This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / I keep getting squid errors
« on: January 22, 2015, 02:56:56 pm »
Hi guys!
From like a month ago im getting constant and random squid errors. Sometimes you're browsing normally and then you get this error:
or this one:
or this one:
When that happens, i keep pressing F5 (refresh) and i keep getting errors (One of those, randomly) until suddenly the request works and the page loads normally. Sometimes you need to press F5 10 times or so.
If you're browsing on 5 tabs, you may get the problem on one of them, while you can continue browsing on the other 4.
Im running a transparent proxy, with the checkbox "ad blocking" checked, my cache size is 8192mb
looking at my cache.log, i can see huuuuundreds and hundreds of:
My squid.conf is:
I dont know where to start. ahy help please? thanks!
From like a month ago im getting constant and random squid errors. Sometimes you're browsing normally and then you get this error:
Quote
This cache is in the process of shutting down and can not service your request at this time. Please retry your request again soon.
or this one:
Quote
Zero Sized Reply
Squid did not receive any data for this request.
or this one:
Quote
Read Error
The system returned: (104) Connection reset by peer
An error condition occurred while reading data from the network. Please retry your request.
When that happens, i keep pressing F5 (refresh) and i keep getting errors (One of those, randomly) until suddenly the request works and the page loads normally. Sometimes you need to press F5 10 times or so.
If you're browsing on 5 tabs, you may get the problem on one of them, while you can continue browsing on the other 4.
Im running a transparent proxy, with the checkbox "ad blocking" checked, my cache size is 8192mb
looking at my cache.log, i can see huuuuundreds and hundreds of:
Quote
ERROR: No forward-proxy ports configured.i don't know if that is related or not.
My squid.conf is:
Quote
http_port 0.0.0.0:3128 intercept'
visible_hostname (frontal)inabima-gw01.inabimasd.local
coredump_dir /var/spool/squid3
cache_effective_user proxy
cache_effective_group proxy
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log
cache_store_log /var/log/squid3/store.log
pid_filename /var/run/squid3.pid
cache_peer 127.0.0.1 parent 3129 0 no-query proxy-only login=*:nopassword
auth_param basic realm Zentyal HTTP proxy
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v3 -b DC=inabimasd,DC=local -f "(&(samAccountName=%s)(objectclass=user))" -p 3268 -D CN=zentyal-squid-inabima-gw01,CN=Users,DC=inabimasd,DC=local -w AYbgZYC6HWEjFvTe7Gdd -P
external_acl_type ldapgroup ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v3 -b DC=inabimasd,DC=local -p 3268 -D CN=zentyal-squid-inabima-gw01,CN=Users,DC=inabimasd,DC=local -w AYbgZYC6HWEjFvTe7Gdd -P -F "(&(samAccountName=%s)(objectclass=user))" -f "(&(samAccountName=%g)(objectclass=group)(member=%u))"
acl_uses_indirect_client on
acl authorized proxy_auth REQUIRED
acl from_localhost src 127.0.0.0/8 ::1
acl to_localhost dst 127.0.0.0/8 ::1
acl fltr1~ext urlpath_regex -i .mp3$
acl fltr1~mime rep_mime_type -i ^application/java-vm$
acl fltr1~df~dmn33 dstdomain .ascodevida.com
acl fltr1~df~dmn32 dstdomain .mekstream.com
acl fltr1~df~dmn31 dstdomain .mek4.mekstream.com
acl fltr1~df~dmn30 dstdomain .emisoradominicana.net
acl fltr1~df~dmn29 dstdomain .animeflv.net
acl fltr1~df~dmn28 dstdomain .scribd.com
acl fltr1~df~dmn27 dstdomain .canalesdominicano.com
acl fltr1~df~dmn26 dstdomain .telemicro.com.do
acl fltr1~df~dmn25 dstdomain .instagram.com
acl fltr1~df~dmn24 dstdomain .musicatube.net
acl fltr1~df~dmn23 dstdomain .dicelacancion.net
acl fltr1~df~dmn22 dstdomain .genteflow.com
acl fltr1~df~dmn21 dstdomain .paradaurbana.net
acl fltr1~df~dmn20 dstdomain .downflow.net
acl fltr1~df~dmn19 dstdomain .flowactivo.com
acl fltr1~df~dmn18 dstdomain .lomasrankiao.com
acl fltr1~df~dmn17 dstdomain .iexalead.com
acl fltr1~df~dmn16 dstdomain .isearchspace.com
acl fltr1~df~dmn15 dstdomain .nuevaq.net
acl fltr1~df~dmn14 dstdomain .sonicomp3.com
acl fltr1~df~dmn13 dstdomain .fullhumor.com
acl fltr1~df~dmn12 dstdomain .gamerfuzion.com
acl fltr1~df~dmn11 dstdomain .mrhookah.com
acl fltr1~df~dmn10 dstdomain .dhookah.blogspot.com
acl fltr1~df~dmn9 dstdomain .youtubereloaded.com
acl fltr1~df~dmn8 dstdomain .elmismogolpe.com
acl fltr1~df~dmn7 dstdomain .screencast.com
acl fltr1~df~dmn6 dstdomain .ooyala.com
acl fltr1~df~dmn5 dstdomain .jigsawplanet.com
acl fltr1~df~dmn4 dstdomain .intercambiosvirtuales.org
acl fltr1~df~dmn3 dstdomain .figureord.com
acl fltr1~df~dmn2 dstdomain .conquista.91.com
acl fltr1~df~dmn1 dstdomain .91huo.com
acl Dominios~dc~virusinfected~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/virusinfected/domains.squid"
acl Dominios~dc~remote-control~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/remote-control/domains.squid"
acl Dominios~dc~entertainment~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/entertainment/domains.squid"
acl Dominios~dc~sexuality~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/sexuality/domains.squid"
acl Dominios~dc~dating~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/dating/domains.squid"
acl Dominios~dc~mixed_adult~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/mixed_adult/domains.squid"
acl Dominios~dc~audio-video~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/audio-video/domains.squid"
acl Dominios~dc~weapons~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/weapons/domains.squid"
acl Dominios~dc~webmail~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/webmail/domains.squid"
acl Dominios~dc~radio~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/radio/domains.squid"
acl Dominios~dc~manga~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/manga/domains.squid"
