Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
16
Installation and Upgrades / Dashboard - Clicking "Configure Widgets" causes freezing
« on: July 26, 2010, 09:30:07 am »
eBox 1.5.8
2.6.32-24-generic-pae
:: BACKGROUND ::
This machine has been upgraded from 1.2, 1.3, 1.4, and now on 1.5. After the upgrade, the Networking module wasn't working but I fixed that. On the other hand, I'm still unable to get the LDAP/Samba stuff working so this might be related to me having a messed up setup on this particular machine.
:: PROBLEM ::
When clicking "Configure Widgets", the entire Dashboard locks up and only until a refresh am I able to click on anything.
:: TROUBLESHOOTING ::
I tested this on another eBox 1.5.8 machine which was installed with 1.5-1, and it does not have this problem.
2.6.32-24-generic-pae
:: BACKGROUND ::
This machine has been upgraded from 1.2, 1.3, 1.4, and now on 1.5. After the upgrade, the Networking module wasn't working but I fixed that. On the other hand, I'm still unable to get the LDAP/Samba stuff working so this might be related to me having a messed up setup on this particular machine.
:: PROBLEM ::
When clicking "Configure Widgets", the entire Dashboard locks up and only until a refresh am I able to click on anything.
:: TROUBLESHOOTING ::
I tested this on another eBox 1.5.8 machine which was installed with 1.5-1, and it does not have this problem.
17
Installation and Upgrades / LDAP/AD Server - Is it possible to forgo LDAP and just use AD?
« on: July 26, 2010, 07:16:30 am »
eBox 1.5.8
2.6.32-24-generic-pae
:: QUESTION 1 ::
Am I able to just connect to an AD server and forgo the whole LDAP ordeal or is LDAP used as the method of transport of users and that's why all of these problems are occurring?
:: QUESTION 2 ::
What is the exact reason LDAP + Samba doesn't work? Since LDAP uses Samba users for authentication, I can't understand why they don't go together.
:: QUESTION 3 ::
If there were some way to not transfer users, but have an AD eBox server and have other computers authenticate into it, would that allow for Samba file sharing to work? Would it allow for any AD BDC computers in this way?
2.6.32-24-generic-pae
:: QUESTION 1 ::
Am I able to just connect to an AD server and forgo the whole LDAP ordeal or is LDAP used as the method of transport of users and that's why all of these problems are occurring?
:: QUESTION 2 ::
What is the exact reason LDAP + Samba doesn't work? Since LDAP uses Samba users for authentication, I can't understand why they don't go together.
:: QUESTION 3 ::
If there were some way to not transfer users, but have an AD eBox server and have other computers authenticate into it, would that allow for Samba file sharing to work? Would it allow for any AD BDC computers in this way?
18
Installation and Upgrades / eBox 1.5.7 - Upgrading to Lucid from Hardy & 1.4.8 module problems
« on: July 24, 2010, 06:55:00 am »
eBox 1.5.7
2.6.32-23-generic-pae
:: PROBLEM ::
The File Sharing module isn't starting up after the upgrade. I dunno what I should do about it. It's something related to LDAP for some reason. This is the LDAP Master and I used to be able to run File Sharing on this one too unlike what you guys have said :p.
Is it related to the firewall or something? What should I do? I can remake the users, but I'd really rather not bother with remaking all my Samba users all over again
.
:: INFORMATION ::
tail -n 40 /var/log/ebox/ebox.log
2.6.32-23-generic-pae
:: PROBLEM ::
The File Sharing module isn't starting up after the upgrade. I dunno what I should do about it. It's something related to LDAP for some reason. This is the LDAP Master and I used to be able to run File Sharing on this one too unlike what you guys have said :p.
Is it related to the firewall or something? What should I do? I can remake the users, but I'd really rather not bother with remaking all my Samba users all over again
.:: INFORMATION ::
tail -n 40 /var/log/ebox/ebox.log
Code: [Select]
2010/07/23 23:17:08 INFO> Service.pm:635 EBox::Module::Service::restartService - Restarting service for module: events
2010/07/23 23:17:16 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:20:08 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:25:08 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:30:09 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:32:05 INFO> Global.pm:470 EBox::Global::saveAllModules - Saving config and restarting services: network samba firewall
2010/07/23 23:32:06 INFO> Base.pm:152 EBox::Module::Base::save - Restarting service for module: network
2010/07/23 23:32:07 ERROR> Sudo.pm:216 EBox::Sudo::_rootError - root command /sbin/iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark failed.
