Issues and requests

Home Page Forums Network Management ZeroShell Issues and requests

This topic contains 1 reply, has 0 voices, and was last updated by  fedaykin42 12 years ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #40542

    fedaykin42
    Member

    First let me say I really appreciate the work you have done on ZeroShell, I find it very useful and powerful. I’d like to report a couple of issues and make a couple of requests:

    First, the issues:
    – The RADIUS configuration allows an imported certificate be used for the server as well as an imported CA as a trusted CA, but does not provide a way for the imported CA’s CRL to be imported. With this config, the “Check CRL” option cannot be checked as radiusd will fail to initialize. Would it be possible to add support of pulling in more than the local CA’s CRL? This would allow for a “more secure” type setup where the CA is not on the same box and is not networked. Of course, this also means that user management may also be done elsewhere which isn’t exactly the intended use of ZeroShell, but I think you may see how this would be beneficial.

    – I’ve noticed that if power is lost to the router/server the database (stored on USB flash disk) will not be recognized at the next boot. I have to restore the
    database from backup. Is there any way this can be adjusted so that power loss does not completely kill the box?

    Now, for the requests:
    – Would it be possible to have logs & runtime use of the filesystem separated from the database and possibly use a RAM filesystem mount so as not to excessively use flash based devices, etc.? This would be a handy configuration option. Perhaps this ties into the above item since a sudden loss of power doesn’t umount the filesystem cleanly?

    – Would it be possible to add SSH as a feature so some users can be allowed remote console access and administration of this be done like everything else via the web interface?

    – Would it be possible to add an additional OpenVPN configuration so ZeroShell could act as the server side in a point to point (roadwarrior) VPN solution (tun or tap based)? Ideally this would support both TLS certificate based authentication as well as username/password based authentication, just like “native” OpenVPN. 🙂

    Thanks again for a great tool!

    #45097

    imported_fulvio
    Participant

    @fedaykin42 wrote:

    – The RADIUS configuration allows an imported certificate be used for the server as well as an imported CA as a trusted CA, but does not provide a way for the imported CA’s CRL to be imported. With this config, the “Check CRL” option cannot be checked as radiusd will fail to initialize. Would it be possible to add support of pulling in more than the local CA’s CRL? This would allow for a “more secure” type setup where the CA is not on the same box and is not networked. Of course, this also means that user management may also be done elsewhere which isn’t exactly the intended use of ZeroShell, but I think you may see how this would be beneficial.

    I know this problem and I am going to solve it with the 1.0.beta4 release
    @fedaykin42 wrote:

    – I’ve noticed that if power is lost to the router/server the database (stored on USB flash disk) will not be recognized at the next boot. I have to restore the
    database from backup. Is there any way this can be adjusted so that power loss does not completely kill the box?

    Very strange because my Internet router is a WRAP board with Zeroshell on CompactFlash and I never do a regular shutdown, but I just disconnect the power. It always worked fine without filesystem corruption. In any case, keep in mind that Zeroshell supports ext3, ext2, reiserFS and fat32 filesystem, but only ext3 and reiserfs have the journaling feature which allow a safe recovery from a crash.
    Is your USB Flash disk formatted with FAT32?

    @fedaykin42 wrote:

    – Would it be possible to have logs & runtime use of the filesystem separated from the database and possibly use a RAM filesystem mount so as not to excessively use flash based devices, etc.? This would be a handy configuration option. Perhaps this ties into the above item since a sudden loss of power doesn’t umount the filesystem cleanly?

    This is a good idea. I will keep it in mind and on the todo list.
    @fedaykin42 wrote:

    – Would it be possible to add SSH as a feature so some users can be allowed remote console access and administration of this be done like everything else via the web interface?

    You just need to type the command
    service sshd start
    and reset your root user password with the passwd command from the console.
    @fedaykin42 wrote:

    – Would it be possible to add an additional OpenVPN configuration so ZeroShell could act as the server side in a point to point (roadwarrior) VPN solution (tun or tap based)? Ideally this would support both TLS certificate based authentication as well as username/password based authentication, just like “native” OpenVPN. 🙂

    Yes, it is possible. I have already planned to do it.

    Regards and thank you for your suggestions
    Fulvio

    #45098

    fedaykin42
    Member

    @fulvio wrote:

    @fedaykin42 wrote:

    – The RADIUS configuration allows an imported certificate be used for the server as well as an imported CA as a trusted CA, but does not provide a way for the imported CA’s CRL to be imported. With this config, the “Check CRL” option cannot be checked as radiusd will fail to initialize. Would it be possible to add support of pulling in more than the local CA’s CRL? This would allow for a “more secure” type setup where the CA is not on the same box and is not networked. Of course, this also means that user management may also be done elsewhere which isn’t exactly the intended use of ZeroShell, but I think you may see how this would be beneficial.

    I know this problem and I am going to solve it with the 1.0.beta4 release

    Excellent! That is great news, thanks!

    @fulvio wrote:

    @fedaykin42 wrote:

    – I’ve noticed that if power is lost to the router/server the database (stored on USB flash disk) will not be recognized at the next boot. I have to restore the
    database from backup. Is there any way this can be adjusted so that power loss does not completely kill the box?

    Very strange because my Internet router is a WRAP board with Zeroshell on CompactFlash and I never do a regular shutdown, but I just disconnect the power. It always worked fine without filesystem corruption. In any case, keep in mind that Zeroshell supports ext3, ext2, reiserFS and fat32 filesystem, but only ext3 and reiserfs have the journaling feature which allow a safe recovery from a crash.
    Is your USB Flash disk formatted with FAT32?

    I thought it was strange as well, but I’ve seen this with both beta1 and beta2. Yes, the USB disk is FAT32. I’m using a spare PC and a 1GB USB flash drive that I use for other things as well, which is why it’s not formatted reiser, ext3, jfs, etc.

    The really odd thing is that after I “create” a new db on the same flash drive, zeroshell then shows the old database as being present. Prior to that the old database would not show up after scanning the drive.

    @fulvio wrote:

    @fedaykin42 wrote:

    – Would it be possible to have logs & runtime use of the filesystem separated from the database and possibly use a RAM filesystem mount so as not to excessively use flash based devices, etc.? This would be a handy configuration option. Perhaps this ties into the above item since a sudden loss of power doesn’t umount the filesystem cleanly?

    This is a good idea. I will keep it in mind and on the todo list.

    Outstanding…thanks!

    @fulvio wrote:

    @fedaykin42 wrote:

    – Would it be possible to add SSH as a feature so some users can be allowed remote console access and administration of this be done like everything else via the web interface?

    You just need to type the command
    service sshd start
    and reset your root user password with the passwd command from the console.

    Ok, but is there a way to store this in the configuration so that each reboot of the box will result in SSH being enable? Or what about a configuration option on the web interface? I’d like to have this device as a headless box that is just accessible via network, so either web interface or SSH.

    @fulvio wrote:

    @fedaykin42 wrote:

    – Would it be possible to add an additional OpenVPN configuration so ZeroShell could act as the server side in a point to point (roadwarrior) VPN solution (tun or tap based)? Ideally this would support both TLS certificate based authentication as well as username/password based authentication, just like “native” OpenVPN. 🙂

    Yes, it is possible. I have already planned to do it.

    Regards and thank you for your suggestions
    Fulvio

    Thanks again for all your work and a great tool. If there’s anything I can do to help out, please let me know.

    Best Regards,
    Larry

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.