Thanks for the feedback - some I can comment on:-

- No easy bridging
Yes unfortunately not from the webconfig, this can be achieved using normal Linux tools from the command line and the webconfig will respect your bridge connection. See how to here http://www.clearfoundation.com/docs/howtos/network_bridging

- Doesn't support easy rule creation for individual interfaces or LAN -> ClearOS
Not sure what you mean here? port forwarding is separate from NICs rather uses destination network addresses. The routing is then handled by ClearOS. Do you mean custom static routes?

- No global/universal Network Objects
Whats the benefit of a network object? i'm not familiar with the presumably Zentyal terminology

Gateway

- Content Filter doesn't work, easily bypassed by addressing web proxy port as opposed to filtering port
That's not true, when transparent mode is enabled, traffic directed at port 3128 (the proxy). should be redirected to port 82 which displays a page stating that your proxy config is incorrect and should be pointing at port 8080 (the content filter)

- Content Filter error pages recurse and eventually fail with HTTP Error 400
This works fine here...perhaps something off with your virtual network setup is causing a loop?

- No MITM HTTPS filtering
No, this kind of proxy does not comply with RFC and has been discussed on the forum. You would need to decrypt the incoming traffic, parse it, then reencrypt it without the end user noticing. It goes against the concept of HTTPS traffic

- Interface doesn't support altering SSL certificates for Web Server or virtual hosts.
The certificate manager can be used to generate SSL certificates, however the installation (I believe) requires manual config file changes for httpd

- No RADIUS Server
There is a new RADIUS implementation for ClearOS 5.2, this will be integrated fully into version 6.1
http://www.clearfoundation.com/docs/howtos/setting_up_radius_to_use_ldap

- Update/Install interface log doesn't work
This can cause problems, but generally works OK? again is improved in version 6.1 (beta)

- Updates don't install properly, have to resort to yum update
This is a known issue http://tracker.clearfoundation.com/view.php?id=405

Hope that helps

That's a good post J. I'll add in my opinion on this. I'm a Windows Server engineer by day with my job being mainly installation based of new kit for customers (Work for a large company so there's a constant stream of installation work).

I ran ClearOS at home on a server for a good few years with nothing else. For my needs at the time it worked perfecty and I had no real issues with it (Other than the odd ones I caused myself as I heavily customised it). Back in the day when it was ClearConnect I paid for the Enterprise version to get MultiWAN which came with support. I have to say the support was excellent, I think I used it on 2 occasions and both times was most impressed with the speed and also the fact they were spot on. Now there's not as much information as Windows out there but regardless the support the Clear Foundation provides is top notch.

Then I hit the issue of wanting to run an OpenVPN tunnel on my ClearOS box to route set traffic down it. I know technically this is possible to be done manually but having MultiWAN made the rules just so complex that I gave up. So I switched my system to ESXi and put pfSense in a VM. This runs perfectly for my routing needs and is an extremely good product, but it's only a firewall.

As I was running ESXi and have an MSDN account I thought I'd give a MS Windows Server network a go at home. By this point I'd actually got 2 servers, 1 with 8GB of RAM and another with 16GB.

However the issue is Microsoft wants everything split out normally into seperate boxes in a lot of cases if you want to stay supported. So I had 2 DC's, 1 Exchange 2010, 1 Sharepoint, 1 Terminal Server, 2 File servers with DFS between the 2 boxes, etc. It all worked but it took too much effort to maintain. That and I just don't have enough RAM to do it right. Exchange had to make do with 4GB of RAM for that VM which is below the minimum of 8GB when all roles are on the same box. Even when I gave it 8 the performance is hugely poor vs say Zarafa on ClearOS (Thanks Tim) . Patching it was a nightmare and always requires a reboot in Microsoft's world. The wife is the most unforgiving customer I've come across and the downtime wasn't acceptable to her

I tried SBS 2011 but as I'd added a lot of extra software on it the RAM requirements went through the roof and it was just too slow on my hardware.

I tried Zentyal (As a VM as still keeping pfSense) but it's just not as good as ClearOS. In some ways it is better but it's far too slow on the interface and not nearly as easy to customise config files without it overwriting them.

