Forum Replies Created
I’m also interested in ZeroShell to use the hardware encryption support of the Geode LX CPU for OpenVPN.
But I can’t find any evidence for it and the throughput in OpenVPN L2L configuration is poor. I’m using ZeroShell 3.7.1 on Alix 2D13 system.
As I understood, the encryption of OpenVPN bases on OpenSSL. Here is the output of “openssl engine -t -c”:
(dynamic) Dynamic engine loading support
[ unavailable ]
When OpenSSL could use the hardware acceleration, output should be like:
(cryptodev) BSD cryptodev engine
[RSA, DSA, DH, AES-128-CBC]
[ available ]
(dynamic) Dynamic engine loading support
[ unavailable ]
Is there a way to get the hardware acceleration working?
Sorry, I don’t understand. What do you mean with “push”?
Since about a month I’m running the ZeroShell 3.5.0 now without crashes (uptime is now about 28 days). I’m still not sure why ZS 3.2.1 was stable on my PC and later versions crashed frequently.
My problem while debugging the crashes was that they occurred randomly. It was no option to sit in front of a monitor waiting for a possible crash related output because there were no crashes when I waited for them in front of the monitor…
Since I assumed from the beginning that the reboots were caused by crashes (as you know in Linux kernel they are called ‘kernel panics’) I read a lot about debugging those kernel panics.
I still found no way to catch the panic output and I also found no way to activate a crash kernel like on an Ubuntu system, which handles the panic outputs of the kernel and writes them to the log files.
So I had another idea. I installed ZS to HDD and switched the console output from VGA to serial interface. Then I connected the serial port of my router with a null modem cable to a second PC running a terminal session. So I was able to write all of ZS console outputs to a file and finally I could catch the kernel panic output.
The kernel panics were caused by MCEs (machine check exception). I googled a lot and learned that MCEs are usually caused by hardware malfunctions. So I ran a lot of tests on the routers’ hardware without any errors.
Then (after I googled even more) I found the hint, the MCEs also can occur because of bugs in the Intel processors firmware called ‘microcode’. One way to update this Intel microcode is upgrading the BIOS and I really found a newer BIOS version for the routers’ main board containing a newer version of the microcode.
After updating the BIOS the router runs stable with ZS 3.5.0 and the frequent crashes are gone.
I now tried the latest version 3.5.0, but still the same behavior. ZS reboots every 2-16 hours.
Since a few days I again try to debug the crashes with the help of log files and all I can find on the issue on google. It looks that in the moment of the crash the kernel can’t do anything more but reboot. No entries in log files, no crash dumps, no messages or any data on SSH connection (for example dmesg outputs).
SSH connections are not closed by ZS in the moment of crash. When I try to use the SSH terminal after the crash it seems to be still connected, and it comes with the message “pipe broken”.
I have some experience with linux systems. I never encountered a behavior like this before. Crashes of Linux are very rare and I never encountered a crash without any hints in log files or on the screen just like pushing the reset button. If I had to guess I would assume a hardware failure of the PC. But when I boot the system again with the 3.2.1 version, everythings is perfect again.
For my needs, ZS is best router distribution available (thank you Fulvio for your work). I also want to benefit from secrity issue fixes so I would be really glad if someone could help me with this.
What I see looks right and should work. I can’t test your configuration, but I also don’t think there is a bug.
I understand that your eth1 interface has two local IP addresses, one is 126.96.36.199 and the second is 188.8.131.52.
If it shows you the ZS webinterface on 184.108.40.206 you should remove ETH1 or the subnet 220.127.116.11/xx from the “SETUP” ->”WEB” otherwise ZS web server for the webinterface answers the request on port 80.May 4, 2016 at 12:26 pm in reply to: Confused on how to setup WAN interface as a gateway #54137
I’m not sure how ZeroShell behaves as DHCP client on the WAN interface.
But where is the problem to configure the WAN interface with fixed IPs? I would prefer fixed IPs.
This way you would set the default gateway address by pressing the button “gateway” on “SETUP”->”Network”.
Depending on the configuration of your WAN, it might be necessary to activate NAT for the WAN interface by pressing the button “NAT” and then adding the WAN interface.
Unfortunately, I still have no solution.
Can anyone help me?
is this feature available?
If yes, what version was it implemented first and is neccessary to configure something to make it work?
Does anyone have an idea about this problem? Or any experience with the performance of zs, especially using pppoe?
It would also help to get a few hints how to find the bottleneck.
The download rate of my zs is the only problem I have with it. In my opinion zs is the best router distribution availabe for free.July 17, 2013 at 10:18 am in reply to: Old PC does not detect the internet cable only with Zeroshel #52795
If you want help, you should give a few more details.
What does it mean “does not recognise the ethernet cable”? Is the ethernet interface link down? Do you have no connection to the router? What are the network settings of your “old PC”? What OS does it run……
From time to time (maybe every 2-4 hours) I recognize the same behaviour on my lan.
Sometimes it takes quite a long time (more than 10s) until a webpage shows up, sometimes I get the “page not found”. In this case from time to time webpage shows up after a reload, but usually not, then I need to wait a few minutes.
I never found out what causes this problem, I also couldn’t make sure if it is caused by the router (zs) or not.
When I check the network, zs router and internet connection, everything looks perfect, I just can’t open webpages. Connections that were already established, e.g. skype or vpn, still work.
As far as I remember I changed adress of dns server and it looks like it got better but still happens from time to time.
When I have a look to the logs in the time of failure, it looks like there isn’t even a new request to zs. But why should different browsers on different PCs have the same problem all at the same time?June 28, 2013 at 7:35 am in reply to: VPN Bounding, Server will not give Internet Connection #52779
It’s really a huge post. I hope I understood your idea and configuration.
You are able to ping the server, so it looks like your connection between zs client and server is ok.
If you don’t get internet connection you should first check if the default gateway of your zs client points to the server adress, so zs client knows where to send the tcp packets adressed to the internet.
Second thing you need to check is that on the server the packets received from the internet can be sent back to your clients. You can achive this by NAT on the bond interface (server) or by a static route on the server that routes the 192.168.0.0/24 of your clients back to zs client.
If the internet connection still does not work, you can check the connection log, firewall log on zs client and server to find out where the packets of your clients get lost.
You can also use tracert on Windows command line to check the route your internet packets are sent to. This also helps to figure out where packets get lost on their way to the internet.
I have the same problem. My line speed is 10 mbps.
When I use my old fritzbox router, the download rate matches the line speed,
with ZS the download rate is 5-6 mbps.
My ZS is running on an AMD E4200+ (2×2.2GHz). The cpu usage is about 2%. Both network interfaces are 100mps.
I think the hardware I use is able to handle much higher speeds. I already checked the settings and can’t find an explanation.
What can I do to find the cause?