acl longAcl~1 dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/instantmessaging/domains.squid"
acl Dominios~dc~hacking~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/hacking/domains.squid"
acl Dominios~dc~gambling~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/gambling/domains.squid"
acl Dominios~dc~filesharing~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/filesharing/domains.squid"
acl Dominios~dc~filehosting~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/filehosting/domains.squid"
acl Dominios~dc~violence~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/violence/domains.squid"
acl Dominios~dc~malware~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/malware/domains.squid"
acl Dominios~dc~social_networks~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/social_networks/domains.squid"
acl Dominios~dc~chat~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/chat/domains.squid"
acl longAcl~2 dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/socialnetworking/domains.squid"
acl Dominios~dc~phishing~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/phishing/domains.squid"
acl Dominios~dc~adult~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/adult/domains.squid"
acl Dominios~dc~proxy~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/proxy/domains.squid"
acl Dominios~dc~onlinegames~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/onlinegames/domains.squid"
acl Dominios~dc~dialers~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/dialers/domains.squid"
acl Dominios~dc~warez~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/warez/domains.squid"
acl Dominios~dc~celebrity~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/celebrity/domains.squid"
acl Dominios~dc~hunting~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/hunting/domains.squid"
acl Dominios~dc~mail~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/mail/domains.squid"
acl Dominios~dc~humor~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/humor/domains.squid"
acl Dominios~dc~games~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/games/domains.squid"
acl Dominios~dc~porn~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/porn/domains.squid"
acl Dominios~dc~drugs~dom dstdomain "/var/lib/zentyal/files/squid/categories/Dominios/blacklists/drugs/domains.squid"
http_access allow to_localhost
follow_x_forwarded_for allow from_localhost
http_access allow from_localhost
forwarded_for on
log_uses_indirect_client on
always_direct allow to_localhost
# force clients to use squid-external
never_direct allow all
##
## ACLs from model rules
##
acl obj~objc1 src 10.0.0.226/32 10.0.0.134/32 10.0.0.88/32 10.0.0.223/32 10.0.0.100/32 10.0.0.224/32 10.0.0.92/32 10.0.0.221/32 10.0.0.222/32 10.0.0.24/32
acl obj~objc1 src 10.0.0.168/32
##
## Access
##
http_access allow obj~objc1
http_access deny all fltr1~ext
http_reply_access deny all fltr1~mime
http_access deny all fltr1~df~dmn33
http_access deny all fltr1~df~dmn32
http_access deny all fltr1~df~dmn31
http_access deny all fltr1~df~dmn30
http_access deny all fltr1~df~dmn29
http_access allow all fltr1~df~dmn28
http_access deny all fltr1~df~dmn27
http_access deny all fltr1~df~dmn26
http_access deny all fltr1~df~dmn25
http_access deny all fltr1~df~dmn24
http_access deny all fltr1~df~dmn23
http_access deny all fltr1~df~dmn22
http_access deny all fltr1~df~dmn21
http_access deny all fltr1~df~dmn20
http_access deny all fltr1~df~dmn19
http_access deny all fltr1~df~dmn18
http_access deny all fltr1~df~dmn17
http_access deny all fltr1~df~dmn16
http_access deny all fltr1~df~dmn15
http_access deny all fltr1~df~dmn14
http_access deny all fltr1~df~dmn13
http_access deny all fltr1~df~dmn12
http_access deny all fltr1~df~dmn11
http_access deny all fltr1~df~dmn10
http_access deny all fltr1~df~dmn9
http_access deny all fltr1~df~dmn8
http_access deny all fltr1~df~dmn7
http_access deny all fltr1~df~dmn6
http_access deny all fltr1~df~dmn5
http_access deny all fltr1~df~dmn4
http_access deny all fltr1~df~dmn3
http_access deny all fltr1~df~dmn2
http_access deny all fltr1~df~dmn1
http_access deny all Dominios~dc~adult~dom
http_access deny all Dominios~dc~audio-video~dom
http_access deny all Dominios~dc~celebrity~dom
http_access deny all Dominios~dc~chat~dom
http_access deny all Dominios~dc~dating~dom
http_access deny all Dominios~dc~dialers~dom
http_access deny all Dominios~dc~drugs~dom
http_access deny all Dominios~dc~entertainment~dom
http_access deny all Dominios~dc~filehosting~dom
http_access deny all Dominios~dc~filesharing~dom
http_access deny all Dominios~dc~gambling~dom
http_access deny all Dominios~dc~games~dom
http_access deny all Dominios~dc~hacking~dom
http_access deny all Dominios~dc~humor~dom
http_access deny all Dominios~dc~hunting~dom
http_access deny all longAcl~1
http_access deny all Dominios~dc~mail~dom
http_access deny all Dominios~dc~malware~dom
http_access deny all Dominios~dc~manga~dom
http_access deny all Dominios~dc~mixed_adult~dom
http_access deny all Dominios~dc~onlinegames~dom
http_access deny all Dominios~dc~phishing~dom
http_access deny all Dominios~dc~porn~dom
http_access deny all Dominios~dc~proxy~dom
http_access deny all Dominios~dc~radio~dom
http_access deny all Dominios~dc~remote-control~dom
http_access deny all Dominios~dc~sexuality~dom
http_access deny all Dominios~dc~social_networks~dom
http_access deny all longAcl~2
http_access deny all Dominios~dc~violence~dom
http_access deny all Dominios~dc~virusinfected~dom
http_access deny all Dominios~dc~warez~dom
http_access deny all Dominios~dc~weapons~dom
http_access deny all Dominios~dc~webmail~dom
http_access allow all
##
## Default policy
##
# All acces denied by default if no other allow rule matchs
http_access deny all
# reply access allowed if not denied before
http_reply_access allow all
I dont know where to start. ahy help please? thanks!
