Messages

46

Installation and Upgrades / Re: Squid cache - how to obtain faster Squid response times?

« on: August 19, 2013, 03:55:10 pm »

For me it was squid-external.mas.conf which after zentyal service restart then writes the changes into /etc/squid3/squid-external.conf where all the necessary lines were.
Now it looks like

Code: [Select]

admins@server:~$ sudo cat /etc/squid3/squid-external.conf



###################################################################################
http_port localhost:3130


visible_hostname (external)HOSTNAME

coredump_dir /var/spool/squid3
cache_effective_user proxy
cache_effective_group proxy
[b]cache_mem 768 MB[/b]
[b]cache_dir aufs /var/spool/squid3 39936 16 256[/b]
maximum_object_size 300 MB
access_log /var/log/squid3/external-access.log squid
cache_log /var/log/squid3/external-cache.log
cache_store_log /var/log/squid3/external-store.log
pid_filename /var/run/squid3-external.pid
[b]memory_pools off
buffered_logs on
client_db off[/b]
dns_nameservers 127.0.0.1 194.19.240.46 212.70.161.27

# refresh patterns

# windows updates
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.update\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.download\.windowsupdate\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims

# linux updates
refresh_pattern http://.*\.archive\.ubuntu\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://(ftp|http)[0-9]*\.[a-z]+\.debian\.org/ 0 80% 20160 reload-into-ims

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

# end refresh patterns





acl_uses_indirect_client on

# no cache domains acl


acl from_localhost src 127.0.0.0/8 ::1
acl to_localhost dst 127.0.0.0/8 ::1
acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
acl SSL_ports port 443          # https, snews
acl SSL_ports port 873              # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563         # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 631             # cups
acl Safe_ports port 777         # multiling http
acl Safe_ports port 873             # rsync
acl Safe_ports port 901             # SWAT

acl CONNECT method CONNECT
acl purge method PURGE


follow_x_forwarded_for allow from_localhost
log_uses_indirect_client on

http_access allow manager to_localhost

http_access deny manager
http_access deny purge
http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports
http_access allow from_localhost

# we use firewall to deny clients from the outside
http_access allow all





always_direct allow to_localhostLines between [ b][ /b] were modified, sorry for that.
Also modified the fs to reiserfs and mounted it with noatime and notail options. Transparent proxy seems to run more fluid to me now.
Another good find - if you

Code: [Select]

sudo service zentyal squid stop than it immediately acts as a router and not forces the traffic to go trough proxy.

47

Installation and Upgrades / Re: openvpn with multiple clients

« on: August 13, 2013, 05:34:32 pm »

I have certificates like {vpn-client, vpn-client-2, vpn-client-3...}. And as much clients as I need. Works like a charm.

48

Installation and Upgrades / Re: Zentyal y Hamachi

« on: August 13, 2013, 05:33:15 pm »

Why hamachi? OpenVPN is the best way around.

49

Installation and Upgrades / Re: OpenVPN - clients all have the same local IP

« on: August 13, 2013, 05:32:21 pm »

You must add more than one VPN client at VPN->Clients Then each client will have different IP address. I always do like that, I believe that connecting trough VPN as one client can cause problems.

50

Installation and Upgrades / Re: Can' use SQUID behind a vpn connection

« on: August 12, 2013, 06:29:57 pm »

It doesn't work behind VPN. Just tested, just like 2.2 and 2.3. You have to maybe modify config files to get that working as far as I can tell.

51

Installation and Upgrades / Re: Squid cache - how to obtain faster Squid response times?

« on: August 12, 2013, 06:24:01 pm »

Simply restart zentyal squid service and stubs take place? Nice!
Thanks! Will try out.

52

Installation and Upgrades / Re: Squid cache - how to obtain faster Squid response times?

« on: August 12, 2013, 05:00:59 pm »

gotta pull this topic up

- Use reiserFS for the cache dir as it performs better with small files (Ubuntu12 support reiserFS I lazily assume)
- Use aufs for populating the cache dir instead of ufs
- Use more memory for Squid so less physical storage is used (that would need hacking into config files)

These things I want to set up myself. So reiserfs in Zentyal 12.04 is really better than ext4 (with small files)? And also I should add noatime and notail options in fstab (where the reiserfs partition should be mounted on /var/spool/squid3) And changing ufs to aufs and increasing memory limit means changing Zentyal stub files. Now there comes a question. Under /usr/share/zentyal/stubs/squid there are squid.conf.mas and squid-external.conf.mas. Which is the right one for modifying cache_dir and memory limit? And which is the best way to restart/reconfigure squid so it can take the changes from the stub files?

53

Installation and Upgrades / Re: Can' use SQUID behind a vpn connection

« on: August 12, 2013, 03:08:55 pm »

From 2.2 I remember that squid2 via tcp port was available and working only trough internal networks.
Now when using 3.0 I use transparent proxy and actually I wonder if it work trough vpn when I set the default gateway to my server address.

54

Installation and Upgrades / Re: Firewall Configuration for VPN and Zentyal

« on: August 08, 2013, 01:39:51 pm »

If you meant "certain network devices" as certain networks, like 10.0.0.0/24, then I supouse you can do that VPN->Servers , select your server, then Advertised Networks. I'm not quite sure, but there you can add networks which can later be accessed from VPN client.
Am I right?

55

Installation and Upgrades / Re: No internet access

« on: August 07, 2013, 08:52:12 pm »

I recently installed Zentyal with 2 network cards (one internal, one external) to work as a gateway. After first configuration there was all connectivity needed except internet over internal networks. So what I did was restarting the server, maybe reconfiguring the interfaces one more time, thats all - it started working. But somehow at first try it didn't work.

