Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - cyberstudio

Pages: [1] 2
1
Installation and Upgrades / I keep getting squid errors
« on: January 22, 2015, 02:56:56 pm »
Hi guys!

From like a month ago im getting constant and random squid errors. Sometimes you're browsing normally and then you get this error:
Quote
This cache is in the process of shutting down and can not service your request at this time. Please retry your request again soon.

or this one:
Quote
Zero Sized Reply

Squid did not receive any data for this request.

or this one:
Quote
Read Error

The system returned: (104) Connection reset by peer

An error condition occurred while reading data from the network. Please retry your request.

When that happens, i keep pressing F5 (refresh) and i keep getting errors (One of those, randomly) until suddenly the request works and the page loads normally. Sometimes you need to press F5 10 times or so.

If you're browsing on 5 tabs, you may get the problem on one of them, while you can continue browsing on the other 4.

Im running a transparent proxy, with the checkbox "ad blocking" checked, my cache size is 8192mb
looking at my cache.log, i can see huuuuundreds and hundreds of:
Quote
ERROR: No forward-proxy ports configured.
i don't know if that is related or not.

My squid.conf is:
Quote
http_port 0.0.0.0:3128 intercept

visible_hostname (frontal)inabima-gw01.inabimasd.local
coredump_dir /var/spool/squid3
cache_effective_user proxy
cache_effective_group proxy
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log
cache_store_log /var/log/squid3/store.log

pid_filename /var/run/squid3.pid


cache_peer 127.0.0.1 parent 3129 0 no-query proxy-only login=*:nopassword

auth_param basic realm Zentyal HTTP proxy
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v3 -b DC=inabimasd,DC=local -f "(&(samAccountName=%s)(objectclass=user))" -p 3268 -D CN=zentyal-squid-inabima-gw01,CN=Users,DC=inabimasd,DC=local -w AYbgZYC6HWEjFvTe7Gdd -P
external_acl_type ldapgroup  ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v3 -b DC=inabimasd,DC=local   -p 3268 -D CN=zentyal-squid-inabima-gw01,CN=Users,DC=inabimasd,DC=local -w AYbgZYC6HWEjFvTe7Gdd -P -F "(&(samAccountName=%s)(objectclass=user))" -f  "(&(samAccountName=%g)(objectclass=group)(member=%u))"