2
Installation and Upgrades / Why its zentyal based on Ubuntu, and sometimes not even on the LTS?
« on: April 23, 2014, 03:34:04 pm »
Hi guys! There's something that i dont get, and that's my question: Why its Zentyal based on ubuntu, and sometimes not even on the LTS branch?
The upgrade process from 3.3 to 3.4 its a real pain (im not able to upgrade yet... lots of errors), and i think that many of those problems came as a result of the underlying distribution upgrade. As you know, zentyal 3.4 its not just a new zentyal version, but also based on a new ubuntu release, so the upgrade process needs to upgrade the Zentyal packages and also the distribution packages.
I have nothing against ubuntu. What i dont understand is why Zentyal uses Ubuntu 13.10 for Zentyal 3.4? That's madness! Ubuntu 13.10 has his end of life on July 2014! That's a few weeks away already.
The TLS branches seems more suited for Zentyal, Even Centos looks like a better choice.
The upgrade process from 3.3 to 3.4 its a real pain (im not able to upgrade yet... lots of errors), and i think that many of those problems came as a result of the underlying distribution upgrade. As you know, zentyal 3.4 its not just a new zentyal version, but also based on a new ubuntu release, so the upgrade process needs to upgrade the Zentyal packages and also the distribution packages.
I have nothing against ubuntu. What i dont understand is why Zentyal uses Ubuntu 13.10 for Zentyal 3.4? That's madness! Ubuntu 13.10 has his end of life on July 2014! That's a few weeks away already.
The TLS branches seems more suited for Zentyal, Even Centos looks like a better choice.
3
Installation and Upgrades / Upgrade Zentyal 3.3.10 to 3.4, fails with multiple errors
« on: April 23, 2014, 03:23:24 pm »
Hi.
I have a production zentyal server (A VM on ESXi). This server was running zentyal 3.2 and was upgraded to zentyal 3.3 without any problems a few months ago. Yesterday i was trying to upgrade to zentyal 3.4, so i made an snapshot prior to trying (and thanks god that i did).
During the automated process i saw multiple errors on the update log, and the last message was "Zentyal upgrade failed. Full log at /var/log/zentyal/upgrade.log." so i had to revert back to my pre-update snapshot.
These where the errors that i got during the update process.
The first one...
Another one...
(Maybe not an error?)
(Maybe not an error?)
Warning
After all these errors i reverted back to my stable snapshot, and everything is fine, but i cant upgrade to 3.4. To me, this is a bug in the upgrade process because this is a dedicated zentyal box without anything else, so it should work.
Will this upgrade process work? or we are on our own?
I have a production zentyal server (A VM on ESXi). This server was running zentyal 3.2 and was upgraded to zentyal 3.3 without any problems a few months ago. Yesterday i was trying to upgrade to zentyal 3.4, so i made an snapshot prior to trying (and thanks god that i did).
During the automated process i saw multiple errors on the update log, and the last message was "Zentyal upgrade failed. Full log at /var/log/zentyal/upgrade.log." so i had to revert back to my pre-update snapshot.
These where the errors that i got during the update process.
The first one...
Quote
Preparing to replace suricata 1.1.1-1 (using .../suricata_1.4.3-1_amd64.deb) ...
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: warning: subprocess old pre-removal script returned error exit status 5
dpkg: trying script from the new package instead ...
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb (--unpack):
subprocess new pre-removal script returned error exit status 5
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "start" failed.
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 5
Another one...
Quote
Errors were encountered while processing:
/var/cache/apt/archives/suricata_1.4.3-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Forcing pending packages installation...