56

Installation and Upgrades / Getting Zentyal 3.0 UPS module to work.

« on: August 07, 2013, 06:40:26 pm »

Hi. I got Orvaldi 620GE UPS and it should be compatible with upsmon and Linux in general (as nuts support all ups upsmart did , then it still should be supported), thats what the manufactuers homepage says about this specific model. It has 1 RS232 port and the Zentyal server also has 1 RS232 port. I have the RS232 wire hooked up and configured the UPS module like this:

And the error message is Error: Driver not connected and there are broadcasts in terminal that orvaldi@server is offline.
A snip of syslog

Aug  7 11:50:16 server upsd[7033]: listening on 127.0.0.1 port 3493
Aug  7 11:50:16 server upsd[7033]: Can't connect to UPS [orvaldi] (blazer_ser-orvaldi): No such file or directory
Aug  7 11:50:16 server upsd[7034]: Startup successful
Aug  7 11:50:16 server upsmon[7036]: Startup successful
Aug  7 11:50:16 server upsd[7034]: User upsmon@127.0.0.1 logged into UPS [orvaldi]
Aug  7 11:50:16 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:50:16 server upsmon[7037]: Communications with UPS orvaldi@localhost lost
Aug  7 11:50:21 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:50:21 server upsmon[7037]: UPS orvaldi@localhost is unavailable
Aug  7 11:50:26 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:50:54  upsmon[7037]: last message repeated 5 times
Aug  7 11:50:56 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:01 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:06 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:11 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:38  upsmon[7037]: last message repeated 5 times
Aug  7 11:51:41 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:46 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:51 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:51:56 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:52:35  upsmon[7037]: last message repeated 7 times
Aug  7 11:52:36 server upsmon[7037]: Poll UPS [orvaldi@localhost] failed - Driver not connected
Aug  7 11:53:41  upsmon[7037]: last message repeated 13 times
Aug  7 11:54:24  upsmon[7037]: last message repeated 8 times

Broadcast messages:

Broadcast Message from nut@server
        (somewhere) at 14:22 ...

Communications with UPS orvaldi@localhost lost


Broadcast Message from nut@server
        (somewhere) at 14:22 ...

UPS orvaldi@localhost is unavailable

,
Sorry for posting in the wrong section before.  Also today I had very fancy behavior when changing UPS driver, I set it to genericups and as soon as nuts start - the server starts to shut down. The recovery console helped this time (removed /etc/init.d/nuts).
I don't know much about rs232 ports in Linux so maybe there is something i'm doing wrong or a fix or a way to look. In near future we are planning to buy a new UPS, maybe someone can share of what UPS works best with zentyal?
Thanks.

57

Installation and Upgrades / Re: New internet connection is slow

« on: August 06, 2013, 02:10:46 pm »

Anytime something acts funny after I make a change, I try rebooting first.

This is really first thing to do. Sometimes the services tends to act strange after lots of reconfigurations.

58

Installation and Upgrades / Re: VPN doesn't work when the port is set to 1194/UDP

« on: August 06, 2013, 02:06:46 pm »

Yeah, I figured that out already. The VPN started working for me after the internal network connection loss problems disapeared.

59

Installation and Upgrades / [SOLVED?]VPN doesn't work when the port is set to 1194/UDP

« on: August 01, 2013, 06:17:01 pm »

Hi. I mentioned this in a other thread, but I have a problem with VPN. Recently we bought a new server to our office and I started preconfiguring it. Some days ago I brought it to our office and plugged in, did basic ip config and it works very well and I have a lot of services running with no problems. Altrough there is now a little problem with VPN.
When I set a port which is not 1194/udp (default openvpn port) the VPN seems to work (clients are able to connect from the internet), but with 1194 set the traffic of my internal interface (eth1) stops (clients of eth1 cant access anything) and there is no access to VPN. After messing up with it now the internal network works (!) with port set to 1194/udp, but there seems still to be a problem with firewall as far as I can tell.
When I set the port to 1194 and do

Code: [Select]

sudo iptables -L | grep 1194then it outputs nothing, when I set the port to 1195 for example then

Code: [Select]

sudo iptables -L | grep 1195outputs the firewall rule. When I was preconfiguring the server at home, the VPN worked trough 1195 with no problems.

The problem is that our ISP has a firewall and allows to the internet only HTTP traffic over port 80/443 and VPN traffic over 1194. I have to deal with ISP in order to properly forward the new port (lets say 1195), which is a mess so I would prefer to get the old 1194 working.  Anyway it should have worked by default, but somehow it doesnt.
Anyways I'm having a pretty great expirience with Zentyal 3.0 and I am pretty impressed of all the new features it has. Also tried the transparent proxy thing which was unplanned and it is very responsive and hope it will be stable, because I had issues with squid in Zentyal 2.2, had to increase some url stuff (cant remember now) to make it not to hang when the usage was high.

60

Installation and Upgrades / Re: Using Zentyal server as Gateway (and allow internet traffic)

« on: July 31, 2013, 08:51:07 pm »

Hi again. Still the port thing doesnt work. When I assign 1195 to VPN service, then it works fine, but when 1194 is set, then it seems not to add the firewall rule. The internet connection somehow now seems to work.

Code: [Select]

sudo iptables -L | grep 1194doesnt output anything when 1194 is set, but

Code: [Select]

sudo iptables -L | grep 1195outputs the correct entry.