– The RADIUS configuration allows an imported certificate be used for the server as well as an imported CA as a trusted CA, but does not provide a way for the imported CA’s CRL to be imported. With this config, the “Check CRL” option cannot be checked as radiusd will fail to initialize. Would it be possible to add support of pulling in more than the local CA’s CRL? This would allow for a “more secure” type setup where the CA is not on the same box and is not networked. Of course, this also means that user management may also be done elsewhere which isn’t exactly the intended use of ZeroShell, but I think you may see how this would be beneficial.
I know this problem and I am going to solve it with the 1.0.beta4 release
– I’ve noticed that if power is lost to the router/server the database (stored on USB flash disk) will not be recognized at the next boot. I have to restore the
database from backup. Is there any way this can be adjusted so that power loss does not completely kill the box?
Very strange because my Internet router is a WRAP board with Zeroshell on CompactFlash and I never do a regular shutdown, but I just disconnect the power. It always worked fine without filesystem corruption. In any case, keep in mind that Zeroshell supports ext3, ext2, reiserFS and fat32 filesystem, but only ext3 and reiserfs have the journaling feature which allow a safe recovery from a crash.
Is your USB Flash disk formatted with FAT32?
– Would it be possible to have logs & runtime use of the filesystem separated from the database and possibly use a RAM filesystem mount so as not to excessively use flash based devices, etc.? This would be a handy configuration option. Perhaps this ties into the above item since a sudden loss of power doesn’t umount the filesystem cleanly?
This is a good idea. I will keep it in mind and on the todo list.
– Would it be possible to add SSH as a feature so some users can be allowed remote console access and administration of this be done like everything else via the web interface?
You just need to type the command
service sshd start
and reset your root user password with the passwd command from the console.
– Would it be possible to add an additional OpenVPN configuration so ZeroShell could act as the server side in a point to point (roadwarrior) VPN solution (tun or tap based)? Ideally this would support both TLS certificate based authentication as well as username/password based authentication, just like “native” OpenVPN. 🙂
Yes, it is possible. I have already planned to do it.
Regards and thank you for your suggestions