Quote
The following packages will be upgraded:
suricata
E: Could not open file descriptor -1
E: Prior errors apply to /var/cache/apt/archives/libcgi-emulate-psgi-perl_0.15-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libapache-logformat-compiler-perl_0.12-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libdevel-stacktrace-ashtml-perl_0.11-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libfile-sharedir-perl_1.03-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libfilesys-notify-simple-perl_0.12-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libhash-multivalue-perl_0.12-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libpath-class-perl_0.32-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libyaml-perl_0.84-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libhttp-body-perl_1.17-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libhttp-tiny-perl_0.034-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libmodule-refresh-perl_0.17-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libstream-buffered-perl_0.2-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libtest-requires-perl_0.07-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libtest-sharedfork-perl_0.19-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libtest-tcp-perl_2.00-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libplack-perl_1.0028-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libplack-middleware-reverseproxy-perl_0.14-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libplack-middleware-session-perl_0.14-1_all.deb
E: Prior errors apply to /var/cache/apt/archives/libpgm-5.1-0_5.1.118-1~dfsg-0.1ubuntu1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/libzmq1_2.2.0+dfsg-4_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/uwsgi-core_1.9.13-4build1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/uwsgi-plugin-psgi_1.9.13-4build1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb
E: Prior errors apply to /var/cache/apt/archives/libsoap-transport-http-plack-perl_0.03-1_all.deb
debconf: apt-extracttemplates failed: No such file or directory
Quote
Preparing to replace suricata 1.1.1-1 (using .../suricata_1.4.3-1_amd64.deb) ...
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: warning: subprocess old pre-removal script returned error exit status 5
dpkg: trying script from the new package instead ...
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/suricata_1.4.3-1_amd64.deb (--unpack):
subprocess new pre-removal script returned error exit status 5
* NFQUEUE support not found !
* Please ensure the nfnetlink_queue module is loaded or built in kernel
invoke-rc.d: initscript suricata, action "start" failed.
dpkg: error while cleaning up:
subprocess installed post-installation script returned error exit status 5
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Errors were encountered while processing:
/var/cache/apt/archives/suricata_1.4.3-1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Quote
dpkg: dependency problems prevent configuration of zentyal-remoteservices:
zentyal-remoteservices depends on libsoap-transport-http-plack-perl; however:
Package libsoap-transport-http-plack-perl is not installed.
dpkg: error processing zentyal-remoteservices (--configure):
dependency problems - leaving unconfigured
Quote
Installing new version of config file /etc/init.d/collectd ...
* Starting statistics collection and monitoring daemon collectd
...fail!
(Maybe not an error?)
Quote
Setting up openvpn (2.3.2-4ubuntu1) ...
* Restarting virtual private network daemon(s)...
* Stopping VPN 'Inabima-central'
...done.
* Restarting VPN 'Inabima-central'
grep: /etc/openvpn/Inabima-central.conf: No such file or directory
grep: /etc/openvpn/Inabima-central.conf: No such file or directory
grep: /etc/openvpn/Inabima-central.conf: No such file or directory
grep: /etc/openvpn/Inabima-central.conf: No such file or directory
Quote
dpkg: error processing suricata (--configure):
Package is in a very bad inconsistent state - you should
reinstall it before attempting configuration.
Quote
dpkg: dependency problems prevent configuration of zentyal-ips:
zentyal-ips depends on suricata; however:
Package suricata is not configured yet.
dpkg: error processing zentyal-ips (--configure):
dependency problems - leaving unconfigured
Quote
Configuration file `/etc/collectd/collectd.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
==> Keeping old config file as default.
* Restarting statistics collection and monitoring daemon collectd
...fail!
(Maybe not an error?)
Quote
Installing new version of config file /etc/default/openbsd-inetd ...
* Stopping internet superserver inetd
...done.
* Not starting internet superserver: no services enabled
Warning
Quote
Installing new version of config file /etc/init.d/ddclient ...
update-rc.d: warning: stop runlevel arguments (1) do not match ddclient Default-Stop values (0 1 6)
Quote
Setting up dansguardian (2.10.1.1-5) ...
Installing new version of config file /etc/init.d/dansguardian ...
/var/log/dansguardian
* Starting DansGuardian dansguardian
...fail!
invoke-rc.d: initscript dansguardian, action "start" failed.
WARNING: Starting dansguardian failed. Please check your configuration.
Quote
Installing new version of config file /etc/ldap/schema/README ...
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.28+51~precise1... done.
Not starting slapd: SLAPD_NO_START set in /etc/default/slapd
Quote
econnecting to redis server (1 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN1> line 1.
Reconnecting to redis server (2 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN2> line 1.
Reconnecting to redis server (3 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN3> line 1.
Reconnecting to redis server (4 try)... at /usr/share/perl5/EBox/Config/Redis.pm line 479, <GEN4> line 1.