Error output: iptables: Protocol wrong type for socket
Command output: .
Exit value: 1
2010/07/23 23:32:07 ERROR> Sudo.pm:216 EBox::Sudo::_rootError - root command /usr/share/ebox-network/ebox-flush-fwmarks
/sbin/ip route flush table 101
/sbin/ip rule add fwmark 1 table 101
/sbin/ip rule add from 1.1.1.1 table 101
/sbin/ip route add default via 1.1.1.1 table 101
/sbin/ip rule add table main
/sbin/iptables -t mangle -A PREROUTING -m mark --mark 0/0xff -i eth0 -j MARK --set-mark 1
/sbin/iptables -t mangle -N EMARK
/sbin/iptables -t mangle -A PREROUTING -j EMARK
/sbin/iptables -t mangle -A OUTPUT -j EMARK
/sbin/iptables -t mangle -A EMARK -m mark --mark 0/0xff -j MARK --set-mark 1 failed.
Error output: iptables: Protocol wrong type for socket
iptables: Protocol wrong type for socket
Command output: .
Exit value: 1
2010/07/23 23:32:08 INFO> Base.pm:152 EBox::Module::Base::save - Restarting service for module: samba
2010/07/23 23:32:29 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:32:29 INFO> Base.pm:152 EBox::Module::Base::save - Restarting service for module: firewall
2010/07/23 23:32:34 INFO> Base.pm:798 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2010/07/23 23:32:35 ERROR> Global.pm:560 EBox::Global::saveAllModules - The following modules failed while saving their changes, their state is unknown: network samba
2010/07/23 23:35:08 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:40:08 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:45:07 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:48:03 INFO> Service.pm:635 EBox::Module::Service::restartService - Restarting service for module: samba
2010/07/23 23:48:23 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
2010/07/23 23:48:23 ERROR> Service.pm:640 EBox::Module::Service::__ANON__ - Error restarting service: Can't create ldapi connection
2010/07/23 23:48:28 ERROR> Ldap.pm:177 EBox::Ldap::anonymousLdapCon - Can't create ldapi connection
19
Installation and Upgrades / eBox Store - Password length maxes out at 58 char, but no error tells me
« on: July 21, 2010, 10:18:22 pm »
:: BUG ::
I made a 63-character password for my eBox, and it took it just fine, but now I cannot login to my account because the account password is longer than 58 characters, the amount seeming supported on this page: https://www.ebox-controlcenter.com/login/.
I noticed the password also does not work in the eBox Control Center module in 1.4.8, but I got it to work in the eBox Store page. So even if you can login to the store, that's about all you can do with a lengthy password like that.
Well that's one possible bug, the other one seems to be that I recevied the e-mail before my subscription went from Pending to Active.
:: GRAMMAR ::
There's a strange grammer issue in the e-mail I received as well:
Hello Saturn.
Thank you for blah blah blah.
I've never seen a case where the first letter of any paragraph is not capitalized unless it is a name and that name specifically has a lowercase letter for the first letter of its name.
I made a 63-character password for my eBox, and it took it just fine, but now I cannot login to my account because the account password is longer than 58 characters, the amount seeming supported on this page: https://www.ebox-controlcenter.com/login/.
I noticed the password also does not work in the eBox Control Center module in 1.4.8, but I got it to work in the eBox Store page. So even if you can login to the store, that's about all you can do with a lengthy password like that.
Well that's one possible bug, the other one seems to be that I recevied the e-mail before my subscription went from Pending to Active.
:: GRAMMAR ::
There's a strange grammer issue in the e-mail I received as well:
Quote
Hello Saturn,Whereas it might be best to put that all on one line. If you're going with two lines, do this:
thank you for your interest in eBox Server Subscriptions.
Hello Saturn.
Thank you for blah blah blah.
I've never seen a case where the first letter of any paragraph is not capitalized unless it is a name and that name specifically has a lowercase letter for the first letter of its name.
