Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Installation and Upgrades / Re: large data copy crashes samba4 file sharing
« on: September 15, 2012, 09:59:14 am »
Try to make the folder permission as administrator only and see if that makes a diff.
Hth
Hth
32
Installation and Upgrades / Re: Getting started with zentyal
« on: September 14, 2012, 10:20:51 am »it working fine now.. but how can i customize the captive portal and redirect it to another page??
Hmm, I'm not sure if that's possible with Zentyal 3.0.
33
News and Announcements / Re: Zentyal 3.0 available!
« on: September 14, 2012, 10:18:28 am »
Congratulations!!
Looking forward for more great stuff.
Cheers!
Looking forward for more great stuff.
Cheers!
34
Installation and Upgrades / Re: Case study: how to interconnect sites using Zentyal VPN
« on: September 14, 2012, 06:44:34 am »
UPDATE..
Finally, I was successful with Zentyal-to-Zentyal VPN. I shall post the procedure as soon as I find time.
Cheers!
Finally, I was successful with Zentyal-to-Zentyal VPN. I shall post the procedure as soon as I find time.
Cheers!
35
Installation and Upgrades / Re: OpenVPN Connection Error - TLS Error: TLS handshake failed
« on: September 14, 2012, 05:35:44 am »
Hi,
The procedure above is complete and working. Just make sure you use Openvpnclient-2.2.2.
Network mapping is also possible.
Thanks for all your help.
Enjoy!
The procedure above is complete and working. Just make sure you use Openvpnclient-2.2.2.
Network mapping is also possible.
Thanks for all your help.
Enjoy!
36
Installation and Upgrades / Re: Case study: how to interconnect sites using Zentyal VPN
« on: September 14, 2012, 05:27:07 am »In the case of 2.0 at least is was possible to add a dashboard widget on the server end that would display the status of a VPN connection, including letting you know if there were no users connected. That widget could provide at-a-glance confirmation of a connection at the server end.
But if the client machine is showing "VPN Interface address: Not active," I'm pretty sure that there is no connection. There should be an IP address from the VPN address space for that VPN server in that section. For example, "VPN interface address 192.168.2.2/24" at the client end, where you have "VPN interface address 192.168.2.1/24" at the server end.
Yes, this is also what I'm expecting... the client should have acquired an IP coming from the Zentyal VPN Server (by default 192.168.160.0). I'm expecting this will be displayed on the OpenVPN Daemon at the Dashboard.
In the logs I see:
Fri Sep 14 11:38:33 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Sep 14 11:38:33 2012 TLS Error: TLS handshake failed
Fri Sep 14 11:38:33 2012 TCP/UDP: Closing socket
Fri Sep 14 11:38:33 2012 SIGUSR1[soft,tls-error] received, process restarting
Fri Sep 14 11:38:33 2012 Restart pause, 2 second(s)
Fri Sep 14 11:38:35 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Sep 14 11:38:35 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Sep 14 11:38:35 2012 Re-using SSL/TLS context
Fri Sep 14 11:38:35 2012 LZO compression initialized
Fri Sep 14 11:38:35 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Sep 14 11:38:35 2012 Socket Buffers: R=[262144->131072] S=[262144->131072]
Fri Sep 14 11:38:35 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Sep 14 11:38:35 2012 Local Options hash (VER=V4): 'd79ca330'
Fri Sep 14 11:38:35 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Sep 14 11:38:35 2012 UDPv4 link local: [undef]
Fri Sep 14 11:38:35 2012 UDPv4 link remote: [AF_INET]115.84.224.36:1194
I'll try to work it out and post the any progress....
37
Installation and Upgrades / Re: Case study: how to interconnect sites using Zentyal VPN
« on: September 14, 2012, 05:23:56 am »C4rdinal, if you somehow succeed in connecting the remote sites, it would be fantastic if you could share your findings.
I'm about to "deploy" a Zentyal 3.0 server with a company here, and they absolutely need VPN...
It's always a good thing to be prepared for possible pitfalls.
Cheers.