acl_uses_indirect_client on
acl authorized proxy_auth REQUIRED

acl from_localhost src 127.0.0.0/8 ::1
acl to_localhost dst 127.0.0.0/8 ::1

acl fltr1~ext urlpath_regex -i .mp3$
acl fltr1~mime rep_mime_type -i ^application/java-vm$
acl fltr1~df~dmn33 dstdomain .ascodevida.com
acl fltr1~df~dmn32 dstdomain .mekstream.com
acl fltr1~df~dmn31 dstdomain .mek4.mekstream.com
acl fltr1~df~dmn30 dstdomain .emisoradominicana.net
acl fltr1~df~dmn29 dstdomain .animeflv.net
acl fltr1~df~dmn28 dstdomain .scribd.com
acl fltr1~df~dmn27 dstdomain .canalesdominicano.com
acl fltr1~df~dmn26 dstdomain .telemicro.com.do
acl fltr1~df~dmn25 dstdomain .instagram.com
acl fltr1~df~dmn24 dstdomain .musicatube.net
acl fltr1~df~dmn23 dstdomain .dicelacancion.net
acl fltr1~df~dmn22 dstdomain .genteflow.com
acl fltr1~df~dmn21 dstdomain .paradaurbana.net
acl fltr1~df~dmn20 dstdomain .downflow.net
acl fltr1~df~dmn19 dstdomain .flowactivo.com
acl fltr1~df~dmn18 dstdomain .lomasrankiao.com
acl fltr1~df~dmn17 dstdomain .iexalead.com
acl fltr1~df~dmn16 dstdomain .isearchspace.com
acl fltr1~df~dmn15 dstdomain .nuevaq.net
acl fltr1~df~dmn14 dstdomain .sonicomp3.com
acl fltr1~df~dmn13 dstdomain .fullhumor.com
acl fltr1~df~dmn12 dstdomain .gamerfuzion.com
acl fltr1~df~dmn11 dstdomain .mrhookah.com
acl fltr1~df~dmn10 dstdomain .dhookah.blogspot.com
acl fltr1~df~dmn9 dstdomain .youtubereloaded.com
acl fltr1~df~dmn8 dstdomain .elmismogolpe.com
acl fltr1~df~dmn7 dstdomain .screencast.com
acl fltr1~df~dmn6 dstdomain .ooyala.com
acl fltr1~df~dmn5 dstdomain .jigsawplanet.com
acl fltr1~df~dmn4 dstdomain .intercambiosvirtuales.org
acl fltr1~df~dmn3 dstdomain .figureord.com
acl fltr1~df~dmn2 dstdomain .conquista.91.com
acl fltr1~df~dmn1 dstdomain .91huo.com
acl Dominios~dc~virusinfected~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/virusinfected/domains.squid"
acl Dominios~dc~remote-control~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/remote-control/domains.squid"
acl Dominios~dc~entertainment~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/entertainment/domains.squid"
acl Dominios~dc~sexuality~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/sexuality/domains.squid"
acl Dominios~dc~dating~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/dating/domains.squid"
acl Dominios~dc~mixed_adult~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/mixed_adult/domains.squid"
acl Dominios~dc~audio-video~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/audio-video/domains.squid"
acl Dominios~dc~weapons~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/weapons/domains.squid"
acl Dominios~dc~webmail~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/webmail/domains.squid"
acl Dominios~dc~radio~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/radio/domains.squid"
acl Dominios~dc~manga~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/manga/domains.squid"
acl longAcl~1 dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/instantmessaging/domains.squid"
acl Dominios~dc~hacking~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/hacking/domains.squid"
acl Dominios~dc~gambling~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/gambling/domains.squid"
acl Dominios~dc~filesharing~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/filesharing/domains.squid"
acl Dominios~dc~filehosting~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/filehosting/domains.squid"
acl Dominios~dc~violence~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/violence/domains.squid"
acl Dominios~dc~malware~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/malware/domains.squid"
acl Dominios~dc~social_networks~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/social_networks/domains.squid"
acl Dominios~dc~chat~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/chat/domains.squid"
acl longAcl~2 dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/socialnetworking/domains.squid"
acl Dominios~dc~phishing~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/phishing/domains.squid"
acl Dominios~dc~adult~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/adult/domains.squid"
acl Dominios~dc~proxy~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/proxy/domains.squid"
acl Dominios~dc~onlinegames~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/onlinegames/domains.squid"
acl Dominios~dc~dialers~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/dialers/domains.squid"
acl Dominios~dc~warez~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/warez/domains.squid"
acl Dominios~dc~celebrity~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/celebrity/domains.squid"
acl Dominios~dc~hunting~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/hunting/domains.squid"
acl Dominios~dc~mail~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/mail/domains.squid"
acl Dominios~dc~humor~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/humor/domains.squid"
acl Dominios~dc~games~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/games/domains.squid"
acl Dominios~dc~porn~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/porn/domains.squid"
acl Dominios~dc~drugs~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/drugs/domains.squid"

http_access allow to_localhost
follow_x_forwarded_for allow from_localhost
http_access allow from_localhost
forwarded_for on
log_uses_indirect_client on
always_direct allow to_localhost

# force clients to use squid-external
never_direct allow all


##
## ACLs from model rules
##
acl obj~objc1 src 10.0.0.226/32 10.0.0.134/32 10.0.0.88/32 10.0.0.223/32 10.0.0.100/32 10.0.0.224/32 10.0.0.92/32 10.0.0.221/32 10.0.0.222/32 10.0.0.24/32
acl obj~objc1 src 10.0.0.168/32
##
## Access
##

