Forum Replies Created
I think that maybe there are some confusion regarding my scenario.
I have ZS installed in a hotel with the captive portal option enabled, and I want that any customer with a Cisco VPN client can connect to his office network from inside the hotel LAN.
So, if you can help me with some test in a similar scenario, I would be very grateful.
For sure is a route issue, and could be changed from the command line, but the point here is that most of our customers couldn’t (because of lack of administrative privileges) and even wouldn`t want to do that job.
Routes are modified by the VPN client when connects to the concentrator.
I am looking for a solution where the customer needs no additional configuration to be done by him and/or by the net admin at the concentrator’s site.
Imagine my frustration when a customer told me that he had to go to a Starbucks nearby in order to be able to connect to his office network because at the hotel was impossible to do it.
I am sure that many of us are using Zeroshell at a hotel-like enviroment, so my question is:
haven’t you challenge this problem with your customers using Cisco (or maybe another) VPN Client?
Do you have any thoughts in mind about modifying the authenticator behavior in order to cope this scenario?
Pinging through VPN tunnel works ok; the reason why the connection is broken relates to the fact that all communication between the authenticator and Zeroshell is sent via the tunnel ( not to the gateway itself ), and after a predefined timeout, Zeroshell thinks the client disconnected from the session, and close the connection actually.
Thanks for your reply
I have found that for Cisco VPN Client, in order to do split-tunneling, 2 requeriments must be fulfilled:
1. Check “Allow Local LAN access” at the client
2. VPN concentrator must be configured to allow local LAN access to clients, and create a list of allowed networks to be accessed locally at the client site. This list is downloaded by the client after the tunnel was established.
In my situation, Zeroshell is installed at a hotel, so usually people using the client software has no administrators rights to change the configuration, and wouldn’t take the time to call to IT support in order to ask them to include his local network in the allowed networks list ( even worse, probably the net admin wouldnÂ´t want to do that )
With the Microsoft VPN Client, access to the local network is allowed by default, so the authenticator can communicate with Zeroshell without problem.
Thanks for your help my friend
I found the answer to my problem.
My VIA Sata controller uses ahci to communicate with my Samsung 80GB SATA disk, but the ahci.ko driver was not in the lib/sata/chipsets directory of /boot/initrd.gz.
So, I copy it there from /cdrom/modules/126.96.36.199/kernel/drivers/ata, and all was ok.
Thanks a lot for your help.
Thanks Fulvio for your reply.
I haved tested my Zeroshell SATA disk with another motherboard and booted fine!
The motherboard is a PCChips M955G with a VIA SATA controller, so It could be a problem with the sata driver used.
Maybe the sata_nv.ko or the ahci.ko drivers ( I think that the last nVidia chipsets are using AHCI) have some bug.
I´ll try to contact to the driver’s mantainer ( Jeff Garzik http://linux-ata.org/ ) regarding this.
Thanks againJuly 21, 2008 at 7:10 pm in reply to: Administration Hangs!! — Input/output Error in commands #46667
I have the same problem when I use the vmware distribution in my laptop…I thought that was because I put it to hybernate and something went wrong because of that.
I´ve been working towards control the time spend by an user in a connection and also to give end user some time feedback.
It is a little difficult to explain easily how I have accomplished this ( I expect to explain soon ), but in short words:
The Authenticator window sends periodically a https request. In Zeroshell, a script is launched every each time and update the access time of a predefined file.
There´s a script that runs continuously and check every 1 – 5 minutes whether the access time of that file was updated;if not,calls a script that ends the connection.
So, what I have done is:
1. Modify the Add User page in order to add the Connection Time field and, when submitted, calls a shell script of my own, and then calls the original kerbynet cgi script.
2. My script creates a cron job ( first I had to install the cron and crontab binaries in zeroshell ) that will launch another script when the connection should time out.
3. This script will create a flag file
4. Then I modified the authenticator page, so each time is called, checks for this flag file; if it exists, close the connection.
Besides this, I have modified other scripts and created some new for tracking connections for accounting.
I have also modified the authenticator script in order to give the end user time feedback.
This is a very brief description of what I have done up to date, meanwhile Fulvio give us a more ideal solution to our requeriments.
Thanks again Fulvio for this great code!
Thank you a lot Fulvio.
Keep enhancing Zeroshell!