I have succeeded configuring Zentyal and remote Clients. I already posted the complete process on my post here: http://forum.zentyal.org/index.php/topic,11987.0.html
And if anybody have any questions on other details, I'll be more than glad to share them.
My Zentyal-to-Zentyal VPN experiment is almost complete, I will share the complete setup when it's done.
Thanks
38
Installation and Upgrades / Re: Case study: how to interconnect sites using Zentyal VPN
« on: September 14, 2012, 05:19:03 am »what if you restart VPN client side ?
Already restarted several times but it doesn't help.
From the Main Office I have 2 WAN Connections. I notice in the Firewall log that there were traffic Sourced from WAN2 IP Address and is being DROPPED. It OpenVPN should be routed back using WAN1 which is the CONNECTED TARGET.
I created a MultiWAN policy to route traffic:
SOURCE: ANY
DESTINATION: ANY
SERVICE: OPENVPN (UDP 1194)
GATEWAY: WAN1
However, I see that the traffic coming out my WAN2 using OPENVPN Service still go on... I don't know why.
39
Installation and Upgrades / Re: Case study: how to interconnect sites using Zentyal VPN
« on: September 13, 2012, 10:02:58 am »Do you mean document I posted in HowTo section ?
How did you set up your "client"? Using bundle or manually?
Edit: I just read again what I posted months agothere is a lot of typo and sentences hardly understandable
I do need to work on it again
Thanks for the reply.
Yes, the Howto section and I used the bundle...
No worries, you have done a great job and the Howto is very helpful.
40
Installation and Upgrades / Case study: how to interconnect sites using Zentyal VPN
« on: September 13, 2012, 08:46:38 am »
Hi Christian,
I red your Case Study on Zentyal OpenVPN and would like to thank you for sharing it. I have a question though.
After Enabling the OpenVPN Service in both sides (Zentyal Central Office and Zentyal Client), I'm assuming the Zentyal Client will get a VPN IP address from the Server as it is usually the case, right? Because this doesn't happen on my deployment.
In the Dashboard it says VPN Interface Address: Not active.
I'm looking for the logs but don't see anything. How can I verify that the VPN was established with the Remote Zentyal Client?
Thanks and looking forward for your answer.
I red your Case Study on Zentyal OpenVPN and would like to thank you for sharing it. I have a question though.
After Enabling the OpenVPN Service in both sides (Zentyal Central Office and Zentyal Client), I'm assuming the Zentyal Client will get a VPN IP address from the Server as it is usually the case, right? Because this doesn't happen on my deployment.
In the Dashboard it says VPN Interface Address: Not active.
I'm looking for the logs but don't see anything. How can I verify that the VPN was established with the Remote Zentyal Client?
Thanks and looking forward for your answer.
41
Installation and Upgrades / Re: Getting started with zentyal
« on: September 13, 2012, 07:13:43 am »
First you have to make sure your server and client can access the internet without the Captive portal.
Post here what configurations you did so far so we can help you. It's hard to resolve things without any info.
HTH
Post here what configurations you did so far so we can help you. It's hard to resolve things without any info.
HTH
42
Installation and Upgrades / Re: OpenVPN Connection Error - TLS Error: TLS handshake failed
« on: September 13, 2012, 02:25:10 am »I had this problem too. My first recommendation would be to kick up the debug level on both sides; it should give you a better idea of what is going wrong. That said, one of the confusing things about OpenVPN is that they have 2 windows clients: the "paid" and the "free" client and the TLS hashing method is different for each client. Check out my post, https://forums.openvpn.net/topic10821.html, at the OpenVPN forums. Hope that helps.
Thank you for taking time to answer. I upgraded the OpenVPN Client from 2.2.0 to 2.2.2, the problem suddenly went away!
However, I cannot browse any Windows network shares but can ping them. Also, I got disconnected automatically after a few minutes.
Any clue on how to resolve?
43
Installation and Upgrades / OpenVPN Connection Error - TLS Error: TLS handshake failed
« on: September 12, 2012, 04:25:17 am »
Hi,
I'm trying to configure OpenVPN using Zentyal 2.2 with Remote VPN Client for the first time following the Zentyal 2.2 Official Document.