http_access allow  obj~objc1
http_access deny  all fltr1~ext
http_reply_access deny  all fltr1~mime
http_access deny  all fltr1~df~dmn33
http_access deny  all fltr1~df~dmn32
http_access deny  all fltr1~df~dmn31
http_access deny  all fltr1~df~dmn30
http_access deny  all fltr1~df~dmn29
http_access allow  all fltr1~df~dmn28
http_access deny  all fltr1~df~dmn27
http_access deny  all fltr1~df~dmn26
http_access deny  all fltr1~df~dmn25
http_access deny  all fltr1~df~dmn24
http_access deny  all fltr1~df~dmn23
http_access deny  all fltr1~df~dmn22
http_access deny  all fltr1~df~dmn21
http_access deny  all fltr1~df~dmn20
http_access deny  all fltr1~df~dmn19
http_access deny  all fltr1~df~dmn18
http_access deny  all fltr1~df~dmn17
http_access deny  all fltr1~df~dmn16
http_access deny  all fltr1~df~dmn15
http_access deny  all fltr1~df~dmn14
http_access deny  all fltr1~df~dmn13
http_access deny  all fltr1~df~dmn12
http_access deny  all fltr1~df~dmn11
http_access deny  all fltr1~df~dmn10
http_access deny  all fltr1~df~dmn9
http_access deny  all fltr1~df~dmn8
http_access deny  all fltr1~df~dmn7
http_access deny  all fltr1~df~dmn6
http_access deny  all fltr1~df~dmn5
http_access deny  all fltr1~df~dmn4
http_access deny  all fltr1~df~dmn3
http_access deny  all fltr1~df~dmn2
http_access deny  all fltr1~df~dmn1
http_access deny  all Dominios~dc~adult~dom
http_access deny  all Dominios~dc~audio-video~dom
http_access deny  all Dominios~dc~celebrity~dom
http_access deny  all Dominios~dc~chat~dom
http_access deny  all Dominios~dc~dating~dom
http_access deny  all Dominios~dc~dialers~dom
http_access deny  all Dominios~dc~drugs~dom
http_access deny  all Dominios~dc~entertainment~dom
http_access deny  all Dominios~dc~filehosting~dom
http_access deny  all Dominios~dc~filesharing~dom
http_access deny  all Dominios~dc~gambling~dom
http_access deny  all Dominios~dc~games~dom
http_access deny  all Dominios~dc~hacking~dom
http_access deny  all Dominios~dc~humor~dom
http_access deny  all Dominios~dc~hunting~dom
http_access deny  all longAcl~1
http_access deny  all Dominios~dc~mail~dom
http_access deny  all Dominios~dc~malware~dom
http_access deny  all Dominios~dc~manga~dom
http_access deny  all Dominios~dc~mixed_adult~dom
http_access deny  all Dominios~dc~onlinegames~dom
http_access deny  all Dominios~dc~phishing~dom
http_access deny  all Dominios~dc~porn~dom
http_access deny  all Dominios~dc~proxy~dom
http_access deny  all Dominios~dc~radio~dom
http_access deny  all Dominios~dc~remote-control~dom
http_access deny  all Dominios~dc~sexuality~dom
http_access deny  all Dominios~dc~social_networks~dom
http_access deny  all longAcl~2
http_access deny  all Dominios~dc~violence~dom
http_access deny  all Dominios~dc~virusinfected~dom
http_access deny  all Dominios~dc~warez~dom
http_access deny  all Dominios~dc~weapons~dom
http_access deny  all Dominios~dc~webmail~dom
http_access allow  all


##
## Default policy
##
# All acces denied by default if no other allow rule matchs
http_access deny all
# reply access allowed if not denied before
http_reply_access allow all
'

I dont know where to start. ahy help please? thanks!

2
Hi guys! There's something that i dont get, and that's my question: Why its Zentyal based on ubuntu, and sometimes not even on the LTS branch?

The upgrade process from 3.3 to 3.4 its a real pain (im not able to upgrade yet... lots of errors), and i think that many of those problems came as a result of the underlying distribution upgrade. As you know, zentyal 3.4 its not just a new zentyal version, but also based on a new ubuntu release, so the upgrade process needs to upgrade the Zentyal packages and also the distribution packages.

I have nothing against ubuntu. What i dont understand is why Zentyal uses Ubuntu 13.10 for Zentyal 3.4? That's madness! Ubuntu 13.10 has his end of life on July 2014! That's a few weeks away already.

The TLS branches seems more suited for Zentyal, Even Centos looks like a better choice.

3
Hi.

I have a production zentyal server (A VM on ESXi). This server was running zentyal 3.2 and was upgraded to zentyal 3.3 without any problems a few months ago. Yesterday i was trying to upgrade to zentyal 3.4, so i made an snapshot prior to trying (and thanks god that i did).

During the automated process i saw multiple errors on the update log, and the last message was "Zentyal upgrade failed. Full log at /var/log/zentyal/upgrade.log." so i had to revert back to my pre-update snapshot.

These where the errors that i got during the update process.

