Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Other modules / Re: Site-To-Site VPN using Zentyal and Other Linux like Ubuntu
« on: August 15, 2017, 10:42:26 pm »
VPN > Servers > [Local server name] > Configuration
There's an option under there titled "Allow Zentyal-to-Zentyal tunnels" which I believe is what you're looking for.
You should be aware that OpenVPN is a bug-ridden pile of **** though - see https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
If you can afford it, it might be worth getting a couple of Sonicwalls instead. You can pick up used NSA-220's for cheap and they have six gigabit interfaces, even a TZ-210 would probably be fine as long as you don't need to push more than 100mbps over the VPN.
Here's what a proper VPN interface looks like for ref
There's an option under there titled "Allow Zentyal-to-Zentyal tunnels" which I believe is what you're looking for.
You should be aware that OpenVPN is a bug-ridden pile of **** though - see https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
If you can afford it, it might be worth getting a couple of Sonicwalls instead. You can pick up used NSA-220's for cheap and they have six gigabit interfaces, even a TZ-210 would probably be fine as long as you don't need to push more than 100mbps over the VPN.
Here's what a proper VPN interface looks like for ref
2
Other modules / Re: Local DNS server not local resolver
« on: August 15, 2017, 10:22:00 pm »
To be honest I'm struggling to understand what you mean but it sounds like either:
* You have not checked "Enable transparent DNS cache" right at the top of the DNS page
* You haven't added any forwarders. I mean I guess you don't have to, but that's kind of what people do. I would recommend OpenNIC as they're actually trustworthy.
* You've messed up your settings on the WAN interface. You say that DHCP is enabled on that interface - you should only be using that option if you're plugging directly into an ISP-provided outlet. If you're plugging into a router then just set it up statically and save yourself a load of grief.
* You've messed up your DHCP options on the LAN side. Go to DHCP > Primary Nameserver and set it to "Zentyal DNS". 127.0.0.1 points at the local machine and so you definitely don't wont your clients trying to resolve against themselves.
* You have not checked "Enable transparent DNS cache" right at the top of the DNS page
* You haven't added any forwarders. I mean I guess you don't have to, but that's kind of what people do. I would recommend OpenNIC as they're actually trustworthy.
* You've messed up your settings on the WAN interface. You say that DHCP is enabled on that interface - you should only be using that option if you're plugging directly into an ISP-provided outlet. If you're plugging into a router then just set it up statically and save yourself a load of grief.
* You've messed up your DHCP options on the LAN side. Go to DHCP > Primary Nameserver and set it to "Zentyal DNS". 127.0.0.1 points at the local machine and so you definitely don't wont your clients trying to resolve against themselves.
3
Other modules / Re: Setting persistent nameserver in /etc/resolv.conf
« on: August 15, 2017, 10:06:14 pm »
/etc/resolv.conf is a symlink nowadays and is managed by resolvconf.
Couple of options - /etc/resolvconf.conf (or /etc/resolvconf.d/ depending on distro) contains the config for resolvconf - you can specify custom DNS servers, domains and whatever else in here.
If you find that it's still misbehaving though, the easiest thing may be to just delete the /etc/resolv.conf symlink and replace it with a real file which contains the settings you want it to have. I would just add a note at the top of resolv.conf explaining what you've done and why.
Couple of options - /etc/resolvconf.conf (or /etc/resolvconf.d/ depending on distro) contains the config for resolvconf - you can specify custom DNS servers, domains and whatever else in here.
If you find that it's still misbehaving though, the easiest thing may be to just delete the /etc/resolv.conf symlink and replace it with a real file which contains the settings you want it to have. I would just add a note at the top of resolv.conf explaining what you've done and why.
4
Other modules / Re: No Internet, DNS not resolving
« on: August 15, 2017, 09:59:33 pm »
Can I assume that you've added some forwarders under DNS / Forwarders in the Zentyal admin console? If not, then that's your problem. Add 8.8.8.8 and 8.8.4.4 (Google DNS) for testing's sake, but ideally I would strongly recommend that you use OpenNIC servers: https://www.opennic.org/ (you'll see four IP addresses under the "find out more" button.
Assuming that your clients are Windows;
* open a command prompt on one of them, type the following and press enter. This tests DNS resolution against your client's default DNS server:
* nslookup bbc.co.uk
Now try again and explicitly provide the address of your Zentyal server to look up against
* nslookup bbc.co.uk [ip-address-of-zentyal]
* e.g. nslookup 192.168.1.1
Then try a a final time time with a public DNS server:
* nslookup bbc.co.uk 8.8.8.8
Post results back here
Assuming that your clients are Windows;
* open a command prompt on one of them, type the following and press enter. This tests DNS resolution against your client's default DNS server:
* nslookup bbc.co.uk
Now try again and explicitly provide the address of your Zentyal server to look up against
* nslookup bbc.co.uk [ip-address-of-zentyal]
* e.g. nslookup 192.168.1.1
Then try a a final time time with a public DNS server:
* nslookup bbc.co.uk 8.8.8.8
Post results back here
5
Other modules / Re: IDS/IPS
« on: August 15, 2017, 09:45:17 pm »
It's just linux (specifically noobuntu). apt and repos work as normal so just install and configure what you need.
6
Other modules / Firewall blocking internal host
« on: August 15, 2017, 09:41:18 pm »
I've just replaced an internal server - same IP, OS, and config - just a different MAC address.
The new server was able to get a DHCP lease from my Zentyal 5.0 instance and seemed to be working fine until I changed the IP of the new server to match that of the one which it was replacing (it's out of the DHCP scope). Immediately after making this change, I was no longer able to resolve DNS against Zentyal (yes my resolv.conf is fine). I nmap'd Zentyal (ports 1-65535) from the new server and it showed absolutely nothing open. I have the firewall module enabled in Zentyal but it's all at defaults and it only has an internal-facing interface.
Other devices on the same network have continued to be able to resolve against and see open ports on Zentyal as normal.
There is no obvious UI option in Zentyal regarding blocking MACs which are spoofing IPs so, as a test, I just disabled the firewall module completely. Immediately upon doing this I can see open ports on Zentyal from my new server and resolve DNS against it.
Is this a bug or is it a feature which doesn't have a UI option to turn it on and off?
The new server was able to get a DHCP lease from my Zentyal 5.0 instance and seemed to be working fine until I changed the IP of the new server to match that of the one which it was replacing (it's out of the DHCP scope). Immediately after making this change, I was no longer able to resolve DNS against Zentyal (yes my resolv.conf is fine). I nmap'd Zentyal (ports 1-65535) from the new server and it showed absolutely nothing open. I have the firewall module enabled in Zentyal but it's all at defaults and it only has an internal-facing interface.
Other devices on the same network have continued to be able to resolve against and see open ports on Zentyal as normal.
There is no obvious UI option in Zentyal regarding blocking MACs which are spoofing IPs so, as a test, I just disabled the firewall module completely. Immediately upon doing this I can see open ports on Zentyal from my new server and resolve DNS against it.
Is this a bug or is it a feature which doesn't have a UI option to turn it on and off?
Pages: [1]