I have 3 NIC cards. Gateway are set for Load-balancing/fail-over.
eth0 = WAN1 [PUBLIC STATIC IP ADD]
eth1 = WAN2 [PUBLIC DHCP]
eth2 = LAN
Config Details are as follows:
Zentyal Server:
Server Port: UDP 1194
VPN Address: 192.168.160.0/24
Server Certificicate: vpn-companyxyz
Client Authorizaiton by common name: disabled
NAT: Checked
Allow client-to-client connection: checked
Interface to listen on: All network Interfaces
I created an Advertised network: 192.168.x.x (my LAN)
Firewall:
Zentyal is facing the Internet and functioning as Gateway/Firewall.
- created a Service for OpenVPN on 1194
- created a Packet filter for EXTERNAL NETWORKS TO ZENTYAL to ACCEPT OpenVPN Service to allow ANY Network
- created a Packet filter for EXTERNAL NETWORKS TO INTERNET to ACCEPT OpenVPN Server to the Internal Network from ANY Network
CLIENT PC
- Then Dowloaded client bundle and install on my Laptop. And connection to the Remote Zentyal Server. My laptop is configured with a PUBLIC IP Address. And firewall is currently OFF in Windows 7.
- Put ALL the openvpn bundle to C:\Program Files (x86)\OpenVPN\config
However, I still have this error connecting to the OpenVPN Network.
Wed Sep 12 10:01:54 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 12 10:02:10 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 12 10:02:40 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 12 10:02:40 2012 TLS Error: TLS handshake failed
Wed Sep 12 10:02:40 2012 TCP/UDP: Closing socket
Wed Sep 12 10:02:40 2012 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 12 10:02:40 2012 Restart pause, 2 second(s)
Wed Sep 12 10:02:42 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Wed Sep 12 10:02:42 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Sep 12 10:02:42 2012 Re-using SSL/TLS context
Wed Sep 12 10:02:42 2012 LZO compression initialized
Wed Sep 12 10:02:42 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 12 10:02:42 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 12 10:02:42 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Sep 12 10:02:42 2012 Local Options hash (VER=V4): 'd79ca330'
Wed Sep 12 10:02:42 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed Sep 12 10:02:42 2012 UDPv4 link local: [undef]
Wed Sep 12 10:02:42 2012 UDPv4 link remote: 115.84.xxx.x:1194
Googling for the error suggests a firewall error. However, I already provided the proper firewall policy to allow OpenVPN. I even created a PORT FORWARDING rule to forward request from PORT 1194 to the Zentyal Server but of no avail.
Hope you can shed light on this.
Appreciate any help.
Thanks in advance.
I'm trying to configure OpenVPN using Zentyal 2.2 with Remote VPN Client for the first time following the Zentyal 2.2 Official Document.
I have 3 NIC cards. Gateway are set for Load-balancing/fail-over.
eth0 = WAN1 [PUBLIC STATIC IP ADD]
eth1 = WAN2 [PUBLIC DHCP]
eth2 = LAN
Config Details are as follows:
Zentyal Server:
Server Port: UDP 1194
VPN Address: 192.168.160.0/24
Server Certificicate: vpn-companyxyz
Client Authorizaiton by common name: disabled
NAT: Checked
Allow client-to-client connection: checked
Interface to listen on: All network Interfaces
I created an Advertised network: 192.168.x.x (my LAN)
Firewall:
Zentyal is facing the Internet and functioning as Gateway/Firewall.
- created a Service for OpenVPN on 1194
- created a Packet filter for EXTERNAL NETWORKS TO ZENTYAL to ACCEPT OpenVPN Service to allow ANY Network
- created a Packet filter for EXTERNAL NETWORKS TO INTERNET to ACCEPT OpenVPN Server to the Internal Network from ANY Network
CLIENT PC
- Then Dowloaded client bundle and install on my Laptop. And connection to the Remote Zentyal Server. My laptop is configured with a PUBLIC IP Address. And firewall is currently OFF in Windows 7.
