the french post. English post could be more useful for many people.
Following your information in the french post, I'm working on "Advanced Service Configuration" http://doc.zentyal.org/en/develop.html#advanced-service-customisation
Following your information in the french post, I'm working on "Advanced Service Configuration" http://doc.zentyal.org/en/develop.html#advanced-service-customisation
14
French / Re: IPFailOver
« on: July 05, 2013, 08:59:49 am »
Bonjour et merci pour la réponse, je vais étudier cela.
Je compte utiliser Zentyal uniquement comme firewall frontal. Pour utiliser de multiple ip failover (ovh / online), iproute2 est indispensable.
Je compte utiliser Zentyal uniquement comme firewall frontal. Pour utiliser de multiple ip failover (ovh / online), iproute2 est indispensable.
15
Installation and Upgrades / Use iproute2
« on: July 04, 2013, 11:49:12 pm »
Hi all,
I'm new user of zentyal and I'm searching how to set this parameters in the web interface :
1. Add post-up and post-down command in network/interfaces
auto eth0
iface eth0 inet static
address 88.190.X.X
netmask 255.255.255.255
network 88.190.X.X
broadcast 88.190.X.X
up route add -host 88.190.X.1 dev eth0
up route add default gw 88.190.X.1
auto eth1
iface eth1 inet static
address 88.190.X.Y
netmask 255.255.255.255
network 88.190.X.Y
broadcast 88.190.X.Y
up route add -host 88.190.X.1 dev eth1
up route add default gw 88.190.X.1
2. Create a routing table for each interface
echo 200 ipsupp0 >> /etc/iproute2/rt_tables
echo 201 ipsupp1 >> /etc/iproute2/rt_tables
3. Add routing rules
ip rule add from 88.190.X.X table ipsupp0
ip rule add from 88.190.X.Y table ipsupp1
4. Add routes
ip route add default via 88.190.X.1 dev eth0 table ipsupp0
ip route add default via 88.190.X.1 dev eth1 table ipsupp1
This configuration is necessary to run zentyal in a VM (Proxmox) in french hoster environnement (ex OVH, ONLINE)
Thanks for your help.
Yannick
I'm new user of zentyal and I'm searching how to set this parameters in the web interface :
1. Add post-up and post-down command in network/interfaces
auto eth0
iface eth0 inet static
address 88.190.X.X
netmask 255.255.255.255
network 88.190.X.X
broadcast 88.190.X.X
up route add -host 88.190.X.1 dev eth0
up route add default gw 88.190.X.1
auto eth1
iface eth1 inet static
address 88.190.X.Y
netmask 255.255.255.255
network 88.190.X.Y
broadcast 88.190.X.Y
up route add -host 88.190.X.1 dev eth1
up route add default gw 88.190.X.1
2. Create a routing table for each interface
echo 200 ipsupp0 >> /etc/iproute2/rt_tables
echo 201 ipsupp1 >> /etc/iproute2/rt_tables
3. Add routing rules
ip rule add from 88.190.X.X table ipsupp0
ip rule add from 88.190.X.Y table ipsupp1
4. Add routes
ip route add default via 88.190.X.1 dev eth0 table ipsupp0
ip route add default via 88.190.X.1 dev eth1 table ipsupp1
This configuration is necessary to run zentyal in a VM (Proxmox) in french hoster environnement (ex OVH, ONLINE)
Thanks for your help.
Yannick
Pages: [1] 2