Redis command 'get remoteservices/conf/RemoteSupportAccess/keys/form' failed: [get] ERR wrong number of arguments for 'get' command, at /usr/share/perl5/Redis.pm line 513
Redis::__read_response_r('Redis=HASH(0x46c86f0)', 'get') called at /usr/share/perl5/Redis.pm line 493
Redis::__read_response('Redis=HASH(0x46c86f0)', 'get') called at /usr/share/perl5/Redis.pm line 256
Redis::__run_cmd('Redis=HASH(0x46c86f0)', 'get', 0, 0, 0, 'remoteservices/conf/RemoteSupportAccess/keys/form') called at /usr/share/perl5/EBox/Config/Redis.pm line 455
eval {...} called at /usr/share/perl5/EBox/Config/Redis.pm line 451
EBox::Config::Redis::_redis_call('EBox::Config::Redis=HASH(0x2dd4bd8)', 'get', 'remoteservices/conf/RemoteSupportAccess/keys/form') called at /usr/share/perl5/EBox/Config/Redis.pm line 126
EBox::Config::Redis::get('EBox::Config::Redis=HASH(0x2dd4bd8)', 'remoteservices/conf/RemoteSupportAccess/keys/form', undef) called at /usr/share/perl5/EBox/Module/Config.pm line 559
EBox::Module::Config::get('EBox::RemoteServices=HASH(0x458f8e8)', 'RemoteSupportAccess/keys/form') called at /usr/share/perl5/EBox/Model/DataForm.pm line 207
EBox::Model::DataForm::_rowStored('EBox::RemoteServices::Model::RemoteSupportAccess=HASH(0x46c8450)') called at /usr/share/perl5/EBox/Model/DataForm.pm line 195
EBox::Model::DataForm::row('EBox::RemoteServices::Model::RemoteSupportAccess=HASH(0x46c8450)') called at /usr/share/perl5/EBox/Model/DataForm.pm line 650
EBox::Model::DataForm::AUTOLOAD('EBox::RemoteServices::Model::RemoteSupportAccess=HASH(0x46c8450)') called at /usr/share/perl5/EBox/RemoteServices.pm line 2100
EBox::RemoteServices::extraSudoerUsers('EBox::RemoteServices=HASH(0x458f8e8)') called at /usr/share/zentyal/sudoers-friendly line 41
dpkg: error processing zentyal-core (--configure):
subprocess installed post-installation script returned error exit status 255
dpkg: dependency problems prevent configuration of zentyal-services:
zentyal-services depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-services depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-services (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-antivirus:
zentyal-antivirus depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-antivirus depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-antivirus (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-monitor:
zentyal-monitor depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-monitor depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-monitor (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-software:
zentyal-software depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-software depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-software (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ntp:
zentyal-ntp depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-ntp depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-ntp (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ca:
zentyal-ca depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-ca depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-ca (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-trafficshaping:
zentyal-trafficshaping depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-trafficshaping depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-trafficshaping (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-users:
zentyal-users depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-users depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-users depends on zentyal-ntp; however:
Package zentyal-ntp is not configured yet.
dpkg: error processing zentyal-users (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-jabber:
zentyal-jabber depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-jabber depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-jabber depends on zentyal-users; however:
Package zentyal-users is not configured yet.
dpkg: error processing zentyal-jabber (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-objects:
zentyal-objects depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-objects depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-objects (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-dns:
zentyal-dns depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-dns depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-dns (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-bwmonitor:
zentyal-bwmonitor depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-bwmonitor depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
dpkg: error processing zentyal-bwmonitor (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-firewall:
zentyal-firewall depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-firewall depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-firewall depends on zentyal-objects; however:
Package zentyal-objects is not configured yet.
zentyal-firewall depends on zentyal-services; however:
Package zentyal-services is not configured yet.
dpkg: error processing zentyal-firewall (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-openvpn:
zentyal-openvpn depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-openvpn depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-openvpn depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
zentyal-openvpn depends on zentyal-ca; however:
Package zentyal-ca is not configured yet.
dpkg: error processing zentyal-openvpn (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-network:
zentyal-network depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-network depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-network depends on zentyal-objects; however:
Package zentyal-objects is not configured yet.
zentyal-network depends on zentyal-services; however:
Package zentyal-services is not configured yet.
dpkg: error processing zentyal-network (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-l7-protocols:
zentyal-l7-protocols depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-l7-protocols depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-l7-protocols depends on zentyal-trafficshaping; however:
Package zentyal-trafficshaping is not configured yet.
dpkg: error processing zentyal-l7-protocols (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-ipsec:
zentyal-ipsec depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-ipsec depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-ipsec depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
dpkg: error processing zentyal-ipsec (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of zentyal-squid:
zentyal-squid depends on zentyal-core (>= 3.4); however:
Package zentyal-core is not configured yet.
zentyal-squid depends on zentyal-core (<< 3.5); however:
Package zentyal-core is not configured yet.
zentyal-squid depends on zentyal-firewall; however:
Package zentyal-firewall is not configured yet.
zentyal-squid depends on zentyal-users; however:
Package zentyal-users is not configured yet.
dpkg: error processing zentyal-squid (--configure):
dependency problems - leaving unconfigured
Processing triggers for libc-bin ...
Processing triggers for ca-certificates ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-3.8.0-38-generic
Processing triggers for ureadahead ...
Errors were encountered while processing:
zentyal-remoteservices
suricata
zentyal-ips
zentyal-core
zentyal-services
zentyal-antivirus
zentyal-monitor
zentyal-software
zentyal-ntp
zentyal-ca
zentyal-trafficshaping
zentyal-users
zentyal-jabber
zentyal-objects
zentyal-dns
zentyal-bwmonitor
zentyal-firewall
zentyal-openvpn
zentyal-network
zentyal-l7-protocols
zentyal-ipsec
zentyal-squid
Zentyal upgrade failed. Full log at /var/log/zentyal/upgrade.log.
After all these errors i reverted back to my stable snapshot, and everything is fine, but i cant upgrade to 3.4. To me, this is a bug in the upgrade process because this is a dedicated zentyal box without anything else, so it should work.
Will this upgrade process work? or we are on our own?
4
Installation and Upgrades / Migrate OpenVPN from Zentyal 2.2.9 to Zentyal 3.0??
« on: July 16, 2013, 10:20:40 pm »
Hi!
I have a zentyal server running on my network since 2 years ago (2.2.9) and its running great. But, i want to upgrade from it to the latest stable release (3.0). The problem is, i have LOTS of OpenVPN users across the globe, and i dont want to issue new certificates, configs etc to them. That will be very disruptive for my time. I dont care if i have to configure the entire server from 0, but i dont want to configure each openvpn client again.
