This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: Making sense of OpenVPN's problematic configuration
« on: March 28, 2011, 03:14:35 am »
No problem.
2
Installation and Upgrades / Unable to change or remove IP address because of non-existent Gateway
« on: March 18, 2011, 04:37:15 am »
My question is the same as http://trac.zentyal.org/ticket/1804.
I keep getting "The requested operation will cause one of the configured gateways to become unreachable. Please remove it first if you really want to make this change." and there is only an auto-configured Gateway setup in the Gateway list. The auto-configured one is from the ISP on a different interface and has no relation to this one. What's going on here, why is it saying this? It would be really nice to be able to change that static internal IP to DHCP.
I keep getting "The requested operation will cause one of the configured gateways to become unreachable. Please remove it first if you really want to make this change." and there is only an auto-configured Gateway setup in the Gateway list. The auto-configured one is from the ISP on a different interface and has no relation to this one. What's going on here, why is it saying this? It would be really nice to be able to change that static internal IP to DHCP.
3
Installation and Upgrades / Making sense of OpenVPN's problematic configuration
« on: March 13, 2011, 01:53:33 pm »
I finally figured out every single thing which caused me problems in OpenVPN in Zentyal the last 2 years. I installed pfSense 2.0 in another machine and through this horrid OpenVPN experience, I discovered everything associated with such connections.
Bridging is the way to go for OpenVPN. In this way, everything works as it normally would if all the machines were connected via hubs and switches. Should you setup an OpenVPN server in Zentyal or pfSense, you will have to use routed--rather than bridged--mode.
All operating systems, excluding Windows 7 and Zentyal Ubuntu 10.04, have very low firewall standards. This is why, when using routed mode, so long as you push a route to your internal network (Advertised Network in Zentyal's config), DNS, WINS, and NetBIOS, you should have no problems getting machines to talk to each other. The key to getting this to work in Windows Vista is to set the Gateway for the VPN adapter to the OpenVPN server's local address. This allows you to change it from a Public to Home network and will make things talk and play nicely together. Bring into play Windows 7 and Zentyal Ubuntu 10.04 and things get tricky.
From what I've found, Windows 7 specifically does not allow accessing of certain functions such as file sharing and ICMP from IPs which are not in the local subnet. This means that if you're VPN network is 2.2.2.0/24 and your local is 1.1.1.0/24, then Windows 7 will not allow the connection. Zentyal is a little bit different because of how the firewall changed over time. I have not done enough research to figure this out. I do know if your Zentyal machine is the OpenVPN server, you have full connection, but if it's another machine on the network, then this causes problems because of Zentyal's firewall.
My solution around this was to enable NAT. Zentyal has this feature as a simple checkbox, and it is not something done in the OpenVPN configuration file. While enabling NAT prevents two-way communication from happening, it does allow you to access both Windows 7 and Zentyal services from the outside, the VPN client machine. This works because the IP address is seen as the OpenVPN server's local IP address allowing you to only have to modify your OpenVPN server's settings instead of the firewall rules on all of your machines.
Now, if you want to access machines connected via OpenVPN, I recommend you change those settings on the individual machines and make sure to disable NAT in that case. Another method you might wanna try is a client-to-client connection. Enable VPN on one of your internal machines (don't forget to make a firewall rule for your internal network) and enable client-to-client VPN connections in Zentyal. In this way, you should be able to have both machines now able to speak to each other as they're both in the same subnet and both on the VPN together. Strange, but it works.
Bridging is the way to go for OpenVPN. In this way, everything works as it normally would if all the machines were connected via hubs and switches. Should you setup an OpenVPN server in Zentyal or pfSense, you will have to use routed--rather than bridged--mode.
All operating systems, excluding Windows 7 and Zentyal Ubuntu 10.04, have very low firewall standards. This is why, when using routed mode, so long as you push a route to your internal network (Advertised Network in Zentyal's config), DNS, WINS, and NetBIOS, you should have no problems getting machines to talk to each other. The key to getting this to work in Windows Vista is to set the Gateway for the VPN adapter to the OpenVPN server's local address. This allows you to change it from a Public to Home network and will make things talk and play nicely together. Bring into play Windows 7 and Zentyal Ubuntu 10.04 and things get tricky.