- Put ALL the openvpn bundle to C:\Program Files (x86)\OpenVPN\config
However, I still have this error connecting to the OpenVPN Network.
Wed Sep 12 10:01:54 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 12 10:02:10 2012 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
Wed Sep 12 10:02:40 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 12 10:02:40 2012 TLS Error: TLS handshake failed
Wed Sep 12 10:02:40 2012 TCP/UDP: Closing socket
Wed Sep 12 10:02:40 2012 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 12 10:02:40 2012 Restart pause, 2 second(s)
Wed Sep 12 10:02:42 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Wed Sep 12 10:02:42 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Sep 12 10:02:42 2012 Re-using SSL/TLS context
Wed Sep 12 10:02:42 2012 LZO compression initialized
Wed Sep 12 10:02:42 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 12 10:02:42 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Sep 12 10:02:42 2012 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Sep 12 10:02:42 2012 Local Options hash (VER=V4): 'd79ca330'
Wed Sep 12 10:02:42 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed Sep 12 10:02:42 2012 UDPv4 link local: [undef]
Wed Sep 12 10:02:42 2012 UDPv4 link remote: 115.84.xxx.x:1194
Googling for the error suggests a firewall error. However, I already provided the proper firewall policy to allow OpenVPN. I even created a PORT FORWARDING rule to forward request from PORT 1194 to the Zentyal Server but of no avail.
Hope you can shed light on this.
Appreciate any help.
Thanks in advance.
44
Installation and Upgrades / No Internet on Bridge WAN Interface
« on: September 08, 2012, 07:17:42 am »
Hi,
I'm configuring Zentyal 3.0 RC2 with the EXTERNAL Interface (ETH0) as Bridge (br1) connected to a Cisco Router and has a Private IP addresss of 192.168.100.1. The LAN Interface (ETH1) is Bridged as well to br1.
br1 = 192.168.100.2
192.168.100.1 = Default Gateway for 192.168.100.0/24
The problem is I cannot access the Internet. Is it possible to have a bridged EXTERNAL WAN interface with a Private address?
I can ping 192.168.100.1 from Zentyal without problem but cannot ping the Public IP configured in Cisco. Cisco router has Internet access.
Cisco:
f0/0 = PUBLIC IP ADDRESS
f0/1 = 192.168.100.1
I can establish IPSEC-GRE tunnel to our remote office in Germany but cannot access other network other than that. So it seems the default route is the problem...
I've done lot's of this things to resolve but can't find the solution.
I'll appreciate any thoughts on this.
Thanks alot in advanced.
I'm configuring Zentyal 3.0 RC2 with the EXTERNAL Interface (ETH0) as Bridge (br1) connected to a Cisco Router and has a Private IP addresss of 192.168.100.1. The LAN Interface (ETH1) is Bridged as well to br1.
br1 = 192.168.100.2
192.168.100.1 = Default Gateway for 192.168.100.0/24
The problem is I cannot access the Internet. Is it possible to have a bridged EXTERNAL WAN interface with a Private address?
I can ping 192.168.100.1 from Zentyal without problem but cannot ping the Public IP configured in Cisco. Cisco router has Internet access.
Cisco:
f0/0 = PUBLIC IP ADDRESS
f0/1 = 192.168.100.1
I can establish IPSEC-GRE tunnel to our remote office in Germany but cannot access other network other than that. So it seems the default route is the problem...
I've done lot's of this things to resolve but can't find the solution.
I'll appreciate any thoughts on this.
Thanks alot in advanced.
45
Installation and Upgrades / Re: Disabling Outbound NAT in External Interface
« on: September 04, 2012, 08:48:42 am »We don't have a easy method to do this. Maybe you could remove the nat rules in a postconf hook?.
Is it possible to add this in the future release? As this is normally used in situation where you use public IPs on an internal Interface. And some VoIP implementations.
In Firewall, we can have an option for OUTBOUND. Options are:
1. Manual Outbound NAT rule generation - If enabled, no outbound NAT rules will be automatically generated. Instead only the mappings you specify will be used. If disabled a mapping is automatically created for each interface's subnet (except WAN).
Thank you for a great product!