20
Installation and Upgrades / [SOLVED] OpenVPN - Documentation contains syntax error in parsing English
« on: July 21, 2010, 12:18:04 pm »
There's a syntax error when parsing English through the Saturn2888 interpreter 
.
Source: http://doc.ebox-platform.com/en/vpn.html#virtual-private-network-vpn
"eBox vs OpenVPN as a server. eBox OpenVPN as a client"
Should be:
One eBox as an OpenVPN server, the other as an OpenVPN client.
"The goal is to connect the client on the LAN 1 with client 2 on the LAN 2, as if they were in the same local network. Therefore, you have to configure an OpenVPN server as done in Practical example B."
Should be:
The goal is to connect client 1 on LAN1 to client 2 on LAN2 as if they were on the same network; therefore, you first have to configure an OpenVPN server as shown in Practical Example B.
.Source: http://doc.ebox-platform.com/en/vpn.html#virtual-private-network-vpn
"eBox vs OpenVPN as a server. eBox OpenVPN as a client"
Should be:
One eBox as an OpenVPN server, the other as an OpenVPN client.
"The goal is to connect the client on the LAN 1 with client 2 on the LAN 2, as if they were in the same local network. Therefore, you have to configure an OpenVPN server as done in Practical example B."
Should be:
The goal is to connect client 1 on LAN1 to client 2 on LAN2 as if they were on the same network; therefore, you first have to configure an OpenVPN server as shown in Practical Example B.
21
Installation and Upgrades / [SOLVED] Connectivity - Weak Eth lines are causing eBox to disconnect clients
« on: July 21, 2010, 11:35:47 am »
eBox 1.5.7
Ubuntu Lucid 10.04
BackupPC 3.1.0
:: BACKGROUND ::
I had tried this both in the office and outside via VPN on both slow and fast links (home vs university). In the office I used close and far connections over Wi-Fi and during this period I was running a ping to the eBox.
:: PROBLEM ::
While running a ping, I notice for the first time that I was losing SSH connection or that it was slow to type. There wasn't anything really different with the server at all. I moved in many different locations and noticed the ping stop dropping once I got in the room w/ the Wireless router. I was able to do everything I needed and figured it was just the Wi-Fi.
Later, I went to a university to continue what I was doing and utilized their connection speed for a VPN. I didn't do too much, but I didn't notice the same problems I had experienced earlier in the day. In fact, it felt as though I was on the local LAN.
Come to now, I'm at home and the VPN is becoming a huge issue. I have to keep hitting the "Reconnect" button in OpenVPN, or I'll drop out of SSH, HTTP, HTTPS, and remote desktop sessions. I assumed it was a VPN problem but remember the issues I was having with Wi-Fi earlier in the day.
My conclusion is that it is possible the weak links are causing the problems. The university connection over VPN is faster than even me being right up next to the wireless access point, but at home, my connection is about as fast as where I was in the building when I noticed the problems. As I'm sitting here right now, I made 87 consistent pings and then now it's not working anymore. OpenVPN still shows green.
:: TROUBLESHOOTING ::
I have it setup with DynDNS but didn't notice the IP changing at all in the logs so that's not the problem.
The last thing I did to verify it was not the router malfunctioning or losing connectivity was to run a "ping google.com" in a screen so when I lost connection, I could return to see if it continued without me. I got 0% packet loss so I figure the problem isn't with the Internet Connection on that side. It could still be that it is my home network causing the problems. If so, then it is a Traffic Shaping module issue. After disabling Traffic Shaping, I noticed no fix.
There is still a chance the Wi-Fi and VPN issues are unrelated. There's also a chance AT&T is cutting the VPN because it feels like it. And there's still a chance I just didn't notice any issues because I was being quick while at the university; but I highly doubt that as I know I was doing quite a bit and had a consistent connection for at least 40 minutes whereas I don't even know if I get 5 minutes right now.