From what I've found, Windows 7 specifically does not allow accessing of certain functions such as file sharing and ICMP from IPs which are not in the local subnet. This means that if you're VPN network is 2.2.2.0/24 and your local is 1.1.1.0/24, then Windows 7 will not allow the connection. Zentyal is a little bit different because of how the firewall changed over time. I have not done enough research to figure this out. I do know if your Zentyal machine is the OpenVPN server, you have full connection, but if it's another machine on the network, then this causes problems because of Zentyal's firewall.
My solution around this was to enable NAT. Zentyal has this feature as a simple checkbox, and it is not something done in the OpenVPN configuration file. While enabling NAT prevents two-way communication from happening, it does allow you to access both Windows 7 and Zentyal services from the outside, the VPN client machine. This works because the IP address is seen as the OpenVPN server's local IP address allowing you to only have to modify your OpenVPN server's settings instead of the firewall rules on all of your machines.
Now, if you want to access machines connected via OpenVPN, I recommend you change those settings on the individual machines and make sure to disable NAT in that case. Another method you might wanna try is a client-to-client connection. Enable VPN on one of your internal machines (don't forget to make a firewall rule for your internal network) and enable client-to-client VPN connections in Zentyal. In this way, you should be able to have both machines now able to speak to each other as they're both in the same subnet and both on the VPN together. Strange, but it works.
4
Installation and Upgrades / Re: How do I fix circular dependencies because of a Zentyal 2.0 update?
« on: December 28, 2010, 03:59:17 pm »
Thanks! I did that and it's fixed now. Wow awesome! I never thought it was that file in particular; thank you.
5
Installation and Upgrades / Re: How do I fix circular dependencies because of a Zentyal 2.0 update?
« on: December 28, 2010, 10:14:51 am »
dpkg's one? Where would that be?
6
Installation and Upgrades / Re: How do I fix circular dependencies because of a Zentyal 2.0 update?
« on: December 21, 2010, 09:13:35 pm »
Except that file doesn't exist.
7
Installation and Upgrades / [SOLVED] How do I fix circular dependencies because of a Zentyal 2.0 update?
« on: December 20, 2010, 11:43:00 pm »
I ran an apt-get update and dist-upgrade about a month ago and this hasn't been fixed even with version 2.0.10 so I dunno what I really should do here. I have circular dependencies and have no way to fix them. I'm assuming a dev would know of a script which can fix this.
Code: [Select]
root@hostname:~# apt-get install ebox
Reading package lists... Done
Building dependency tree
Reading state information... Done
ebox is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
9 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up ebox (2.0.10) ...
Error parsing XML:/var/lib/ebox/gconf.backupdpkg: error processing ebox (--configure):
subprocess installed post-installation script returned error exit status 255
dpkg: dependency problems prevent configuration of ebox-software:
ebox-software depends on ebox (>= 2.0.9); however:
Package ebox is not configured yet.
ebox-software depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-software (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
dpkg: dependency problems prevent configuration of ebox-ca:
ebox-ca depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-ca depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-ca (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
dpkg: dependency problems prevent configuration of ebox-network:
ebox-network depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-network depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-network (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-openvpn:
ebox-openvpn depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-openvpn depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-openvpn depends on ebox-ca; however:
Package ebox-ca is not configured yet.
dpkg: error processing ebox-openvpn (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-remoteservices:
ebox-remoteservices depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-remoteservices depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-remoteservices depends on ebox-openvpn; however:
Package ebox-openvpn is not configured yet.
dpkg: error processing ebox-remoteservices (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-usersandgroups:
ebox-usersandgroups depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-usersandgroups depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
dpkg: error processing ebox-usersandgroups (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-samba:
ebox-samba depends on ebox (>= 2.0.3); however:
Package ebox is not configured yet.
ebox-samba depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-samba depends on ebox-network; however:
Package ebox-network is not configured yet.
ebox-samba depends on ebox-usersandgroups; however:
Package ebox-usersandgroups is not configured yet.
dpkg: error processing ebox-samba (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
dpkg: dependency problems prevent configuration of ebox-webserver:
ebox-webserver depends on ebox (>= 2.0); however:
Package ebox is not configured yet.
ebox-webserver depends on ebox (<< 2.0.100); however:
Package ebox is not configured yet.
ebox-webserver depends on ebox-ca; however:
Package ebox-ca is not configured yet.
dpkg: error processing ebox-webserver (--configure):
dependency problems - leaving unconfigured
No apport report written because MaxReports is reached already
Errors were encountered while processing:
ebox
ebox-software
ebox-ca
ebox-network
ebox-openvpn
ebox-remoteservices
ebox-usersandgroups
ebox-samba
ebox-webserver
E: Sub-process /usr/bin/dpkg returned an error code (1)
8
Installation and Upgrades / Re: How do I export only part of the configuration files?