My plan is to install the new zentyal using the same external ip as the old, so my clients can keep their config files without modifications, but, what can i do about the certificates? Im somewhat lost on that part
I have a zentyal server running on my network since 2 years ago (2.2.9) and its running great. But, i want to upgrade from it to the latest stable release (3.0). The problem is, i have LOTS of OpenVPN users across the globe, and i dont want to issue new certificates, configs etc to them. That will be very disruptive for my time. I dont care if i have to configure the entire server from 0, but i dont want to configure each openvpn client again.
My plan is to install the new zentyal using the same external ip as the old, so my clients can keep their config files without modifications, but, what can i do about the certificates? Im somewhat lost on that part
5
Installation and Upgrades / Bug? Firewall rules do nothing...
« on: August 03, 2012, 08:09:00 pm »
I have a machine (10.0.0.58) and i what to block all kind of internet access to that machine. I have these rules in place:
But, anyway the machine can access the internet :\ Its like the firewall do nothing. Maybe im doing something wrong?
The machine has Zentyal as its gateway. Also, transparent proxy is enabled.
But, anyway the machine can access the internet :\ Its like the firewall do nothing. Maybe im doing something wrong?
The machine has Zentyal as its gateway. Also, transparent proxy is enabled.
6
Installation and Upgrades / [FIXED!] Nearly mad... From time to time a few machines cant ping zentyal! :\
« on: August 01, 2012, 02:35:39 am »
Hi guys.
I have a very strange problem: From time to time, some of the computers on my network (nearly 50) cant ping my zentyal box.
Its working... then bang! that machine cant ping zentyal. Then, a few minutes later... it can ping it again. Its so strange because zentyal CAN ping the machine... Its just the machine that cant.
It happens with a lot of machines. while one machine cant see zentyal, another can. And then, that one cant, and then, it can again.
Its random.
This is the ifconfig of the zentyal box:
and this is the ipconfig of the machine that can't ping zentyal:
Please, help me :\ this is driving me and my users crazy
I have a very strange problem: From time to time, some of the computers on my network (nearly 50) cant ping my zentyal box.
Its working... then bang! that machine cant ping zentyal. Then, a few minutes later... it can ping it again. Its so strange because zentyal CAN ping the machine... Its just the machine that cant.
It happens with a lot of machines. while one machine cant see zentyal, another can. And then, that one cant, and then, it can again.
Its random.
This is the ifconfig of the zentyal box:
Quote
root@gateway:/home/testnetwork# ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:a4:47:84
inet addr:10.0.0.249 Bcast:10.0.0.255 Mask:255.255.255.0 <-------- THIS ONE IS INTERNAL
inet6 addr: fe80::250:56ff:fea4:4784/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32345 errors:0 dropped:0 overruns:0 frame:0
TX packets:19288 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3793058 (3.7 MB) TX bytes:5827075 (5.8 MB)
eth1 Link encap:Ethernet HWaddr 00:50:56:a4:47:85 <----- THIS IS EXTERNAL
inet addr:10.0.1.3 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fea4:4785/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30854 errors:0 dropped:0 overruns:0 frame:0
TX packets:13011 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22446208 (22.4 MB) TX bytes:1047058 (1.0 MB)
eth2 Link encap:Ethernet HWaddr 00:50:56:a4:47:86 <--------------- EXTERNAL
inet addr:190.8.44.13 Bcast:190.8.44.15 Mask:255.255.255.248
inet6 addr: fe80::250:56ff:fea4:4786/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:124756 errors:0 dropped:0 overruns:0 frame:0
TX packets:76646 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:161530175 (161.5 MB) TX bytes:5448906 (5.4 MB)
eth3 Link encap:Ethernet HWaddr 00:50:56:a4:47:87 <--------------- EXTERNAL
inet addr:192.168.14.4 Bcast:192.168.14.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fea4:4787/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14970 errors:0 dropped:0 overruns:0 frame:0
TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1219177 (1.2 MB) TX bytes:6748 (6.7 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1196431 errors:0 dropped:0 overruns:0 frame:0
TX packets:1196431 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:120292327 (120.2 MB) TX bytes:120292327 (120.2 MB)
and this is the ipconfig of the machine that can't ping zentyal:
Quote
Windows IP Configuration
Host Name . . . . . . . . . . . . : srv-infra
Primary Dns Suffix . . . . . . . : test.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : test.local
Ethernet adapter Local:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-4B-0D-61
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.250(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.249
DNS Servers . . . . . . . . . . . : 10.0.0.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{2282D9A7-BAA2-4CD2-B880-B24848D0B242}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Please, help me :\ this is driving me and my users crazy
7
Installation and Upgrades / Cant connect to zentyal Cloud
« on: July 19, 2012, 05:35:18 pm »
Hi guys!
My server cant connect to zentyal cloud. This is the log:
As you can see, there's an "AUTH_FAILED" message. My credentials are right (I have triple checked). I can log to zentyal cloud using those credentials.
On Subscriptions -> Server Subscription, the server name is "sdinabima" (Lower case, without the quotes), and the server's hostname is "zentyal" (Again, lower case, without quotes).
I have subscribed/unsubscribed the server, changed his name, deleted the server on zentyal cloud page... but nothing.
On the Dashboard i see "Connection status: Not connected. Check VPN logs in /var/log/openvpn/"
Any help?
