jeremy.haynes

Forum Replies Created

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • in reply to: Using Zeroshell on VMware ESX Server. #47223

    You use the CD ISO to boot, not the hard drive, unless you have set it up to boot from the hard drive (which is a bit more complicated than just installing). Otherwise, you boot from the ISO. Then use the web based GUI to create a DB on the VM’s hard disk, and that’s were the configuration (rules, etc) gets stored

    @unsichtbare wrote:

    I would like to use Zeroshell on an ESX Server but am presently having some difficulty as the ESX supports onlySCSI drives.
    I am using the ISO image, but when I create the database on a virtual disk, it will not boot.

    Any suggestions?

    -J

    in reply to: New release #47000

    Ok very bizzarre. I run ZS in a vmware environment. I removed the external NIC from the VM config, run ZS beta11, and remove the eth01 hardware. Shutdown ZS, and add the VM Nic, and restart beta 11 and now everything is fine…

    Anyway…it’s working.

    Thanks

    @jeremy.haynes wrote:

    Fulvio,

    Thanks for the great product. I really like this fw and recommend it to everyone. I am having a problem with the new version though. I put in the beta11 CD and it runs fine, but ETH01 (which is set to DHCP) doesn’t get an IP address. This is what I see when I disabled and enabled the interface from the console

    /root/kerbynet.cgi/scripts/set_dhclient: line 28: 5101 Aborted

    when it put in the beta9 CD back in, no problem, I get an IP address and everything is fine.

    Any ideas?

    Thanks again!

    @fulvio wrote:

    The new Zeroshell release 1.0.beta11 is available. The main new feature is the Net Balancer that allows to obtain the Load Balancing and Failover of the Internet links such as xDSL and UMTS/HSDPA ones.
    The VPN bonding has been improved to allow to increase the bandwidth and stability of Layer 2 links between remote sites.
    The 3G Mobile modems are now supported to make Zeroshell to act as UMTS and HSDPA router.
    An issue regarding the stability of the web proxy with antivirus has been solved and the overall stability of the system improved.

    Regards
    Fulvio

    in reply to: New release #46999

    Fulvio,

    Thanks for the great product. I really like this fw and recommend it to everyone. I am having a problem with the new version though. I put in the beta11 CD and it runs fine, but ETH01 (which is set to DHCP) doesn’t get an IP address. This is what I see when I disabled and enabled the interface from the console

    /root/kerbynet.cgi/scripts/set_dhclient: line 28: 5101 Aborted

    when it put in the beta9 CD back in, no problem, I get an IP address and everything is fine.

    Any ideas?

    Thanks again!

    @fulvio wrote:

    The new Zeroshell release 1.0.beta11 is available. The main new feature is the Net Balancer that allows to obtain the Load Balancing and Failover of the Internet links such as xDSL and UMTS/HSDPA ones.
    The VPN bonding has been improved to allow to increase the bandwidth and stability of Layer 2 links between remote sites.
    The 3G Mobile modems are now supported to make Zeroshell to act as UMTS and HSDPA router.
    An issue regarding the stability of the web proxy with antivirus has been solved and the overall stability of the system improved.

    Regards
    Fulvio

    in reply to: Zeroshell and ESXi #46910

    Ok for anyone interested I figured it out.

    In the vSwitch don’t have a vKernel, and reboot your ISP modem. Then anything connected to that vSwitch will get an external IP.

    Zeroshell is blazing fast now that it’s in a QuadCore ESX environment.

    Thanks Flavio!!!

    @jeremy.haynes wrote:

    Ok since no one has weighed in on this one. Does anyone use a Zeroshell VM Virtual machine as their firewall?…not just a router?

    thanks

    @jeremy.haynes wrote:

    Hi,

    I am curious if anyone has zeroshell installed under ESXi with 1 Physical NIC to their ISP modem and 1 Physical NIC to their internal network?

    When I set up the VMKernel for the External NIC and say that it’s DHCP it nevers picks up an IP address, but the default route is greyed out and pointing to the gateway of the Internal NIC.

    Has anyone overcome that?

    thanks

    in reply to: Zeroshell and ESXi #46909

    Ok since no one has weighed in on this one. Does anyone use a Zeroshell VM Virtual machine as their firewall?…not just a router?

    thanks

    @jeremy.haynes wrote:

    Hi,

    I am curious if anyone has zeroshell installed under ESXi with 1 Physical NIC to their ISP modem and 1 Physical NIC to their internal network?