« on: December 20, 2010, 08:31:27 pm »
What could break?
Just so I know, is there any way to change the eth3 to eth1 in the specific DHCP config file?
Is there anyway I can reconfigure Zentyal manually instead of having to back and reload config files?
One more question, I've noticed the .bak files for the full and configuration backups are different. Why is this?
Just so I know, is there any way to change the eth3 to eth1 in the specific DHCP config file?
Is there anyway I can reconfigure Zentyal manually instead of having to back and reload config files?
One more question, I've noticed the .bak files for the full and configuration backups are different. Why is this?
9
Installation and Upgrades / How do I export only part of the configuration files?
« on: December 20, 2010, 06:26:16 am »
I want to manually move the configuration files from one server over to another, specifically for DHCP, but right now, I cannot figure out where Zentyal looks to load those from.
I have over 50 hosts setup on another machine's eth3 which I want to assign to this machine's eth1 adapter so I just need a way to pull the config file and put it over here.
Last time I used the Backup Configuration from the System menu in Zentyal, it made the server completely inaccessible even from localhost. I would definitely appreciate a way to be able to export only the config files I wanted and modify the interfaces those are associated with so I may put them into another machine as easily as that.
Since this is impossible, where does Zentyal pull these configuration files from when I restart the DHCP service so I can do this manually?
I have over 50 hosts setup on another machine's eth3 which I want to assign to this machine's eth1 adapter so I just need a way to pull the config file and put it over here.
Last time I used the Backup Configuration from the System menu in Zentyal, it made the server completely inaccessible even from localhost. I would definitely appreciate a way to be able to export only the config files I wanted and modify the interfaces those are associated with so I may put them into another machine as easily as that.
Since this is impossible, where does Zentyal pull these configuration files from when I restart the DHCP service so I can do this manually?
10
Installation and Upgrades / Re: [SOLVED] Cannot connect to the Internet from any machine but the Zentyal box
« on: October 31, 2010, 05:48:36 am »
This was only kind of solved. Module network still does not start up but the issue was something with the adapter team on my main rig causing 50000ms pings or higher. The switch got so hot it burned my hand. I wish I had Spanning Tree.
11
Installation and Upgrades / Re: Zentyal Service fail to start
« on: October 31, 2010, 05:45:48 am »
/var/log/ebox/ebox.log
Zentyal network and ca do not work and MySQL is failing as well. I know it's not Zentyal-related, but it might be causing or being an issue.
Code: [Select]
root@main:~# tail -n 40 /var/log/ebox/ebox.log
Error output: iptables: Protocol wrong type for socket
iptables: Protocol wrong type for socket
iptables: Protocol wrong type for socket
Command output: .
Exit value: 1
2010/10/30 23:37:13 ERROR> Service.pm:710 EBox::Module::Service::__ANON__ - Error restarting service: root command /usr/share/ebox-network/ebox-flush-fwmarks
/sbin/ip route flush table 101
/sbin/ip rule add fwmark 1 table 101
/sbin/ip rule add from 64.126.56.1 table 101
/sbin/ip route add default via 64.126.56.1 dev eth0 src 64.126.63.228 table 101
/sbin/ip rule add table main
/sbin/iptables -t mangle -A PREROUTING -m mark --mark 0/0xff -i eth0 -j MARK --set-mark 1
/sbin/iptables -t mangle -A PREROUTING -m mark --mark 0/0xff -j MARK --set-mark 1
/sbin/iptables -t mangle -A OUTPUT -m mark --mark 0/0xff -j MARK --set-mark 1 failed.
Error output: iptables: Protocol wrong type for socket
iptables: Protocol wrong type for socket
iptables: Protocol wrong type for socket
Command output: .