Ubuntu Lucid 10.04
BackupPC 3.1.0
Code: [Select]
root:~# dpkg -l | grep "ebox-"
ii ebox-ca 1.5.2-0ubuntu1~ppa1~lucid1 eBox - Certification Authority
ii ebox-firewall 1.5.3-0ubuntu1~ppa1~lucid1 eBox - Firewall
ii ebox-ftp 1.5.1-0ubuntu1~ppa1~lucid1 eBox - FTP
ii ebox-monitor 1.5.3-0ubuntu1~ppa1~lucid1 eBox - Monitor
ii ebox-network 1.5.5-0ubuntu1~ppa1~lucid1 eBox - Network Configuration
ii ebox-objects 1.5.1-0ubuntu1~ppa1~lucid1 eBox - Network Objects
ii ebox-openvpn 1.5.3-1ubuntu1~ppa1~lucid1 eBox - VPN Service
ii ebox-remoteservices 1.5.3-0ubuntu1~ppa1~lucid1 eBox - Control Center Client
ii ebox-samba 1.5.6-0ubuntu1~ppa1~lucid1 eBox - File Sharing
ii ebox-services 1.5.3-0ubuntu1~ppa1~lucid1 eBox - Network Services
ii ebox-software 1.5.1-0ubuntu1~ppa1~lucid1 eBox - Software Management
ii ebox-usersandgroups 1.5.3-0ubuntu1~ppa1~lucid1 eBox - Users and Groups
ii ebox-webserver 1.5.3-0ubuntu1~ppa1~lucid1 eBox - Web Server
Additional Logs: http://badmarkup.com/ebox/timeouts/:: BACKGROUND ::
I had tried this both in the office and outside via VPN on both slow and fast links (home vs university). In the office I used close and far connections over Wi-Fi and during this period I was running a ping to the eBox.
:: PROBLEM ::
While running a ping, I notice for the first time that I was losing SSH connection or that it was slow to type. There wasn't anything really different with the server at all. I moved in many different locations and noticed the ping stop dropping once I got in the room w/ the Wireless router. I was able to do everything I needed and figured it was just the Wi-Fi.
Later, I went to a university to continue what I was doing and utilized their connection speed for a VPN. I didn't do too much, but I didn't notice the same problems I had experienced earlier in the day. In fact, it felt as though I was on the local LAN.
Come to now, I'm at home and the VPN is becoming a huge issue. I have to keep hitting the "Reconnect" button in OpenVPN, or I'll drop out of SSH, HTTP, HTTPS, and remote desktop sessions. I assumed it was a VPN problem but remember the issues I was having with Wi-Fi earlier in the day.
My conclusion is that it is possible the weak links are causing the problems. The university connection over VPN is faster than even me being right up next to the wireless access point, but at home, my connection is about as fast as where I was in the building when I noticed the problems. As I'm sitting here right now, I made 87 consistent pings and then now it's not working anymore. OpenVPN still shows green.
:: TROUBLESHOOTING ::
I have it setup with DynDNS but didn't notice the IP changing at all in the logs so that's not the problem.
The last thing I did to verify it was not the router malfunctioning or losing connectivity was to run a "ping google.com" in a screen so when I lost connection, I could return to see if it continued without me. I got 0% packet loss so I figure the problem isn't with the Internet Connection on that side. It could still be that it is my home network causing the problems. If so, then it is a Traffic Shaping module issue. After disabling Traffic Shaping, I noticed no fix.
There is still a chance the Wi-Fi and VPN issues are unrelated. There's also a chance AT&T is cutting the VPN because it feels like it. And there's still a chance I just didn't notice any issues because I was being quick while at the university; but I highly doubt that as I know I was doing quite a bit and had a consistent connection for at least 40 minutes whereas I don't even know if I get 5 minutes right now.
22
Installation and Upgrades / Re: New experimental improvement in logs (testing wanted)
« on: July 21, 2010, 11:04:43 am »
Apparently one of the machines I'm administering has been testing it as I notice it's on eBox 1.5.7, and I restarted the entire machine this afternoon. What are you looking for exactly? I took a look at htop for a while, and it was using very little CPU. Didn't seem like anything was really going all the time constantly. Is the logger associated with collectd? I normally notice collectd kinda taking over in 1.4 and earlier eBox versions, but I haven't noticed it in 1.5 at all; and I only just installed htop today so my data might be insufficient.