    When I set up the VMKernel for the External NIC and say that it’s DHCP it nevers picks up an IP address, but the default route is greyed out and pointing to the gateway of the Internal NIC.

    Has anyone overcome that?

    thanks

    in reply to: port forwarding #46768

    Use the “Virtual Server” option in the Router section.

    in reply to: ALIX image problem #46614

    Problem fixed using this topic

    http://www.zeroshell.net/eng/forum/viewtopic.php?t=514&highlight=grub

    I was using the wrong device. In Windows it’s pretty cryptic.

    @jeremy.haynes wrote:

    Hi,

    I have tried 2 different sized CF cards, with 2 different CF reader/writers and I still just get GRUB when I boot the ALIX board. Has anyone tried using Vista to write the image with dd for windows? I don’t get any errors when I use it so I assume it writes the image ok.

    Any ideas what might be the cause?

    thanks

    in reply to: ALIX embedded device for network appliances #46035

    Fulvio,

    Was there anything special you did to connect to the Alix board? I just got the ALIX.2C3 and bought a NULL modem cable (cross wired) like they say and can’t connect to the console.

    If you could help that would be awesome.

    thanks

    @fulvio wrote:

    The ALIX.2C2 http://www.pcengines.ch/alix2c2.htm with 256MB of RAM, AMD Geode LX CPU 500MHz processor and MiniPCI expansion slots has been tested to work fine with the WRAP CompactFlash image of Zeroshell. I have been impressed by the better performance of this embedded platform for network appliances.

    Regards
    Fulvio

    After you connect, can you open a command prompt and do an ipconfig and post your results?

    @xingshou wrote:

    After removing all the items in “Client IP Address Assignment” section and setting up DHCP, my VPN client is sending all the traffic to VPN gateway.

    I want to avoid all the traffice from being sent to the VPN gateway regardless of their destination. Therefore I hope ZeroShell improve this problem so that we can determine whether the VPN gateway is to be used as a default gateway in client-side or not.

    Sungsoo Kim

    Installed this today…worked like a charm right off the bat. Changed the “naughtyness” level to 50 as I have small kids.

    Gotta say…another great addition to an already superb production. Thanks Fulvio!!!!

    @fulvio wrote:

    You can change the configuration of DansGuardian by editing the files placed in /etc/dansguardian that is a symbolic link to a database area permanently stored. To force DansGuardian to restart and reread the configuration you can run the script /root/kerbynet.cgi/proxy_bg. Use the command

    ps -ef

    to check when the havp and dansguardian daemons have actually started.

    Regards
    Fulvio

    in reply to: Default route through local GW instead of through VPN GW #46358

    Easiest way is to remove everything from the Client Ip Address Assignment in the VPN section. Then create a DHCP scope for the VPN subnet, and leave the Default Gateway blank. You will need to add a route in the OpenVPN config file that looks like this.

    route 192.168.50.0 255.255.255.0 192.168.250.254 1

    so that the OpenVPN client will know how to get to the ZeroShell network…and everything else will go out the default gateway assigned to the workstation (or whatever is using the OpenVPN client).

    Hope that helps.

    @bluefrog wrote:

    Hi,

    This may be a question that belongs on the OpenVPN user groups, but I figure I’ll try it here first.
    I’m new to Zeroshell as of about three days ago and just got my first OpenVPN connection working to an zeroshell installation! I’m ecstatic!

    This is what I’m trying to accomplish.
    Route traffic for the “office” network to the office through the VPN and route all traffic bound for another network through the local gateway. I see no purpose in sending users’ P2P traffic or http traffic through our limited office connection.

    I hope this is an easy answser that has been addressed many times. I haven’t been able to find anything on it.

    Cliff

    Here’s the routing table I get when I connect to the VPN.