The first one...
Quote
Preparing to replace suricata 1.1.1-1 (using .../suricata_1.4.3-1_amd64.deb) ...
 * NFQUEUE support not found !
 * Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: warning: subprocess old pre-removal script returned error exit status 5
dpkg: trying script from the new package instead ...
 * NFQUEUE support not found !
 * Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb (--unpack):
 subprocess new pre-removal script returned error exit status 5
 * NFQUEUE support not found !
 * Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "start" failed.
dpkg: error while cleaning up:
 subprocess installed post-installation script returned error exit status 5

Another one...
Quote
Errors were encountered while processing:
 /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Forcing pending packages installation...

Quote
The following packages will be upgraded:
  suricata
E: Could not open file descriptor -1
E: Prior errors apply to /var/cache/apt/archives/libcgi-emulate-psgi-perl_0.15-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libapache-logformat-compiler-perl_0.12-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libdevel-stacktrace-ashtml-perl_0.11-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libfile-sharedir-perl_1.03-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libfilesys-notify-simple-perl_0.12-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libhash-multivalue-perl_0.12-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libpath-class-perl_0.32-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libyaml-perl_0.84-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libhttp-body-perl_1.17-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libhttp-tiny-perl_0.034-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libmodule-refresh-perl_0.17-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libstream-buffered-perl_0.2-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libtest-requires-perl_0.07-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libtest-sharedfork-perl_0.19-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libtest-tcp-perl_2.00-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libplack-perl_1.0028-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libplack-middleware-reverseproxy-perl_0.14-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libplack-middleware-session-perl_0.14-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libpgm-5.1-0_5.1.118-1~dfsg-0.1ubuntu1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/libzmq1_2.2.0+dfsg-4_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/uwsgi-core_1.9.13-4build1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/uwsgi-plugin-psgi_1.9.13-4build1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/libsoap-transport-http-plack-perl_0.03-1_all.deb
debconf: apt-extracttemplates failed: No such file or directory


Quote
Preparing to replace suricata 1.1.1-1 (using .../suricata_1.4.3-1_amd64.deb) ...
 * NFQUEUE support not found !
 * Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: warning: subprocess old pre-removal script returned error exit status 5
dpkg: trying script from the new package instead ...
 * NFQUEUE support not found !
 * Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb (--unpack):
 subprocess new pre-removal script returned error exit status 5
 * NFQUEUE support not found !
 * Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "start" failed.
dpkg: error while cleaning up:
 subprocess installed post-installation script returned error exit status 5
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Errors were encountered while processing:
 /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Quote
dpkg: dependency problems prevent configuration of zentyal-remoteservices:
 zentyal-remoteservices depends on libsoap-transport-http-plack-perl; however:
  Package libsoap-transport-http-plack-perl is not installed.

dpkg: error processing zentyal-remoteservices (--configure):
 dependency problems - leaving unconfigured

Quote
Installing new version of config file /etc/init.d/collectd ...
 * Starting statistics collection and monitoring daemon collectd
   ...fail!

(Maybe not an error?)
Quote
Setting up openvpn (2.3.2-4ubuntu1) ...
 * Restarting virtual private network daemon(s)...
 *   Stopping VPN 'Inabima-central'
   ...done.
 *   Restarting VPN 'Inabima-central'
grep: /etc/openvpn/Inabima-central.conf: No such file or directory
grep: /etc/openvpn/Inabima-central.conf: No such file or directory
grep: /etc/openvpn/Inabima-central.conf: No such file or directory
grep: /etc/openvpn/Inabima-central.conf: No such file or directory

Quote
dpkg: error processing suricata (--configure):
 Package is in a very bad inconsistent state - you should
 reinstall it before attempting configuration.

Quote
dpkg: dependency problems prevent configuration of zentyal-ips:
 zentyal-ips depends on suricata; however:
  Package suricata is not configured yet.

dpkg: error processing zentyal-ips (--configure):
 dependency problems - leaving unconfigured

Quote
Configuration file `/etc/collectd/collectd.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
 ==> Keeping old config file as default.
 * Restarting statistics collection and monitoring daemon collectd
   ...fail!

(Maybe not an error?)
Quote
Installing new version of config file /etc/default/openbsd-inetd ...
 * Stopping internet superserver inetd
   ...done.
 * Not starting internet superserver: no services enabled

Warning
Quote
Installing new version of config file /etc/init.d/ddclient ...
update-rc.d: warning:  stop runlevel arguments (1) do not match ddclient Default-Stop values (0 1 6)

Quote
Setting up dansguardian (2.10.1.1-5) ...
Installing new version of config file /etc/init.d/dansguardian ...
/var/log/dansguardian
 * Starting DansGuardian dansguardian
   ...fail!
invoke-rc.d: initscript dansguardian, action "start" failed.
WARNING: Starting dansguardian failed. Please check your configuration.