23
Installation and Upgrades / OpenVPN - ZIP file config structure not allowing multiple VPNs
« on: July 21, 2010, 10:12:27 am »
eBox 1.4.8
Ubuntu Hardy 8.04.4
2.6.24-27-ebox
:: DOCUMENTATION ::
Something that would be good to include in the OpenVPN documentation is how to setup an OpenVPN client with connections to multiple VPNs either through the client GUI or the client service. If you need, I can assist you because I've done my own experiments with it. I believe Linux handles all of this itself in the VPN network managers, but in Windows it's a different story. I would be willing to assist you in creating these pages if needed.
:: BACKGROUND ::
Because of my experiences with more than one *.ovpn config file, I think you guys need to change how you put the config file and certs in the ZIP file when downloaded from the VPN page. For instance, the way the OpenVPN GUI works is it pulls config files recursively while the OpenVPN Service pulls only those config files that are in the top openvpn/config directory. This is good if you wanna have only certain VPNs start with the OpenVPN Service and others controlled through the GUI. Now, it seems the OpenVPN Service starts each config file in alphabetical order so that could screw things up if you customized some entries (like Gateway) in your TAP adapters. I've not done enough tests on this yet to say for sure what causes what issues I was experiencing.
:: eBox OpenVPN LIMITATION ::
In connecting to multiple VPNs, you need multiple TAP adapters. Normally you could suffice w/ alias adapters, but in Windows, this is the limitation. The reason for opening this thread is because of the way the ZIP file structures the files.
To boot from multiple config files using the OpenVPN Service they all need to be in openvpn/config. This is a problem since the certs and everything else are, by default, in one folder requiring you to go into the config file to edit things. The way I set it up is to have a folder with the same name as the config file containing the certs in the openvpn/config folder and the *.ovpn file also in the openvpn/config folder so it looks like this:
C:\Program Files (x86)\OpenVPN>dir config
ebox-client.ovpn
ebox-client/ (certs in here)
This way, if you wanted to hide the config file from the OpenVPN Service, you just simply put it a parent folder so the non-recursive lookup won't find it, but if you want to trigger multiple config files to load, now you just place them in openvpn/config because the *.ovpn file will be sitting there only with other *.ovpn files. It's simple and easy and allows you to utilize both the GUI and the Service. I don't think making this change at this point in the development of eBox will harm anything since it's a dynamic change, and it more-easily allows for connecting to multiple VPNs without having to manually edit a bunch of config files which I had to do manually
.
All the change will do is increase compatibility, usability, and require far less manual labor. There are no downsides to this that I can think of, not one except maybe if someone copy/pastes over their old config file and doesn't copy the new child folder containing the certs; although, that's extremely easy to fix. If you change it now, it will wind up being a better decision in the future when more people like me appear who have to service multiple locations and do so through eBox OpenVPNs.
:: MISC ::
I think you should remove the -client from the config file names because it's redundant. It's better to connect to Workplace1 and Workplace2 instead of Workplace1-client and Workplace2-client. When you have 10 places to connect to, it gets really repetitive. I want to say "yes, I know, it's a client connection". And if you only have one, putting the -client seems unneeded. This is a very minor issue.
Ubuntu Hardy 8.04.4
2.6.24-27-ebox
:: DOCUMENTATION ::
Something that would be good to include in the OpenVPN documentation is how to setup an OpenVPN client with connections to multiple VPNs either through the client GUI or the client service. If you need, I can assist you because I've done my own experiments with it. I believe Linux handles all of this itself in the VPN network managers, but in Windows it's a different story. I would be willing to assist you in creating these pages if needed.
:: BACKGROUND ::
Because of my experiences with more than one *.ovpn config file, I think you guys need to change how you put the config file and certs in the ZIP file when downloaded from the VPN page. For instance, the way the OpenVPN GUI works is it pulls config files recursively while the OpenVPN Service pulls only those config files that are in the top openvpn/config directory. This is good if you wanna have only certain VPNs start with the OpenVPN Service and others controlled through the GUI. Now, it seems the OpenVPN Service starts each config file in alphabetical order so that could screw things up if you customized some entries (like Gateway) in your TAP adapters. I've not done enough tests on this yet to say for sure what causes what issues I was experiencing.
:: eBox OpenVPN LIMITATION ::
In connecting to multiple VPNs, you need multiple TAP adapters. Normally you could suffice w/ alias adapters, but in Windows, this is the limitation. The reason for opening this thread is because of the way the ZIP file structures the files.