My server cant connect to zentyal cloud. This is the log:
Quote
Thu Jul 19 11:28:33 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Thu Jul 19 11:28:33 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jul 19 11:28:33 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jul 19 11:28:33 2012 WARNING: file '/etc/openvpn/R_D_SRVS_0ecd94bcd.conf.d/certificateKey' is group or others accessible
Thu Jul 19 11:28:33 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Thu Jul 19 11:28:33 2012 LZO compression initialized
Thu Jul 19 11:28:33 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jul 19 11:28:33 2012 RESOLVE: NOTE: vpn1.cloud.zentyal.com resolves to 2 addresses, choosing one by random
Thu Jul 19 11:28:33 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jul 19 11:28:33 2012 Local Options hash (VER=V4): '31fdf004'
Thu Jul 19 11:28:33 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Jul 19 11:28:33 2012 Attempting to establish TCP connection with [AF_INET]92.243.29.87:1194 [nonblock]
Thu Jul 19 11:28:34 2012 TCP connection established with [AF_INET]92.243.29.87:1194
Thu Jul 19 11:28:34 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jul 19 11:28:34 2012 TCPv4_CLIENT link local (bound): [AF_INET]10.0.1.2:39174
Thu Jul 19 11:28:34 2012 TCPv4_CLIENT link remote: [AF_INET]92.243.29.87:1194
Thu Jul 19 11:28:34 2012 TLS: Initial packet from [AF_INET]92.243.29.87:1194, sid=4182ad81 55139262
Thu Jul 19 11:28:36 2012 VERIFY OK: depth=1, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=Certification_Authority_Certificate
Thu Jul 19 11:28:36 2012 VERIFY OK: depth=0, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=vpn1.cloud.zentyal.com
Thu Jul 19 11:28:41 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 19 11:28:41 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 19 11:28:41 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 19 11:28:41 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 19 11:28:41 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jul 19 11:28:41 2012 [vpn1.cloud.zentyal.com] Peer Connection Initiated with [AF_INET]92.243.29.87:1194
Thu Jul 19 11:28:43 2012 SENT CONTROL [vpn1.cloud.zentyal.com]: 'PUSH_REQUEST' (status=1)
Thu Jul 19 11:28:43 2012 AUTH: Received AUTH_FAILED control message
Thu Jul 19 11:28:43 2012 TCP/UDP: Closing socket
Thu Jul 19 11:28:43 2012 SIGTERM[soft,auth-failure] received, process exiting
As you can see, there's an "AUTH_FAILED" message. My credentials are right (I have triple checked). I can log to zentyal cloud using those credentials.
On Subscriptions -> Server Subscription, the server name is "sdinabima" (Lower case, without the quotes), and the server's hostname is "zentyal" (Again, lower case, without quotes).
I have subscribed/unsubscribed the server, changed his name, deleted the server on zentyal cloud page... but nothing.
On the Dashboard i see "Connection status: Not connected. Check VPN logs in /var/log/openvpn/"
Any help?
8
Installation and Upgrades / Proxy filter is not working if you access proxy from VPN
« on: April 14, 2012, 01:57:21 am »
Hi guys!
Look at this: Lets say we have an user, named "User1":
Inside the network:
================
1) User1 open his browser
2) The browser asks User1 his username and password
3) He puts his user/password and then he tries to open Facebook
4) The proxy filters the request, and deny the access
Outside the network (Using PPTP)
=================
The same 3 first steps happen here too, but on step4, the proxy ALLOWS the access to Facebook...
Look at this screenshot:
So, to keep it short: If the user is inside the network (10.0.0.X) the proxy works as i want: Ask password and filter
BUT if the user is connected using VPN (pptp) the proxy asks the password BUT allows access to everywhere! :\
why? any light?
Look at this: Lets say we have an user, named "User1":
Inside the network:
================
1) User1 open his browser
2) The browser asks User1 his username and password
3) He puts his user/password and then he tries to open Facebook
4) The proxy filters the request, and deny the access
Outside the network (Using PPTP)
=================
The same 3 first steps happen here too, but on step4, the proxy ALLOWS the access to Facebook...
Look at this screenshot:
So, to keep it short: If the user is inside the network (10.0.0.X) the proxy works as i want: Ask password and filter
BUT if the user is connected using VPN (pptp) the proxy asks the password BUT allows access to everywhere! :\
why? any light?
9
Installation and Upgrades / Zentyal keeps changing my "Default" Gateway
« on: November 15, 2011, 03:08:40 pm »
Hi guys!
I have a small problem. I have 3 gateways. Lets say:
Gateway1, Gateway2 and Gateway3.
Gateway1 is an adsl router with a 6mb connection.
Gateway2 is a T1 connection.
Gateway3 is a connection with another company... something like an intranet. That gateway has NO internet access at all, and is only used to access an specific intranet website.
Taking that into account, i have a setup like this:
Gateway1: Weight 15
Gateway2: Weight 15
Gateway3: (The intranet one) Weight 1
What im trying to do is.. route all traffic equally through Gateway1 and Gateway2, and ignore Gateway3.
I have a Multiwan rule that specify: All traffic that goes to the intranet with the other company, should pass only through Gateway3. That's the only use for Gateway3
The problem is: If i set Gateway1 or gateway2 as "Default", after a while, zentyal ignores that, and sets Gateway3 as the default gateway , and when that happens, browsing the internet on my network is extremely slow!. I have to set Gateway1 or Gateway2 as default to solve the problem... until Zentyal sets Gateway3 as default (again) and the cycle continues.
Any suggestion?
I have a small problem. I have 3 gateways. Lets say:
Gateway1, Gateway2 and Gateway3.