Quote
Installing new version of config file /etc/ldap/schema/README ...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.28+51~precise1... done.
Not starting slapd: SLAPD_NO_START set in /etc/default/slapd

Quote
econnecting to redis server (1 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN1> line 1.
Reconnecting to redis server (2 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN2> line 1.
Reconnecting to redis server (3 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN3> line 1.
Reconnecting to redis server (4 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN4> line 1.
Redis command 'get remoteservices/conf/RemoteSupportAccess/keys/form' failed: [get] ERR wrong number of arguments for 'get' command,  at /usr/share/perl5/Redis.pm line 513
        Redis::__read_response_r('Redis=HASH(0x46c86f0)', 'get') called at /usr/share/perl5/Redis.pm line 493
        Redis::__read_response('Redis=HASH(0x46c86f0)', 'get') called at /usr/share/perl5/Redis.pm line 256
        Redis::__run_cmd('Redis=HASH(0x46c86f0)', 'get', 0, 0, 0, 'remoteservices/conf/RemoteSupportAccess/keys/form') called at /usr/share/perl5/EBox/Config/Redis.pm line 455
        eval {...} called at /usr/share/perl5/EBox/Config/Redis.pm line 451
        EBox::Config::Redis::_redis_call('EBox::Config::Redis=HASH(0x2dd4bd8)', 'get', 'remoteservices/conf/RemoteSupportAccess/keys/form') called at /usr/share/perl5/EBox/Config/Redis.pm line 126
        EBox::Config::Redis::get('EBox::Config::Redis=HASH(0x2dd4bd8)', 'remoteservices/conf/RemoteSupportAccess/keys/form', undef) called at /usr/share/perl5/EBox/Module/Config.pm line 559
        EBox::Module::Config::get('EBox::RemoteServices=HASH(0x458f8e8)', 'RemoteSupportAccess/keys/form') called at /usr/share/perl5/EBox/Model/DataForm.pm line 207
        EBox::Model::DataForm::_rowStored('EBox::RemoteServices::Model::RemoteSupportAccess=HASH(0x46c8450)') called at /usr/share/perl5/EBox/Model/DataForm.pm line 195
        EBox::Model::DataForm::row('EBox::RemoteServices::Model::RemoteSupportAccess=HASH(0x46c8450)') called at /usr/share/perl5/EBox/Model/DataForm.pm line 650
        EBox::Model::DataForm::AUTOLOAD('EBox::RemoteServices::Model::RemoteSupportAccess=HASH(0x46c8450)') called at /usr/share/perl5/EBox/RemoteServices.pm line 2100
        EBox::RemoteServices::extraSudoerUsers('EBox::RemoteServices=HASH(0x458f8e8)') called at /usr/share/zentyal/sudoers-friendly line 41
dpkg: error processing zentyal-core (--configure):
 subprocess installed post-installation script returned error exit status 255
dpkg: dependency problems prevent configuration of zentyal-services:
 zentyal-services depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-services depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-services (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-antivirus:
 zentyal-antivirus depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-antivirus depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-antivirus (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-monitor:
 zentyal-monitor depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-monitor depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-monitor (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-software:
 zentyal-software depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-software depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-software (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ntp:
 zentyal-ntp depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-ntp depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-ntp (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ca:
 zentyal-ca depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-ca depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-ca (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-trafficshaping:
 zentyal-trafficshaping depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-trafficshaping depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-trafficshaping (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-users:
 zentyal-users depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-users depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-users depends on zentyal-ntp; however:
  Package zentyal-ntp is not configured yet.

dpkg: error processing zentyal-users (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-jabber:
 zentyal-jabber depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-jabber depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-jabber depends on zentyal-users; however:
  Package zentyal-users is not configured yet.

dpkg: error processing zentyal-jabber (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-objects:
 zentyal-objects depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-objects depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-objects (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-dns:
 zentyal-dns depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-dns depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-dns (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-bwmonitor:
 zentyal-bwmonitor depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-bwmonitor depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.

dpkg: error processing zentyal-bwmonitor (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-firewall:
 zentyal-firewall depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-firewall depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-firewall depends on zentyal-objects; however:
  Package zentyal-objects is not configured yet.
 zentyal-firewall depends on zentyal-services; however:
  Package zentyal-services is not configured yet.