To boot from multiple config files using the OpenVPN Service they all need to be in openvpn/config. This is a problem since the certs and everything else are, by default, in one folder requiring you to go into the config file to edit things. The way I set it up is to have a folder with the same name as the config file containing the certs in the openvpn/config folder and the *.ovpn file also in the openvpn/config folder so it looks like this:
C:\Program Files (x86)\OpenVPN>dir config
ebox-client.ovpn
ebox-client/ (certs in here)
This way, if you wanted to hide the config file from the OpenVPN Service, you just simply put it a parent folder so the non-recursive lookup won't find it, but if you want to trigger multiple config files to load, now you just place them in openvpn/config because the *.ovpn file will be sitting there only with other *.ovpn files. It's simple and easy and allows you to utilize both the GUI and the Service. I don't think making this change at this point in the development of eBox will harm anything since it's a dynamic change, and it more-easily allows for connecting to multiple VPNs without having to manually edit a bunch of config files which I had to do manually
.All the change will do is increase compatibility, usability, and require far less manual labor. There are no downsides to this that I can think of, not one except maybe if someone copy/pastes over their old config file and doesn't copy the new child folder containing the certs; although, that's extremely easy to fix. If you change it now, it will wind up being a better decision in the future when more people like me appear who have to service multiple locations and do so through eBox OpenVPNs.
:: MISC ::
I think you should remove the -client from the config file names because it's redundant. It's better to connect to Workplace1 and Workplace2 instead of Workplace1-client and Workplace2-client. When you have 10 places to connect to, it gets really repetitive. I want to say "yes, I know, it's a client connection". And if you only have one, putting the -client seems unneeded. This is a very minor issue.
24
Installation and Upgrades / Active Directory - Unable to connect OpenSolaris because of DNS
« on: July 21, 2010, 03:40:06 am »
I'm assuming this "DNSNameResolutionRequired"=dword:00000000 registry entry for Win7 might also mean something in OpenSolaris because it's requiring I put in a DNS server, and it's erroring out at that point for some reason. Any help would be greatly appreciated.
25
Installation and Upgrades / Traffic Shaping - Application Protocol Rules not working w/ BitTorrent
« on: July 18, 2010, 12:24:11 am »
eBox 1.4.8
Kernel 2.6.24-27-ebox
I know another eBox patron has fixed this issue, but it still persists with me. I've tried both application and port limiting, no fix. I figure something's not triggering w/ Traffic Shaping. The module is enabled in eBox. To verify it's actually doing something, I've limited all of the outbound packets from a machine running a BitTorrent client, and the machine successfully showed it's on a constrained outbound line.
/----------------- OPTIONAL READ -----------------\
I did a few speedtests using http://speedtest.surewest.net/ and noticed that the download speed was limited to 1.8Mbps when I limited the upload to 30Kbps. Once I made the upload 120Kbps, my download speed return to normal (5.3Mbps). It is limiting the speed correctly but some stuff gets messed up when you limit the upload too much.
\-----------------------------------------------------/
I know limiting an entire machine works, but limiting specific ports on that machine or bittorrent protocol packets does not work. I use Vuze as my client and found a couple articles on the Wiki that are good reads since one is named "Avoid traffic shaping".
http://wiki.vuze.com/w/Message_Stream_Encryption
http://wiki.vuze.com/w/Avoid_traffic_shaping
http://wiki.vuze.com/w/Select_port_for_Vuze
I disabled the RC4 encryption, and when I set the p2p Application Group rule set to limit those packets, I noticed no change. I'm guessing this is because disabling RC4 only disables it unless the other end requires it and my client supports it.
Vuze itself supports limiting, but I want to only limit Vuze when my CDMA booter is in use. Things are most-troublesome is when people are making calls and BitTorrent is sucking away at the upload bandwidth. The device uses 40Kbps per call in both up and down. I have verified this usage looking at my bandwidth-monitoring tools. I guaranteed it 60Kbps (since that's the minimum) in both upload and download. I want to note I have never had a problem receiving voice over calls, it's just transmitting my voice which is the problem as the upload bandwidth is just sucked away by Vuze. I also said all connections out of this particular device on my network must be priority 0 in that, it should give all packets from the device the highest priority no matter what.
