Profile Details

Toggle Sidebar
Recent updates
  • DavidAdams
    DavidAdams replied to a discussion, ClearOS behind Proxy

    Having the same problem, the rpm's install just fine from the command line and then the web gui page appears.

    I have filled in the details and can now search the marketplace, however when I try to install anything I get the following:

  • DavidAdams
    DavidAdams's reply was accepted as an answer

    Re: ClearOS and OpenVPN as a site-site failover - Success

    Michael,
    Thank you for your kind offer, I suspect we will be taking you up on it as it will enable me to test a "paid for" solution.


    Dave

    We have a need for it to fail over without any intervention. Our remote sites have no local IT and the last thing I want is a phone call at 2am GMT because the Chinese have got to work and can't connect to Europe.

    I do have it working on my test bench, taking it live is awaiting the approval to buy the new hardware. At that point I will be able to test the "instructions" I wrote up first time round.

  • You might want to also look into iproute2 as a way to dynamically bring up and tear down routes for ClearOS. The multiwan engine uses this and you can simply setup rules to process in the /etc/clearos/firewall.d/local file to bring them up anytime.

    I had a situation where I needed to be able to have ClearOS switch from one gateway mode to another depending on a keepalive script and configuration. I didn't have the luxury of using BGP or OSPF so quagga was off the table. The setup fails over the entire infrastructure to standby VPN tunnels (which are always up) whenever the call center admins determine that the primary ISP is not working out well. Originally it was thought that the system would only be used infrequently but the system has saved the company from expensive downtime over, and over, and over again.

    If you do end up using quagga, I'd really be interested in talking to you and producing better documentation for that under ClearOS.

  • David,

    Thank you for sharing your ClearOS success experiance. It's nice to see positive success stories like this on the forums as many folks only care to post what's not working and forget to circle around and share what is working / successes like this. Based upon your willingness to share ClearCenter would be happy to provide a couple DynamicVPN Subscriptions for free as this might help your experience even further. Again, thank you for sharing your ClearOS success experiance. If interested email your ClearCenter Portal Username to sales@clearcenter.com with a link to this post and we will ensure a couple DynamicVPN subscriptions are added to your Portal.

    Best regards,

    M~

  • David,

    Thank you for sharing your ClearOS success experiance. It's nice to see positive success stories like this on the forums as many folks only care to post what's not working and forget to circle around and share what is working / successes like this. Based upon your willingness to share ClearCenter would be happy to provide a couple DynamicVPN Subscriptions for free as this might help your experience even further. Again, thank you for sharing your ClearOS success experiance. If interested email your ClearCenter Portal Username to sales@clearcenter.com with a link to this post and we will ensure a couple DynamicVPN subscriptions are added to your Portal.

    Best regards,

    M~

  • You might want to also look into iproute2 as a way to dynamically bring up and tear down routes for ClearOS. The multiwan engine uses this and you can simply setup rules to process in the /etc/clearos/firewall.d/local file to bring them up anytime.

    I had a situation where I needed to be able to have ClearOS switch from one gateway mode to another depending on a keepalive script and configuration. I didn't have the luxury of using BGP or OSPF so quagga was off the table. The setup fails over the entire infrastructure to standby VPN tunnels (which are always up) whenever the call center admins determine that the primary ISP is not working out well. Originally it was thought that the system would only be used infrequently but the system has saved the company from expensive downtime over, and over, and over again.

    If you do end up using quagga, I'd really be interested in talking to you and producing better documentation for that under ClearOS.

  • Michael,
    Thank you for your kind offer, I suspect we will be taking you up on it as it will enable me to test a "paid for" solution.


    Dave

    We have a need for it to fail over without any intervention. Our remote sites have no local IT and the last thing I want is a phone call at 2am GMT because the Chinese have got to work and can't connect to Europe.

    I do have it working on my test bench, taking it live is awaiting the approval to buy the new hardware. At that point I will be able to test the "instructions" I wrote up first time round.

  • ClearOS and OpenVPN as a site-site failover - Success

    This is just here to let others know what we have managed to achieve for little or no capital expense.

    Our exposure to ClearOS started when our then current proxy was discontinued and a replacement was needed.

    As I had some personal exposure to ClarkConnect, as it was then, for a personal web server, we decided to try the proxy function. It worked.

    This is how things were for a year or so and then when one of our satellite offices needed proxy/firewall duties we decided to install a second system, by now it was ClearOS, again it went in and just worked.

    Over the course of the next 6-12 months there were additional systems installed, one more in Europe and then a whole raft of systems in our offices in the Far East.

    At this point we were only using them for firewall/proxy duties. All inter site traffic was over a managed WAN, with static routes on all their routers.

    We then acquired a new company and while we were waiting for our managed network supplier to get the necessary infrastructure installed at the remote location we needed a way for the new office to connect to the corporate WAN. OpenVPN was tried and used in a server to server configuration connecting back here to head office.

    The next request was for some way of configuring multiple OpenVPN tunnels to this location that would automatically route traffic in the event the managed network failed. Investigation showed that ClearOS couldn’t do it at the time without a lot of background/command line tweaking and so the project was shelved.

    The latest upgrade to our corporate firewall meant it was now able to handle dynamic routing and so the OpenVPN failover solution was revisited.

    After extensive testing we have now had the WAN routers reconfigured for OSPF and the WAN router in each location reconfigured with the relevant ClearOS as its default gateway.

    In the event of any given WAN link failing traffic is routed over one of the OpenVPN tunnels.

    The majority of our satellite offices have a failover ClearOS VPN tunnel to at least one of our four data centres, UK, Czech Republic, Hong Kong and USA.

    One European location does not have a ClearOS but has an OpenVPN tunnel to two locations using the OpenVPN server provided by their ISP.

    Another European office is using ClearOS as firewall/proxy/file server and the OpenVPN tunnels are the only route to the corporate WAN. It wasn’t economical to get a managed connection installed.

    It is likely that one of the European offices will shortly have their aging ClearOS, Windows file server and firewall appliance replaced with a single ClearOS doing dynamic routing. I have looked at and tested quagga and whilst not simple isn't too bad to configure

  • DavidAdams
    DavidAdams started a new discussion, Central Management

    Central Management

    I am the admin for 20 ClearOS systems in Europe and the Far East, and soon to be another system or two in USA.

    We have used OpenVPN to create a simplistic mesh for failover in the event that our managed network between sites fails

    The WAN router in each location has been configured with the relevant ClearOS as its default gateway.
    In the event of any given WAN link failing traffic is routed over the OpenVPN tunnel.

    Is there any way I can manage the settings on the ClearOS's from a single interface.

    I am in the process, long overdue, of replacing the current v5 systems, yes I know it's EOL, running on desktop PCs,
    with v7 running on server hardware, dual PSU, RAID disc, and am looking to see if the feature I am looking for is

    1 Available
    2 Level of subscription required

    At the moment our v5 systems are all Community edition and we pay for content filter updates only.