ClearOS 5.2 took me an age to customise to run the extra software I need because the packages are so old now they need to be updated manually. So I didn't want to spend ages building this up when 6 is also out soon.

So my current solution I'm trying is as follows...

1 x pfSense VM (Routing)
1 x Openfiler (RAID 5 with my storage) sharing out SMB on a seperate virtual switch
1 x Media Streaming VM (Ubuntu with Serviio and AirVideo, mounts Samba share on boot)
1 x Download VM (SABnzbd, Sickbeard, Transmission, Couchpotato, as it's a seperate IP it's easy to route traffic from this down the VPN which pfSense is running. Also it connects to Openfiler with a Samba share on boot)
1 x SBS 2011 still running as I've yet to have the time to migrate everything I need off it.

This is about as far as I am currently. My plan is to have ClearOS 5.2 installed this week with 2 NIC's. One on the virtual switch to mount Samba shares and the other to my LAN so I can add users and groups in ClearOS and people connect to my shares via this, Openfiler won't be visable. I should then be able to lose the SBS 2011.

My overall theory is by splitting them out it'll be easier to upgrade one without affecting the other. So when ClearOS 6 comes out I can upgrade quickly because all my custom software will be running in seperate VM's. Even my flexshares won't be hosted on the 5.2 VM so I'll have little data to backup and move. I can also reboot this, mess around, etc without knocking my Internet off, or downloads / media streaming so the wife will be almost happy (As good as you can achieve I think)

It's a lot of effort but my ultimate point is even when you have Microsoft licenses, it's not always the best solution. It's RAM hungry to the max and needs far more time to maintain in my opinion than ClearOS (Or Zentyal I imagine). However if you want the best of all worlds you'll have to virtualise and run various different products.

I'd give up my setup in a flash though to run just ClearOS if I could have a OpenVPN tunnel and route traffic down it as I choose (Including traffic generated on the ClearOS box). I miss those hassle free years.

Not sure what you mean here? port forwarding is separate from NICs rather uses destination network addresses. The routing is then handled by ClearOS. Do you mean custom static routes?

I meant firewall rules for traffic from LAN interfaces to the ClearOS instance.

This works fine here...perhaps something off with your virtual network setup is causing a loop?

I don't see how, basically the URL is blocked and is sent as a GET parameter to the proxy blocked page but then it redirected that entire URL to the blocked page again as a parameter ad infinitum until a HTTP Bad Request is caused. I could try to debug it but I just don't have time.

Whats the benefit of a network object? i'm not familiar with the presumably Zentyal terminology

http://doc.zentyal.org/en/abstractions.html#network-objects-ref Basically aliases

As for the "it'll be in 6.1" I can't make proposals on things which aren't ready for production and have no release dates, I can only deal with products which have been released now. I'm really looking for stuff working out of the box, as opposed to installing packages and dropping down to a shell to configure it, because that sort implementation has better support from the communities around it and the company that sponsors it. It also reduces the overhead of maintaining a custom implementation and configuration of packages etc. across different sites as well as reducing the overhead of documenting every change I make that deviates from the standard, which is important if I get hit by a bus or it comes time to upgrade and all the changes I made no longer work.

My current idea at the moment is perhaps having Zentyal on the hardware and visualising ClearOS on it, or perhaps Resara, I'm yet to test the idea though.

I'd like to go for ClearOS even though I'm fair more comfortable with a Debian based system, ClearOS is more polished and I love the FlexiShare idea. It's also the little things like being able to list the computers registered to the domain, ClearCenter and being able to add/remove services to a user easily from a central location which inspire a bit more confidence in the product. Although that works inversely, there are things missing from ClearOS which are in Zentyal which I would have expected anywhere, but there is stuff missing from both as well.

Wow, I can't let this thread pass me by... Without speaking a bit of ClearOS...

Nice Post J...

All I can say is ClearOS is something to watch out for.

I'm always temped by other new software out there... but they never seem to be to have all the options. I wish ClearOS was a bit "faster" as Blizzard Games likes to say "Soon"... but the support and the community (Tim, Nick, Tony, Alex + All the other Guys around here, Plus the the Support Team) I wouldn't leave this community even if Windows started giving their software away... Ok... maybe... just kidding.