During a flood of BitTorrent upload packets, the cellular voice connection becomes unbearable to listen to. I have some 448Kbps of consistent upload speed, sometimes more up to 530Kbps so there's plenty of bandwidth available for a 40Kbps call.
In a test I executed just now, I called my phone from Skype while at home and flooding the upload line with BitTorrent packets. This means both Skype, my phone, and Vuze are transmitting and receiving data on the same line. For some reason, Traffic Shaping is allowing all of these unsolicited BitTorrent packets to flood it without any regard to the cell phone connection.
I'm wondering if anyone here knows exactly how traffic shaping works so I might be able to figure out another way to limit BitTorrent uploading from degrading the entirety of VoIP connections.
Kernel 2.6.24-27-ebox
I know another eBox patron has fixed this issue, but it still persists with me. I've tried both application and port limiting, no fix. I figure something's not triggering w/ Traffic Shaping. The module is enabled in eBox. To verify it's actually doing something, I've limited all of the outbound packets from a machine running a BitTorrent client, and the machine successfully showed it's on a constrained outbound line.
/----------------- OPTIONAL READ -----------------\
I did a few speedtests using http://speedtest.surewest.net/ and noticed that the download speed was limited to 1.8Mbps when I limited the upload to 30Kbps. Once I made the upload 120Kbps, my download speed return to normal (5.3Mbps). It is limiting the speed correctly but some stuff gets messed up when you limit the upload too much.
\-----------------------------------------------------/
I know limiting an entire machine works, but limiting specific ports on that machine or bittorrent protocol packets does not work. I use Vuze as my client and found a couple articles on the Wiki that are good reads since one is named "Avoid traffic shaping".
http://wiki.vuze.com/w/Message_Stream_Encryption
http://wiki.vuze.com/w/Avoid_traffic_shaping
http://wiki.vuze.com/w/Select_port_for_Vuze
I disabled the RC4 encryption, and when I set the p2p Application Group rule set to limit those packets, I noticed no change. I'm guessing this is because disabling RC4 only disables it unless the other end requires it and my client supports it.
Vuze itself supports limiting, but I want to only limit Vuze when my CDMA booter is in use. Things are most-troublesome is when people are making calls and BitTorrent is sucking away at the upload bandwidth. The device uses 40Kbps per call in both up and down. I have verified this usage looking at my bandwidth-monitoring tools. I guaranteed it 60Kbps (since that's the minimum) in both upload and download. I want to note I have never had a problem receiving voice over calls, it's just transmitting my voice which is the problem as the upload bandwidth is just sucked away by Vuze. I also said all connections out of this particular device on my network must be priority 0 in that, it should give all packets from the device the highest priority no matter what.
During a flood of BitTorrent upload packets, the cellular voice connection becomes unbearable to listen to. I have some 448Kbps of consistent upload speed, sometimes more up to 530Kbps so there's plenty of bandwidth available for a 40Kbps call.
In a test I executed just now, I called my phone from Skype while at home and flooding the upload line with BitTorrent packets. This means both Skype, my phone, and Vuze are transmitting and receiving data on the same line. For some reason, Traffic Shaping is allowing all of these unsolicited BitTorrent packets to flood it without any regard to the cell phone connection.
I'm wondering if anyone here knows exactly how traffic shaping works so I might be able to figure out another way to limit BitTorrent uploading from degrading the entirety of VoIP connections.
26
Installation and Upgrades / Unable to sort any Traffic Shaping entries
« on: July 17, 2010, 10:44:59 pm »
eBox 1.4.8
Kernel 2.6.24-27-ebox
None of the traffic shaping modules sort or have any method of sorting available to organize the entires. I have attached and image dictating what happened when I created an "ftp" group and renamed it "router". Notice how it did not alphabetically sort. The Traffic Shaping -> Rules page also does not let met sort by priority or by name which would be very beneficial when I have a lot on there, and they're all out of order. Worse yet, they're in different orders on the internal and external pages.
http://badmarkup.com/ebox/traffic-shaping-no-sort.png
Kernel 2.6.24-27-ebox
None of the traffic shaping modules sort or have any method of sorting available to organize the entires. I have attached and image dictating what happened when I created an "ftp" group and renamed it "router". Notice how it did not alphabetically sort. The Traffic Shaping -> Rules page also does not let met sort by priority or by name which would be very beneficial when I have a lot on there, and they're all out of order. Worse yet, they're in different orders on the internal and external pages.