Exit value: 1
2010/10/30 23:37:13 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: firewall
2010/10/30 23:37:17 INFO> Base.pm:798 EBox::Module::Base::_hook - Running hook: /etc/ebox/hooks/firewall.postservice 1
2010/10/30 23:37:17 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: ca
2010/10/30 23:37:17 ERROR> Service.pm:710 EBox::Module::Service::__ANON__ - Error restarting service: Can't call method "title" on an undefined value at /usr/share/perl5/EBox/CA/Model/Certificates.pm line 253.
2010/10/30 23:37:17 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: dhcp
2010/10/30 23:37:19 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: dns
2010/10/30 23:37:22 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: events
2010/10/30 23:37:23 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: logs
2010/10/30 23:37:24 INFO> EventDaemon.pm:301 EBox::EventDaemon::_loadModules - EBox::Event::Dispatcher::Log loaded from registeredDispatchers
2010/10/30 23:37:25 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: ntp
2010/10/30 23:37:26 ERROR> Sudo.pm:212 EBox::Sudo::_rootError - root command /usr/sbin/ntpdate time.windows.com failed.
Error output: 30 Oct 23:37:26 ntpdate[4074]: the NTP socket is in use, exiting
Command output: .
Exit value: 1
2010/10/30 23:37:26 INFO> NTP.pm:123 EBox::NTP::__ANON__ - Error no se pudo lanzar ntpdate
2010/10/30 23:37:26 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: openvpn
2010/10/30 23:37:30 INFO> Service.pm:701 EBox::Module::Service::restartService - Skipping restart for webserver as it's disabled
2010/10/30 23:37:31 INFO> Service.pm:705 EBox::Module::Service::restartService - Restarting service for module: apache
Zentyal network and ca do not work and MySQL is failing as well. I know it's not Zentyal-related, but it might be causing or being an issue.
12
Installation and Upgrades / Re: Zentyal Service fail to start
« on: October 31, 2010, 04:40:56 am »
Mine fails to start as well but I get no error message. I cannot attach the log because I can't access the machine but it's spitting out errors about /usr/share/ebox-network/ebox-flush-fwmarks and some iptable stuff: "Protocol wrong type for socket".
13
Installation and Upgrades / Re: Emergency: Cannot connect to the Internet from any machine but the Zentyal box
« on: October 31, 2010, 04:33:01 am »
When doing /etc/init.d/ebox network restart, it just sits there hanging.
If I let it finish, it says [fail], but I confirmed ALL network adapters are up. DHCP and DNS are not connected it though or else my other computers would have IPs.
If I let it finish, it says [fail], but I confirmed ALL network adapters are up. DHCP and DNS are not connected it though or else my other computers would have IPs.
14
Installation and Upgrades / Re: Emergency: Cannot connect to the Internet from any machine but the Zentyal box
« on: October 31, 2010, 04:27:36 am »
More info, dhcp isn't working (because no computers are getting IPs) even though it said (when I ran /etc/init.d/ebox start) that it was [OK]. When I run /etc/init.d/ebox restart, it just stops all Zentyal items and then stops. Connecting to the Zentyal Cloud VPN fails as well.
15
Installation and Upgrades / [SOLVED] Cannot connect to the Internet from any machine but the Zentyal box
« on: October 31, 2010, 04:25:24 am »
I am having an emergency situation here. This has been happening on and off and I thought I fixed it, but it was just a workaround. My network module always fails to start now and it causes my entire network to fail. Other modules which fail are users and samba. Everything else starts up okay. Oddly enough, I can access my PC from the outside, but not from the inside. The only way I can access it though is at the computer itself because I had previously setup rules so only when VPN'd in or on the LAN could I access it.
What do I do? I cannot get to the Internet because of this. I'd love to just re-image this server but doing that requires an entire day dedicated to this; plus, I'm a home user so that's not really going to be so easy. I have a feeling either eth3 is bad or something about Zentyal 2.0 still has some major bugs since this isn't the first time it's caused me issues.
What do I do? I cannot get to the Internet because of this. I'd love to just re-image this server but doing that requires an entire day dedicated to this; plus, I'm a home user so that's not really going to be so easy. I have a feeling either eth3 is bad or something about Zentyal 2.0 still has some major bugs since this isn't the first time it's caused me issues.