Profile Details

Toggle Sidebar
Recent updates
  • Tomas
    Tomas replied to a discussion, OpenVPN - route all traffic

    Thanks, Nick.

    MTU issues should affect all files, not just small like you say.

    BTW, why do you have "reneg-sec 28800"? Is that a SWEET32 mitigation? If so, current server and client software is not vulnerable.


    I had password prompts every hour on old openVPN desktop client - that's why I added it. Not sure if it's needed for openVPN GUI which I'm using now. This shouldn't affect performance though.

  • Tomas
    Tomas replied to a discussion, OpenVPN - route all traffic

    Hi

    I'm back on it...The connection is stable but performance is poor when clients connect via WiFi or mobile connection. Now I understand the problem with mobile connection but WiFi used for testing is OK -> 10Mbps Downstream / 6Mbps Upstream, very stable, no other clients connected to the WiFi. The server side connection is 60Mbps / 20Mbps.

    The issue is that speed drops to few kb/s when connected via Wifi and copying a folder containing e.g. 200 small files (101MB total) which I find strange. Another example is launching a software that relies on data stored on a shared drive - it gets painfully slow as it needs to load data from many smaller files.

    Iperf test on that connection:

    local 192.168.2.1 port 5001 connected with 10.8.0.6 port 50079
    [ 4] 0.0-12.4 sec 8.66 MBytes 5.85 Mbits/sec


    All seems to be good for large files - no problems, the speed is what you expect. Transferring smaller files is a completely different story - it just gets very slow.

    This is sample config I'm using:



    I have also created QoS rule for 1194 ports inbound and outbound but that did not help.

    Suggestions to the problem would be very welcome.

  • Tomas
    Tomas started a new discussion, Sentinel RMS -

    Sentinel RMS -

    Hi

    I'm trying to set up Sentinel RMS server on our 7.5 server.

    I can only execute 64 binaries though - start and stop the service. When I try to execute 32bit binaries I get e.g. ./lslic :



    Google search points me to "glibc.i686.rpm" package needed but it's not available under ClearOS. Only the following are:



    I found the package on https://centos.pkgs.org/7/centos-x86_64/glibc-2.17-222.el7.i686.rpm.html

    But when I run "yum install http://mirror.centos.org/centos/7/os/x86_64/Packages/glibc-2.17-222.el7.i686.rpm"; I get:



    "yum provides libfreebl3.so" gives "No matches found". Another Google search pointed me to " nss-softokn-freebl.x86_64" package that supposedly includes the dependency needed but it's already installed on our server. At this point I don't know what to do...:(

  • Tomas
    Tomas replied to a discussion, OpenVPN - route all traffic

    Many thanks, Nick.

    I disabled the 3 custom rules, added "float" to .ovpn files, added "multihome", "push "redirect-gateway def1 bypass-dhcp"" to /etc/openvpn/clients.conf and disabled the UDP 1194 port destination rules - will do some testing now to see how it all works.

  • Tomas
    Tomas started a new discussion, OpenVPN - route all traffic

    OpenVPN - route all traffic

    Hi

    We need rock stable openVPN with routing all traffic via our network for our new project.

    Let me very briefly describe the config - 7.5 set as gateway with multi-wan (2 fibre connections).

    multi-wan configured:

    enp4s0 (backup) - Weight 1
    enp5s0 - Weight 100

    We also have Destination Port Rule for UDP 1194 to go through enp5s0, and a disabled rule for UDP 1194 to go through enp4s0 (so it's easy to enable when something goes wrong).

    We added:

    push "redirect-gateway def1"

    to /etc/openvpn/clients.conf.

    We also added "reneg-sec 28800" to the server side and client side config.

    All seems to work nicely...But I have also came across this article:

    https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_o_forcing_openvpn_traffic_for_clients_through_server

    that advises to add 3 custom firewall rules

    iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow VPN client traffic back in if established
    iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # Allow VPN clients out
    iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE # nat for VPN

    Do we need this (with enp5s0 instead of eth0 for our server) or it's an outdated documentation? I have added those rules but it seems to work with them or without them correctly during my short tests.

    Thanks.

  • tomas wrote:

    Hi

    Anyone tried to share a printer on domain members running W10 1803 (1507 domain joined then upgraded to 1803)?.The client is visible, but can't be accessed most of the time...


    I have managed to sort it out -> the client used static IP config (with WINS), I switched to DHCP and the client can be accessed now.

  • Hi

    Anyone tried to share a printer on domain members running W10 1803 (1507 domain joined then upgraded to 1803)? I have one Zebra label printer connected to a client via USB and then shared to others.

    I tried many things but couldn't get it to work reliably...3rd party firewall uninstalled, Windows firewall disabled and I get 95 times out of 100 "Could connect to \\client-name" message when accessed under Network. SMB1 added via Add/Remove Windows features....I have "Function Discovery Provider Host" and "Function Discovery Resource Publication" services enabled and set to Automatic (Delayed Start), but that for some reason doesn't solve the issue completely...The client is visible, but can't be accessed most of the time...

  • Hi

    Just started tracking this...We tried to join W10 1803 to our domain and got an error...Still have 15xx build .iso so will go with that for now, but future is uncertain....One day this possibly won't work anymore meaning after upgrading domain logons won't be possible...

    How would any possible solutions work for paid 7.x customers using master server and slave server (PDC and BDC)?

  • Tomas
    Tomas replied to a discussion, Update mariadb to 10.2 version

    Same here - need MariaDB 10 for tomcat application to run properly... :( Trying to ditch old Windows server and this is last thing I gotta do...

    Any luck with your task? Did you solve it? Does the upgrade affect functionality of ClearOS web-interface?

    Help from devs would be appreciated here...

  • Tomas
    Tomas replied to a discussion, Mount flexshare from other COS server

    There was an error in rsync xinetd config file. Once I corrected it all is working well.

    The rsync xinetd config file is:



    This starts rsync --daemon automatically after boot. BTW the way Nick suggested to start it works too.

    On the slave system /etc/rsyncd.conf contains:



    On master in /etc/crontab I put:


    All is working well. First full backup was 2 days ago, then yesterday just incremental. Happy days :) I will change this and put a proper script in the future to backup more stuff and send email notification once completed. For now this will do and I can check /var/log/rsyncd.log if needed.

    BTW there is a way to mount flexshares from another server by using mount -t cifs e.g.


    and then backup that folder using rsync.

    The problem is you need to use a username and password, and use fstab to mount flexshare on boot. This means fstab would contain a username and password of one of the users of the system. This doesn't sound secure to me even on closed networks like ours that's why I decided to go with the above solution. You can use "guest" account too - then you don't need a password, so if data you would like to backup doesn't need to be secured by password going with "mount - t cifs" makes perfect sense.

    Hope this helps someone in the future.