    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.250.254 192.168.250.1 1
    70.90.x.x 255.255.255.255 192.168.24.1 192.168.24.100 1
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.24.0 255.255.255.0 192.168.24.100 192.168.24.100 25
    192.168.24.100 255.255.255.255 127.0.0.1 127.0.0.1 25
    192.168.24.255 255.255.255.255 192.168.24.100 192.168.24.100 25
    192.168.250.0 255.255.255.0 192.168.250.1 192.168.250.1 30
    192.168.250.1 255.255.255.255 127.0.0.1 127.0.0.1 30
    192.168.250.255 255.255.255.255 192.168.250.1 192.168.250.1 30
    224.0.0.0 240.0.0.0 192.168.24.100 192.168.24.100 25
    224.0.0.0 240.0.0.0 192.168.250.1 192.168.250.1 30
    255.255.255.255 255.255.255.255 192.168.24.100 192.168.24.100 1
    255.255.255.255 255.255.255.255 192.168.250.1 2 1
    255.255.255.255 255.255.255.255 192.168.250.1 192.168.250.1 1
    Default Gateway: 192.168.250.254
    ===========================================================================
    Persistent Routes:
    None

    in reply to: can some one help me with virtual servers #46196

    If you point your browswer at http://192.168.0.1:8080 does that redirect you to your webserver?

    @charliechaklam wrote:

    hi,

    i have ppoe connected to interface eth00 and switch conected to eth02 and i am hosting a page on 192.168.0.92 on port 80 in the internal network with is on eth02. so i went in vir. serv. and configure 8080 to go to 192.168.0.92:80 but it does not work , i cant figure it out i have given up so some assistace would be golden, below is the network info.

    Nat view
    Chain PREROUTING (policy ACCEPT 13043 packets, 723K bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT tcp — ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:192.168.0.92:80
    0 0 DNAT tcp — ETH02 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:192.168.0.92:80

    Chain POSTROUTING (policy ACCEPT 767 packets, 95694 bytes)
    pkts bytes target prot opt in out source destination
    12967 745K SNATVS all — * * 0.0.0.0/0 0.0.0.0/0
    12200 650K MASQUERADE all — * ppp0 0.0.0.0/0 0.0.0.0/0

    Chain SNATVS (1 references)
    pkts bytes target prot opt in out source destination

    Info from network page
    PPP0 Connected inet addr:64.86.xxx.112 P-t-P:206.xxx.48.10 (Modem: ETH00)
    Velcom Internet

    ETH02 100Mb/s Full Duplex
    Intel Corporation 82557/8/9 Ethernet Pro 100 (rev 02) UP

    192.168.0.1 255.255.255.0

    Thank you

    in reply to: Certificate Question #46211

    Ok, got it working. This is what I had to do:

    Export the Trusted CA cert, and use that as the CA.pem in the OpenVPN configuration file.
    Exported the CA cert (in the X509 section) and used that as the client/key.pem in the OpenVPN configuration file

    @jeremy.haynes wrote:

    I am relatively new to Certificates so I’m hoping that someone can help me.

    This is what I have done so far:

    Generated an X509 Certificate (host cert)
    Exported that certificate
    Add this certificate to the Trusted CA’s
    Checked it off in the OpenVPN X509 Authentication Window
    Authentication set to X509 Certificate + Password
    Copied said .pem file into OpenVPN config folder
    Edited .ovpn file to point to .pem file
    Try to login and get this error in the OpenVPN logfile

    Mon Mar 10 21:20:24 2008 us=811976 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=IT/O=Zeroshell.net/OU=Example/CN=Haynes_CA/emailAddress=xxx@xxxx (removed this for posting)
    Mon Mar 10 21:20:24 2008 us=812104 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

    Does anyone have any suggestions on what might cause this?

    thanks for your time.

    I am getting the same error in Beta 8. Anyone have any ideas?

    thanks

    @theheroofcanton wrote:

    Here is part of my log file indicating the error I keep getting.

    07:43:48 Re-using SSL/TLS context
    07:43:48 LZO compression initialized
    07:43:48 TCP connection established with 172.16.1.184:4028
    07:43:48 TCPv4_SERVER link local: [undef]
    07:43:48 TCPv4_SERVER link remote: 172.16.1.184:4028
    07:43:48 172.16.1.184:4028 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
    07:43:48 172.16.1.184:4028 TLS Error: TLS object -> incoming plaintext read error
    07:43:48 172.16.1.184:4028 TLS Error: TLS handshake failed
    07:43:48 172.16.1.184:4028 Fatal TLS error (check_tls_errors_co), restarting

Viewing 14 posts - 1 through 14 (of 14 total)