I can't speak enough about the Support guys, they even suggested some extra revenue options for my own business which was pretty neat.

Anyways, I put ClearOS in front of my SBS 2008 / SBS 2011 installs for those who JUST want Windows. As I think ClearOS has a great system with the webgui. Plus 6.x is coming and it looks GREAT! The only thing I wish they had right now was an Active Directory connector, but that will be here soon (there is that word again) to 6.x...

I am currently running CleaerOS + VMware + SBS 2011 to run my business with a bit of personal stuff in the mix. I figured at one point I'll drop Windows and run just Vmware and ClearOS, but too many people use XP or now Win7 to stop using it all together.

You could always modify the WebConfig (Webgui) to reflect all the things you need. There are many threads here that do exactly that. Just the time is the killer for me. I just wish I had more time. But I haven't found a system that is has everything right out of the box. ClearOS is close, but still need to drop down to CLI in order to get all the custom features install, the base install works with the standard webgui.

So if you want EVERYTHING just to work with a Windows Base Client, than Windows Server (SBS) is your best hope. Unless you are going to install Linux Base Clients...

Another one to consider for comparison purposes is UNIVENTION SEVER (www.univention.com)

Samba4 is now included. I am using it in a test domain. Other test domains include Resara, Univention, and Zentyal.

I have been a RedHat user for years, and have an affinity for CentOS - and by extension ClearOS. That said Univention and Resara intrigue me a bit. Both have Samba4 support out of the box.
-- Resara is quite clean interface-wise, but quite limited in scope.
-- Univention - quite a complex GUI and feature set

It's basically just VPN access, file sharing, windows domain stuff and internet filtering alongside typical corporate networking management.

I am not really used to ClearOS 5.2, but I am using ClearOS 6 (6.2 2nd or 3rd Enterprise/Community release) for quite a while and extensiely used Zentyal 2-2.1 and 2-2.2 and have even tested the Zentyal 2.3 (pre-)release.

I currently use ClearOS primarily as protective Gateway/Firewall and transparent Proxy.

My conclusion of several trials and attempts, (also in virtual environments) ist that ClearOS 6 - though it has not officially been released as "stable version" (or Professional, which will be the official name) - is already much more sophisitacted and profound. The web-administration is more transparent and the Intrusion Detection (IDS) and Protection makes it possible to gain more safety and privancy without having to make unplantable compromises regarding performance.
I never made any negative experiences with the updates via ssh.

I did not try to use ClearOS as Primary Domain Controller or part of an Active-Diretory Network-Infratructure yet, but i have come to the conclusion that it is a profoundg Gateway-solution. I am also using Zentyal as operating system in my Network for a different "standalone"-server, but I would have bad feelings using Zentyal as gateway or firewall for internet-traffic.


I would like to contribute the juxtaposition of ClearOS 6.2 - 3 and Zentyal 2-2.2 to your assesment, if this is still conform to the topic! (Please be so kind and tell me whether your intrested in this juxtaosition or not).

With kind regards

Frederik

I would like to contribute the juxtaposition of ClearOS 6.2 - 3 and Zentyal 2-2.2 to your assesment, if this is still conform to the topic! (Please be so kind and tell me whether your intrested in this juxtaosition or not).

Hello Frederik, I for one would like to continue this thread.

I help out several non-profits that do not have a budget for IT at all. I would like to move to Samba 4 but it appears I would not be able to with COS without purchasing a subscription (which I think is very reasonable BTW). Also it looks like there is not an upgrade path from 5.2 to 6.X and this is typical of Redhat/Centos (please correct me if I am wrong).

I understand there is an upgrade path for Zentyal major releases (again,correct me if I am wrong) and Zentyal does have Samba 4 without cost.

It also appears that COS is moving to a more comercial business model (which I understand and support) but this does not fit with our current clients' needs.

We moved away from COS as a Firewall/Gateway and went to Endian for this (more exposed features and configurablity). We are now using COS as a PDC and email server (SOGo with Thunderbird).

I have not try Zentyal or any others yet but it is on my "to do" list.

I would be nterested in others' feedback..

Thank you,

Kevin