dpkg: error processing zentyal-firewall (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-openvpn:
 zentyal-openvpn depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-openvpn depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-openvpn depends on zentyal-firewall; however:
  Package zentyal-firewall is not configured yet.
 zentyal-openvpn depends on zentyal-ca; however:
  Package zentyal-ca is not configured yet.

dpkg: error processing zentyal-openvpn (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-network:
 zentyal-network depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-network depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-network depends on zentyal-objects; however:
  Package zentyal-objects is not configured yet.
 zentyal-network depends on zentyal-services; however:
  Package zentyal-services is not configured yet.

dpkg: error processing zentyal-network (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-l7-protocols:
 zentyal-l7-protocols depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-l7-protocols depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-l7-protocols depends on zentyal-trafficshaping; however:
  Package zentyal-trafficshaping is not configured yet.

dpkg: error processing zentyal-l7-protocols (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ipsec:
 zentyal-ipsec depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-ipsec depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-ipsec depends on zentyal-firewall; however:
  Package zentyal-firewall is not configured yet.

dpkg: error processing zentyal-ipsec (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-squid:
 zentyal-squid depends on zentyal-core (>= 3.4); however:
  Package zentyal-core is not configured yet.
 zentyal-squid depends on zentyal-core (<< 3.5); however:
  Package zentyal-core is not configured yet.
 zentyal-squid depends on zentyal-firewall; however:
  Package zentyal-firewall is not configured yet.
 zentyal-squid depends on zentyal-users; however:
  Package zentyal-users is not configured yet.

dpkg: error processing zentyal-squid (--configure):
 dependency problems - leaving unconfigured
Processing triggers for libc-bin ...
Processing triggers for ca-certificates ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-3.8.0-38-generic
Processing triggers for ureadahead ...
Errors were encountered while processing:
 zentyal-remoteservices
 suricata
 zentyal-ips
 zentyal-core
 zentyal-services
 zentyal-antivirus
 zentyal-monitor
 zentyal-software
 zentyal-ntp
 zentyal-ca
 zentyal-trafficshaping
 zentyal-users
 zentyal-jabber
 zentyal-objects
 zentyal-dns
 zentyal-bwmonitor
 zentyal-firewall
 zentyal-openvpn
 zentyal-network
 zentyal-l7-protocols
 zentyal-ipsec
 zentyal-squid

Zentyal upgrade failed. Full log at /var/log/zentyal/upgrade.log.

After all these errors i reverted back to my stable snapshot, and everything is fine, but i cant upgrade to 3.4. To me, this is a bug in the upgrade process because this is a dedicated zentyal box without anything else, so it should work.

Will this upgrade process work? or we are on our own?

4
Hi!

I have a zentyal server running on my network since 2 years ago (2.2.9) and its running great. But, i want to upgrade from it to the latest stable release (3.0). The problem is, i have  LOTS of OpenVPN users across the globe, and i dont want to issue new certificates, configs etc to them. That will be very disruptive for my time. I dont care if i have to configure the entire server from 0, but i dont want to configure each openvpn client again.

My plan is to install the new zentyal using the same external ip as the old, so my clients can keep their config files without modifications, but, what can i do about the certificates? Im somewhat lost on that part  ???

5
Installation and Upgrades / Bug? Firewall rules do nothing...
« on: August 03, 2012, 08:09:00 pm »
I have a machine (10.0.0.58) and i what to block all kind of internet access to that machine. I have these rules in place:





But, anyway the machine can access the internet :\ Its like the firewall do nothing. Maybe im doing something wrong?

The machine has Zentyal as its gateway. Also, transparent proxy is enabled.

6
Hi guys.

I have a very strange problem: From time to time, some of the computers on my network (nearly 50) cant ping my zentyal box.
 Its working... then bang! that machine cant ping zentyal. Then, a few minutes later... it can ping it again. Its so strange because zentyal CAN ping the machine... Its just the machine that cant.

It happens with a lot of machines. while one machine cant see zentyal, another can. And then, that one cant, and then, it can again.

Its random.