http://badmarkup.com/ebox/traffic-shaping-no-sort.png
27
Installation and Upgrades / [SOLVED] Traffic Shaping - Cannot choose Layer 7 Protocols from the Rules Menu
« on: July 17, 2010, 07:08:35 pm »
eBox 1.4.8
:: Question ::
It's my understanding that eBox does the xt_layer7.ko module in user space now and doesn't require it anymore for traffic shaping to work properly. I did apt-get on the l7 stuff so those app-specific rules show up as a submenu of Traffic Shaping, but I'm unable to select those Layer 7 apps when setting up rules. Is there a fix I'm missing for that? Do I need to restart the machine?
I'm curious if the Traffic Shaping module looks at the packet header info for say "bittorrent" to find out if that packet fits the bill or if there's a more-detailed way of finding out which packets qualify as such since I've read it's marking things, but I don't quite know how that works.
:: Question ::
It's my understanding that eBox does the xt_layer7.ko module in user space now and doesn't require it anymore for traffic shaping to work properly. I did apt-get on the l7 stuff so those app-specific rules show up as a submenu of Traffic Shaping, but I'm unable to select those Layer 7 apps when setting up rules. Is there a fix I'm missing for that? Do I need to restart the machine?
I'm curious if the Traffic Shaping module looks at the packet header info for say "bittorrent" to find out if that packet fits the bill or if there's a more-detailed way of finding out which packets qualify as such since I've read it's marking things, but I don't quite know how that works.
28
Installation and Upgrades / Port Forwarding restricts Destination to IP not including Object
« on: July 17, 2010, 12:10:24 pm »
eBox 1.4.8
There's a feature limitation in Port Forwarding which restricts you to referring only to a destination IP; I can't set it up to use an Object. I realize this is because you can have objects that contain multiple IPs, but it should at least list the objects that have only one IP so I can choose one of those. This would lead to far better and more useful integration of Objects. Next step is to make them compatible w/ DHCP and DNS.
There's a feature limitation in Port Forwarding which restricts you to referring only to a destination IP; I can't set it up to use an Object. I realize this is because you can have objects that contain multiple IPs, but it should at least list the objects that have only one IP so I can choose one of those. This would lead to far better and more useful integration of Objects. Next step is to make them compatible w/ DHCP and DNS.
29
Installation and Upgrades / [SOLVED] Traffic Shaping - Do I need to specify src & dest ports in Services?
« on: July 17, 2010, 11:26:16 am »
eBox 1.4.8
For example, the eBox VPN service is 1194. Do I need to specify a service port src: any, dest: 1194 and src:1194, dest: any if I setup my Traffic Shaping correctly? How would be correct thought? If it's backwards for Internal or External, then should I also make the port references backwards as well?
Take the HTTP Service config where it's src: any, dest: 80. To make Traffic Shaping work properly, does that mean I need to add src:80, dest: any as well?
For example, the eBox VPN service is 1194. Do I need to specify a service port src: any, dest: 1194 and src:1194, dest: any if I setup my Traffic Shaping correctly? How would be correct thought? If it's backwards for Internal or External, then should I also make the port references backwards as well?
Take the HTTP Service config where it's src: any, dest: 80. To make Traffic Shaping work properly, does that mean I need to add src:80, dest: any as well?
30
Installation and Upgrades / [SOLVED] Documentation for QoS Traffic Shaping has spelling error
« on: July 17, 2010, 09:44:38 am »
http://doc.ebox-platform.com/en/qos.html#practise-example
Practice, not practise.
"In addition to these systems, bandwidth management mechanisms may be used to further improve performance such as traffic shaping, Scheduling algorithms o congestion avoidance."
o = or
Don't forget the comma after algorithms and make sure Scheduling is lower-cased.
Practice, not practise.
"In addition to these systems, bandwidth management mechanisms may be used to further improve performance such as traffic shaping, Scheduling algorithms o congestion avoidance."
o = or
Don't forget the comma after algorithms and make sure Scheduling is lower-cased.