Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - nicolasdiogo

Pages: 1 ... 4 5 [6] 7 8 ... 18
76
hello,

i got this installation with 2 VPN setups
VPN 1 - uses subnet 192.168.3.0/24
VPN 2 - uses subnet 192.168.121.0/24

the system also has eth0 connected to internet through a modem.  And;
 eth1 connected to 192.168.4.0/24
eth2 connected to 192.168.120.0/24

i am trying to allow users of VPN 1 to have access to *all* subnets and
limit users of VPN 2 to have access *only*  to 192.168.120.0/24 and other users in VPN2 (192.168.121.0/24)

On the configuration page of both VPN server  have chosen to 'Enable it to allow client machines of this VPN to see each other'
for VPN 1, i have added under 'List of Advertised Networks ',  all subnet available
for VPN 2,i have added under 'List of Advertised Networks ', *only* subnet 192.168.120.0/24

i have also added a firewall rule in 'Filtering rules for internal networks' that block any traffic with source in either  192.168.120.0/24  OR  192.168.121.0/24  (using an network-object) with destination in either  192.168.3.0/24 OR  192.168.4.0/24 (using an network-object) .

- Here is the problem:

if i use VPN 1 and try to connect to server 192.168.4.10, it fails.
which should be available
in my laptop (client VPN), i see:
Code: [Select]
~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
80.x.x.x        10.6.6.6        255.255.255.255 UGH   0      0        0 ppp0
10.6.6.6        0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 tap0
192.168.4.0     192.168.3.1     255.255.255.0   UG    0      0        0 tap0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 ppp0
0.0.0.0         10.6.6.6        0.0.0.0         UG    0      0        0 ppp0

and can ping Zentyal VPN server, and access the web-gui.  If i run a traceroute using the diagnosis page - i get positive results, like
Code: [Select]
traceroute to 192.168.3.10 (172.28.80.254), 30 hops max, 60 byte packets
 1  192.168.3.10  0.164 ms  0.059 ms  0.065 ms

but from my laptop it fails.

the only way to solve this problem (not ideal) is to enable NAT on the VPN configuration.

could someone have a suggestion on how to enable VPN clients to connect to intranet server *without* using NAT on the VPN setup?

many thanks,


Nicolas


77
Installation and Upgrades / Re: Need help on network design/VPN
« on: April 27, 2011, 12:37:02 pm »
you will need an external NIC in subnet 192.168.10.0/24 (eg:  192.168.10.1 as you suggested)
then for the intranet - create another subnet which is managed by Zentyal - like 10.8.98.0/24 or any subnet under "24-bit block", see:
http://en.wikipedia.org/wiki/Private_network

but you will need Zentyal to run DHCP, VPN modules to setup your VPN correctly.
check the docs on howto setup - you might want to create network objects:
http://doc.zentyal.org/en/dhcp.html

78
Spanish / Re: Problemas y mas problemas...
« on: April 27, 2011, 12:00:10 am »
haz installado el module Proxy (Squid)?

y esta utilisando el proxy con 'transparent' ?

me parece mucha gente le ha intentado ayudarle - ya que el problema suele ser algo en la configuración.

vamos por el basico:
eth0 - connection externa (esta definida con un TICK)
eth1 - internal (no hay un TICK)

haz puesto un 'gateway' en Network > Gateway
esto debe de ser (normalmente) la módem que conecta con la Internet.

luego intente sacar todas a reglas de filtragen:
Firewall > Packet Filter > Internal networks

 para averiguar si hay conection.


NOTE: haga una 'backup' de su configuration actual antes de cambiar algo.
system > import/export configuration
después intente cambiar como quiera - si necesite, utilice la 'backup' para arreglar el sistema

79
Installation and Upgrades / Re: Multiple Server setup
« on: April 26, 2011, 06:45:35 pm »
OK - let me have a think about this.

80
Spanish / Re: camara interna [SOLUCIONADO]
« on: April 26, 2011, 10:05:33 am »
gracias

podria decir se haz hecho algo en Zentyal?


81
Installation and Upgrades / Re: Multiple Server setup
« on: April 21, 2011, 10:24:54 am »
hi andy

you will need to have mail and groupware modules int the same installation.
however, you will have to allow this remote install to gain access to your local one to enable LDAP exchanges - a bit risky - but if you have static ip you should mnimise it.

but what are you actually asking?

82
Spanish / Re: Relacion de todos los ficheros de configuracion
« on: April 20, 2011, 12:16:27 pm »
seguro que quierez cambiar zentyal sin utilizar su web-GUI

aun que cambies algo tendra que entender que cualquier cambio echo en Zentyal web-GUI podra limpiar sus cambios.

por esto es que nadie ha respondido a su question.


84
thanks for your time.

i figure tha t i should have a single DMZ subnet
create a new subnet for the servers to be isolated and then create firewall rules to constrain the new subnet so that it would not have access to the rest of the network.

85
Installation and Upgrades / has anyone used or tested Resara.org ?
« on: April 16, 2011, 01:54:41 pm »
has anyone tested this system

http://www.resara.org/index.php/features

could you share your views about it?

thanks,

86
that is too bad..

i think i have a valid situation that would require this.
i have a gateway, mail/file-server, and ldap that support a network with 2 subnets that should be kept separated.

thus i need the same network objects used in all 3 installations.

could it be something to add to our wish-list?

thanks,

87
sorry for the lateness

for completeness;
if you want to have LDAP separated you will need to have it on its own (that is the way it works)
 no other module that use the User  and Group will be possible

if you have two server - install
Users and Groups in one
and all other services - however, for security i would agree that a File-Server is better off split from the gateway.

Note: on your  the server using Users and Group you will have to add a firewall rule to allow the other Zentyal Servers to connect to LDAP

- the best way to do this is to create an object (eg:  ZentyalServersClientsLDAP) and add your Zentyal installations that need access to the Users and Group Module (LDAP).
then add this group to your Firewall -> Packet Filter ->  Internal networks to Zentyal

- then on your Zentyal installation that has the DNS module (which will be servicing your network) create a Domain (eg:  my-office)  and add your Zentyal installation in there.  Enter their names and IPs (eg: zentyal-office-gateway, 192.168.2.1)

- on the zentyal-office-gateway, edit their name under System -> general -> change hostname
enter, in this case: zentyal-office-gateway. my-office
save changes and try connecting to your Users and Group Server.

hope this helps





88
Installation and Upgrades / Re: Network connections doesn't work
« on: April 01, 2011, 04:00:25 pm »
i am no iptables expert either

but you could flush (delete) your iptables and reboot zentyal
which should reset then as per rules that you defined through the webgui

89
where is eth1?

it does not appear on your interface file

besides i am not sure if zentyal understands bonded interfaces - it might try to use the real NIC instead.  i do not know.

90
Installation and Upgrades / Re: Network connections doesn't work
« on: April 01, 2011, 01:59:45 pm »
hi,

not sure about this
Quote
nmap doesn't say anything because it can't see the server.

you seem to have answered your query here - if you can not 'see' the server you can not go through it and access internet.
can you run this on client
tracepath 192.168.13.1




Pages: 1 ... 4 5 [6] 7 8 ... 18