This is the ifconfig of the zentyal box:

Quote
root@gateway:/home/testnetwork# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:56:a4:47:84 
          inet addr:10.0.0.249  Bcast:10.0.0.255  Mask:255.255.255.0 <-------- THIS ONE IS INTERNAL
          inet6 addr: fe80::250:56ff:fea4:4784/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:32345 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19288 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3793058 (3.7 MB)  TX bytes:5827075 (5.8 MB)

eth1      Link encap:Ethernet  HWaddr 00:50:56:a4:47:85   <----- THIS IS EXTERNAL
          inet addr:10.0.1.3  Bcast:10.0.1.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fea4:4785/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:30854 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13011 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:22446208 (22.4 MB)  TX bytes:1047058 (1.0 MB)

eth2      Link encap:Ethernet  HWaddr 00:50:56:a4:47:86   <--------------- EXTERNAL
          inet addr:190.8.44.13  Bcast:190.8.44.15  Mask:255.255.255.248
          inet6 addr: fe80::250:56ff:fea4:4786/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:124756 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76646 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:161530175 (161.5 MB)  TX bytes:5448906 (5.4 MB)

eth3      Link encap:Ethernet  HWaddr 00:50:56:a4:47:87  <--------------- EXTERNAL
          inet addr:192.168.14.4  Bcast:192.168.14.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fea4:4787/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14970 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1219177 (1.2 MB)  TX bytes:6748 (6.7 KB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1196431 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1196431 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:120292327 (120.2 MB)  TX bytes:120292327 (120.2 MB)

and this is the ipconfig of the machine that can't ping zentyal:

Quote
Windows IP Configuration

   Host Name . . . . . . . . . . . . : srv-infra
   Primary Dns Suffix  . . . . . . . : test.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : test.local

Ethernet adapter Local:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-4B-0D-61
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.0.250(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.249
   DNS Servers . . . . . . . . . . . : 10.0.0.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2282D9A7-BAA2-4CD2-B880-B24848D0B242}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


Please, help me :\ this is driving me and my users crazy

7
Installation and Upgrades / Cant connect to zentyal Cloud
« on: July 19, 2012, 05:35:18 pm »
Hi guys!

My server cant connect to zentyal cloud. This is the log:

Quote
Thu Jul 19 11:28:33 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Thu Jul 19 11:28:33 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jul 19 11:28:33 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jul 19 11:28:33 2012 WARNING: file '/etc/openvpn/R_D_SRVS_0ecd94bcd.conf.d/certificateKey' is group or others accessible
Thu Jul 19 11:28:33 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Jul 19 11:28:33 2012 LZO compression initialized
Thu Jul 19 11:28:33 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jul 19 11:28:33 2012 RESOLVE: NOTE: vpn1.cloud.zentyal.com resolves to 2 addresses, choosing one by random
Thu Jul 19 11:28:33 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jul 19 11:28:33 2012 Local Options hash (VER=V4): '31fdf004'
Thu Jul 19 11:28:33 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Jul 19 11:28:33 2012 Attempting to establish TCP connection with [AF_INET]92.243.29.87:1194 [nonblock]
Thu Jul 19 11:28:34 2012 TCP connection established with [AF_INET]92.243.29.87:1194
Thu Jul 19 11:28:34 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jul 19 11:28:34 2012 TCPv4_CLIENT link local (bound): [AF_INET]10.0.1.2:39174
Thu Jul 19 11:28:34 2012 TCPv4_CLIENT link remote: [AF_INET]92.243.29.87:1194
Thu Jul 19 11:28:34 2012 TLS: Initial packet from [AF_INET]92.243.29.87:1194, sid=4182ad81 55139262
Thu Jul 19 11:28:36 2012 VERIFY OK: depth=1, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=Certification_Authority_Certificate
Thu Jul 19 11:28:36 2012 VERIFY OK: depth=0, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=vpn1.cloud.zentyal.com
Thu Jul 19 11:28:41 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 19 11:28:41 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 19 11:28:41 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 19 11:28:41 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 19 11:28:41 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jul 19 11:28:41 2012 [vpn1.cloud.zentyal.com] Peer Connection Initiated with [AF_INET]92.243.29.87:1194
Thu Jul 19 11:28:43 2012 SENT CONTROL [vpn1.cloud.zentyal.com]: 'PUSH_REQUEST' (status=1)
Thu Jul 19 11:28:43 2012 AUTH: Received AUTH_FAILED control message
Thu Jul 19 11:28:43 2012 TCP/UDP: Closing socket
Thu Jul 19 11:28:43 2012 SIGTERM[soft,auth-failure] received, process exiting

As you can see, there's an "AUTH_FAILED" message. My credentials are right (I have triple checked). I can log to zentyal cloud using those credentials.

