Profile Details

Toggle Sidebar
Recent updates
  • Yes, the certificate manager was initialised on the master when it was in standalone mode and certificates created. Then I changed from standalone to master with a help of support.

    It probably relates to the bug where due to a change in the installer, other certificates such as postfix and proftp were not created on installation either.

    Not sure about this..

    Support have escalated the ticket so hopefully it will get sorted soon.

  • Basically PDC and BDC on the same network. Master as gateway with firewall, slave as standalone - no firewall. The plan is to set up proper backup for master server in case it goes down. No VPNs between servers here. LDAP is syncing - I have tested it already. The certificate manager can't be initialised and throws:

    The system is waiting for a connection to the master node.

    plus plenty of the following entries in messages.log

    AccountsFileSync: Error establishing connection: Connection refused
    CertificateManagerFileSync: Error establishing connection: Connection refused

    Without Certificate Manager app some apps don't work at all like flexshares, which I need to backup purposes. The plan is to backup master flexshare to slave server, probably using rsync and cron.

    Like I said this looks like a bug after reading 0019281

  • Hi there,

    I also have this problem.

    Master - Slave configuration on 7.4, LDAP syncing but Certificate Manager throws "waiting on master" notice and plenty of the following entries in messages log:

    This means some features don't work on Slave that need a certificate like flexshares etc :(

    I have found this bug 0019281 but no solution. I have contacted the support and been waiting few days already but would like this solved ASAP :(

    Did you sort out your problem with Slave and Certificate Manager? If so, may I ask what did you do?


  • Tomas
    Tomas replied to a discussion, QoS and squid questions

    Good. Thank you. That's what I thought.

  • Bypass rules are just firewall rules. Head to /etc/clearos/firewall.conf and you'll see your rule near the bottom with the name and IP address and probably a string line "0x10400000". Delete the line then restart the firewall with a "service firewall restart".

  • Many thanks, Nick. That worked :)

  • Tomas
    Tomas started a new discussion, QoS and squid questions

    QoS and squid questions


    We are getting VoIP Cloud system soon so I started looking at QoS - never needed it before but will have to now.

    We use Multi-WAN and have proxy in transparent mode.

    Now the docs for QoS state:

    Web Proxy Gotchas

    Having a web proxy configured either on a ClearOS gateway or some other local proxy server complicates matters. As soon as a web request is made via the proxy, the source IP address for the request is lost. In other words, configuring bandwidth rules using an IP address on your local network will not have an effect for any traffic going through the proxy. See the examples for ways to limit bandwidth to your proxy server.

    But this is not continued for some reason.

    So if we set a rule for VoIP Cloud to bypass the proxy could I simply set a QoS rule for it?


  • Squid Bypass - can't delete a rule using webconfig

    Hi there

    Got a squid set up in transparent mode. All is working well. I have noticed one strange entry in my bypass settings:

    Network address: email-status

    As you have probably noticed this should be the other way round. Now when I try to delete this entry I get: "Oops. Address is invalid." error.

    How do I delete this entry manually?


  • Thanks, Nick.

    The problem is that I don't think it is kmod compatible so for every kernel update you will need to recompile it.

    Hm...Not perfect for production with automatic updates enabled. Will consider giving it a go just to find out if it sorts the issue. In the long term I might just leave it as it is and use the e1000 NIC as a backup due to poor performance. If I'm not mistaken IOMMU can be disabled as it's used for virtualization which I don't need. Another option would be to get another Realtek NIC and enable IOMMU.

    BTW for all Ryzen users - update your BIOS (release with AGESA 1002a). Then enable "C-power states" if you disabled it to sort out crashes/hang out and set under "Advanced/AMD CBS" -> "Power Supply Idle Control" to "Typical current idle" - 18h up and running with this. Previously every idle (30 min or so) I had a crash. Looks like "Typical current idle" setting sorts it out and with "C-power states" enabled you have some C states / power saving features.