Gateway1 is an adsl router with a 6mb connection.
Gateway2 is a T1 connection.
Gateway3 is a connection with another company... something like an intranet. That gateway has NO internet access at all, and is only used to access an specific intranet website.
Taking that into account, i have a setup like this:
Gateway1: Weight 15
Gateway2: Weight 15
Gateway3: (The intranet one) Weight 1
What im trying to do is.. route all traffic equally through Gateway1 and Gateway2, and ignore Gateway3.
I have a Multiwan rule that specify: All traffic that goes to the intranet with the other company, should pass only through Gateway3. That's the only use for Gateway3
The problem is: If i set Gateway1 or gateway2 as "Default", after a while, zentyal ignores that, and sets Gateway3 as the default gateway , and when that happens, browsing the internet on my network is extremely slow!. I have to set Gateway1 or Gateway2 as default to solve the problem... until Zentyal sets Gateway3 as default (again) and the cycle continues.
Any suggestion?
10
Installation and Upgrades / Firewall log says "There are no logs for this domain". No data is being logged
« on: November 09, 2011, 01:38:34 pm »
Right now, im in "Maintenance -> Logs -> Firewall -> Full Report
But, there's nothing logged, from any date to any date... nothing. And on the botton it says "There are no logs for this domain "
Other modules are logging data just fine.
A forum search didn't show anything related.
But, there's nothing logged, from any date to any date... nothing. And on the botton it says "There are no logs for this domain "
Other modules are logging data just fine.
A forum search didn't show anything related.
11
Installation and Upgrades / VPN Connection as a gateway? Is that possible?
« on: November 09, 2011, 02:18:30 am »
Hi guys!
I want to know... is it possible to connect my Zentyal server to a VPN, and use that VPN connection as a gateway? This makes sense?
I want to know... is it possible to connect my Zentyal server to a VPN, and use that VPN connection as a gateway? This makes sense?
12
Installation and Upgrades / PPTP" and "IPSec rules [SOLVED]
« on: November 09, 2011, 01:15:44 am »
Sorry for the "off topic" but, can you please tell me what are the rules that you have inside these services?
"PPTP" and "IPSec"
Please! That may help me a lot with a problem.
Thanks
/edit: I split this post off since it was off topic. Next time please create a new topic. Robb
"PPTP" and "IPSec"
Please! That may help me a lot with a problem.
Thanks
/edit: I split this post off since it was off topic. Next time please create a new topic. Robb
13
Installation and Upgrades / Clients cant stablish a VPN connection after installing Zentyal
« on: November 08, 2011, 05:20:54 pm »
Hi guys!
This one is killing me! I have 3 users that need to stablish a vpn connection (Using internet) from time to time to use a banking system. Before i installed zentyal, my network was like this:
ADSL Router: 10.0.0.1, and my clients where from 10.0.0.10 to 10.0.0.250. no firewall or anything. Just a "normal" network.
Like that, the VPN connection worked.
Now that zentyal is between the users and the internet, they cant establish the connection. It stays at "Verifyng user and password"
I have tried this:
1) Firewall rules (Filtering rules for internal networks):
I have a rule that is like this: from 10.0.0.62 (One of the clients) to any, using any service, ACCEPT.
any help? What im missing?
This one is killing me! I have 3 users that need to stablish a vpn connection (Using internet) from time to time to use a banking system. Before i installed zentyal, my network was like this:
ADSL Router: 10.0.0.1, and my clients where from 10.0.0.10 to 10.0.0.250. no firewall or anything. Just a "normal" network.
Like that, the VPN connection worked.
Now that zentyal is between the users and the internet, they cant establish the connection. It stays at "Verifyng user and password"
I have tried this:
1) Firewall rules (Filtering rules for internal networks):
I have a rule that is like this: from 10.0.0.62 (One of the clients) to any, using any service, ACCEPT.
any help? What im missing?
14
Installation and Upgrades / How can i force users to browse only through my proxy? [SOLVED]
« on: November 04, 2011, 04:00:33 pm »
Hi guys! Me again.
Right now my proxy is working, including filters, users, groups etc, but i have a question:
On my network, you can bypass my proxy just by not using it .
My users should be able to browse the internet only if they are using the proxy. No proxy? No access. that's what i want.
On ClearOS, there is a clever solution to this: If you try to browse the internet without the proxy, the only thing that you get is a ClearOS page, indicating that you need to use the proxy to get access. That page, also tells you the ip of the proxy and the port.
How can i do that? At least, block the access to those not using the proxy
Right now my proxy is working, including filters, users, groups etc, but i have a question:
On my network, you can bypass my proxy just by not using it .
My users should be able to browse the internet only if they are using the proxy. No proxy? No access. that's what i want.
On ClearOS, there is a clever solution to this: If you try to browse the internet without the proxy, the only thing that you get is a ClearOS page, indicating that you need to use the proxy to get access. That page, also tells you the ip of the proxy and the port.
How can i do that? At least, block the access to those not using the proxy
15
Installation and Upgrades / [Solved] How to asign IP leases only to known MAC addresses?
« on: November 04, 2011, 12:45:49 pm »
Hi guys
I want to know if is possible to configure the dhcp server to asign dynamic ip leases only to known mac addresses? I want to do that because i want to prohibit network access to unknown computers.
I want to know if is possible to configure the dhcp server to asign dynamic ip leases only to known mac addresses? I want to do that because i want to prohibit network access to unknown computers.
Pages: [1] 2