On Subscriptions -> Server Subscription, the server name is "sdinabima" (Lower case, without the quotes), and the server's hostname is "zentyal" (Again, lower case, without quotes).

I have subscribed/unsubscribed the server, changed his name, deleted the server on zentyal cloud page... but nothing.

On the Dashboard i see "Connection status: Not connected. Check VPN logs in /var/log/openvpn/"

Any help?

8
Hi guys!

Look at this: Lets say we have an user, named "User1":

Inside the network:
================
1) User1 open his browser
2) The browser asks User1 his username and password
3) He puts his user/password and then he tries to open Facebook
4) The proxy filters the request, and deny the access

Outside the network (Using PPTP)
=================
The same 3 first steps happen here too, but on step4, the proxy ALLOWS the access to Facebook...


Look at this screenshot:


So, to keep it short: If the user is inside the network (10.0.0.X) the proxy works as i want: Ask password and filter
BUT if the user is connected using VPN (pptp) the proxy asks the password BUT allows access to everywhere! :\

why? any light?

9
Installation and Upgrades / Zentyal keeps changing my "Default" Gateway
« on: November 15, 2011, 03:08:40 pm »
Hi guys!

I have a small problem. I have 3 gateways. Lets say:
Gateway1, Gateway2 and Gateway3.

Gateway1 is an adsl router with a 6mb connection.
Gateway2 is a T1 connection.
Gateway3 is a connection with another company... something like an intranet. That gateway has NO internet access at all, and is only used to access an specific intranet website.

Taking that into account, i have a setup like this:
Gateway1: Weight 15
Gateway2: Weight 15
Gateway3: (The intranet one) Weight 1

What im trying to do is.. route all traffic equally through Gateway1 and Gateway2, and ignore Gateway3.

I have a Multiwan rule that specify: All traffic that goes to the intranet with the other company, should pass only through Gateway3. That's the only use for Gateway3

The problem is: If i set Gateway1 or gateway2 as "Default", after a while, zentyal ignores that, and sets Gateway3 as the default gateway  ???, and when that happens, browsing the internet on my network is extremely slow!. I have to set Gateway1 or Gateway2 as default to solve the problem... until Zentyal sets Gateway3 as default (again) and the cycle continues.

Any suggestion?








10
Right now, im in "Maintenance -> Logs -> Firewall -> Full Report

But, there's nothing logged, from any date to any date... nothing. And on the botton it says "There are no logs for this domain "

Other modules are logging data just fine.

A forum search didn't show anything related.

11
Hi guys!

I want to know... is it possible to connect my Zentyal server to a VPN, and use that VPN connection as a gateway? This makes sense?  ???

12
Installation and Upgrades / PPTP" and "IPSec rules [SOLVED]
« on: November 09, 2011, 01:15:44 am »
Sorry for the "off topic" but, can you please tell me what are the rules that you have inside these services?

"PPTP" and "IPSec"

Please! That may help me a lot with a problem.

Thanks

/edit: I split this post off since it was off topic. Next time please create a new topic. Robb

13
Hi guys!

This one is killing me! I have 3 users that need to stablish a vpn connection (Using internet) from time to time to use a banking system. Before i installed zentyal, my network was like this:

ADSL Router: 10.0.0.1, and my clients where from 10.0.0.10 to 10.0.0.250. no firewall or anything. Just a "normal" network.

Like that, the VPN connection worked.

Now that zentyal is between the users and the internet, they cant establish the connection. It stays at "Verifyng user and password"

I have tried this:

1) Firewall rules (Filtering rules for internal networks):
I have a rule that is like this: from 10.0.0.62 (One of the clients) to any, using any service, ACCEPT.

any help? What im missing?

14
Hi guys! Me again.


Right now my proxy is working, including filters, users, groups etc, but i have a question:

On my network, you can bypass my proxy just by not using it  :-\.

My users should be able to browse the internet only if they are using the proxy. No proxy? No access. that's what i want.

On ClearOS, there is a clever solution to this: If you try to browse the internet without the proxy, the only thing that you get is a ClearOS page, indicating that you need to use the proxy to get access. That page, also tells you the ip of the proxy and the port.

How can i do that? At least, block the access to those not using the proxy

15
Hi guys

I want to know if is possible to configure the dhcp server to asign dynamic ip leases only to known mac addresses? I want to do that because i want to prohibit network access to unknown computers.

Pages: [1] 2