In case anyone else hits this, I moved the faulty daily.cvd out of the way. After a bit, a new one was picked up and the problem has now gone away.
↧
ClamAV/Freshclam problem
↧
NethServer 8: planning an evolution
I hope yes it still makes sense, the market seems not saturated if we look after a server with a server-manager. Univention, clearOS, SME Server.
For SME I would say yes…Protect the network, run email, web, applications. When you play in the ground of big company with a lot of sysadmin, of course ansible, one server/container per task in the cloud is the way. But NS must be compatible in the cloud and in the real hardware/virtualisation.
I worry for the technical debt, release when it is ready and you see your users go away. So yes a move to another upstream or follow Centos.
Obviously you make me really interested, I look after container after years of doubt and fear and now I saw the opportunity that we have. If you speak of the lack of SCl, probably it is the cause, we could run any version of a software in a container.
Nevertheless I try the container way because we have reached the limit of software version of Centos7, indeed even with 4 years of EOL, as a POV of developer it began difficult to install modern applications
Really important yes, a centralised node for any remote users, protect the network.
I think you missed another point, about financial, how to bring more money to the development of NethServer 8, actually all is supported by nethesis and not by the NethServer community. I never read about Proxmox and their doubt about follow the next Debian version, maybe because the community and the professionals pay the development.
↧
↧
NethServer 8: planning an evolution
I do not have ns7 running for now - only test vm.
I periodically checking whats new.
Yes, all in one server - I dislike docker and others
My small word:
Tls v13 missing very much
Http/2…3
Redis
I think, ns need new base os for new technology.
Is it transferring to the Debian buster possible?
↧
Cannot resolve maps.rspamd.com
Am I wrong or unbound is not used by NethServer?
↧
Cannot resolve maps.rspamd.com
[root@prometheus ~]# systemctl status unbound
● unbound.service - Unbound recursive Domain Name Server
Loaded: loaded (/usr/lib/systemd/system/unbound.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-05-23 15:59:07 CEST; 3 days ago
Main PID: 451 (unbound)
CGroup: /system.slice/unbound.service
└─451 /usr/sbin/unbound -d
May 23 15:59:06 prometheus.de-labrusse.fr systemd[1]: Starting Unbound recursive Domain Name Server...
May 23 15:59:06 prometheus.de-labrusse.fr unbound-checkconf[434]: unbound-checkconf: no errors in /etc/unbound/unbound.conf
May 23 15:59:07 prometheus.de-labrusse.fr systemd[1]: Started Unbound recursive Domain Name Server.
May 23 15:59:07 prometheus.de-labrusse.fr unbound[451]: [451:0] notice: init module 0: subnet
May 23 15:59:07 prometheus.de-labrusse.fr unbound[451]: [451:0] notice: init module 1: validator
May 23 15:59:07 prometheus.de-labrusse.fr unbound[451]: [451:0] notice: init module 2: iterator
May 23 15:59:07 prometheus.de-labrusse.fr unbound[451]: [451:0] info: start of service (unbound 1.6.6).
yes running on 10053 for rspamd
↧
↧
Zabbix and monitor additional service
hi,
i’m tring to monitor a tomcat service running on a nethserver 7.8.2003 with zabbix.
i have created a template with simple service check net.tcp.port[,18080] but on nethserver the check fail.
the same check on a centos 7.8.2003 pass with no problem.
what is blocking che check?
the service is active and running
ty
↧
Prerequisite for join domain
Reporting my (non-) progress here, in the hope tha @support could reach me and share some insight about how shorewall access prohipition could be debugged.
-
IPSec VPN did not work, probably because there already is a IPSec VPN enabled between the two sites on their respective routers and I suspect a ipsec within an ipsec is not possible.
-
OpenVPN creation seems straight forward but on the client site the service is enabled but the tunnel is not created error log shows broken pipe…
So my solution will be remove everything on the pdc node that requires a second nic and only have domain controller running on it. Thanks for the Talk with you Andy 
↧
Cannot resolve maps.rspamd.com
So NethServer installs dnsmasq (as default), bind (as option), and unbound (as dependency of rspamd).
DNS overhauling?
↧
NethServer 8: planning an evolution
Is 1.3 that important? TLS 1.2 is still there, and is still considered secure (even by PCI’s standards).
Redis is there. It may not be part of the base distribution, but it’s there at least if you install Nextcloud.
↧
↧
Cannot start/enable openvpn@host-to-net dns.service_action_error
Hi, well, as openvpn.log says, my problem was:
tail -f /var/log/openvpn/openvpn.log
Options error: --server-bridge IP addresses 10.5.6.220 and 172.16.45.100 are not in the same 255.255.255.0 subnet
I changed from bridged to routed, and now the service is running.
Now I do have a different problem. From a client connected to my Nethserver’s OpenVPN, I cannot reach VPN network neither the remote network. If I try to ping the OpenVPN interface from my client, it says “Request time out”.
If I do a route print in the client, I see that those 2 networks (OpenVPN and remote office) has an entry in that table:
Rutas activas:
Destino de red Máscara de red Puerta de enlace Interfaz Métrica
0.0.0.0 0.0.0.0 192.168.250.200 192.168.250.107 55
10.5.6.0 255.255.255.0 172.16.45.1 172.16.45.2 291
127.0.0.0 255.0.0.0 En vínculo 127.0.0.1 331
127.0.0.1 255.255.255.255 En vínculo 127.0.0.1 331
127.255.255.255 255.255.255.255 En vínculo 127.0.0.1 331
172.16.45.0 255.255.255.0 En vínculo 172.16.45.2 291
172.16.45.2 255.255.255.255 En vínculo 172.16.45.2 291
172.16.45.255 255.255.255.255 En vínculo 172.16.45.2 291
192.168.56.0 255.255.255.0 En vínculo 192.168.56.1 281
192.168.56.1 255.255.255.255 En vínculo 192.168.56.1 281
192.168.56.255 255.255.255.255 En vínculo 192.168.56.1 281
192.168.250.0 255.255.255.0 En vínculo 192.168.250.107 311
192.168.250.107 255.255.255.255 En vínculo 192.168.250.107 311
192.168.250.255 255.255.255.255 En vínculo 192.168.250.107 311
224.0.0.0 240.0.0.0 En vínculo 127.0.0.1 331
224.0.0.0 240.0.0.0 En vínculo 192.168.56.1 281
224.0.0.0 240.0.0.0 En vínculo 192.168.250.107 311
224.0.0.0 240.0.0.0 En vínculo 172.16.45.2 291
255.255.255.255 255.255.255.255 En vínculo 127.0.0.1 331
255.255.255.255 255.255.255.255 En vínculo 192.168.56.1 281
255.255.255.255 255.255.255.255 En vínculo 192.168.250.107 311
255.255.255.255 255.255.255.255 En vínculo 172.16.45.2 291
Rutas persistentes:
Ninguno
So, to reach the remote network, it should go via 172.16.45.1 (Nethserver OpenVPN interface), but it doesn’t.
Probably to solve the problem, I should add an entry in iptables allowing access from that network to anywhere I want. But shouldn’t this be automatic? Or am I missing something?
Thank you!
↧
Cannot start/enable openvpn@host-to-net dns.service_action_error
I should say that I have this allowed:
Traffic between OpenVPN roadwarrior, OpenVPN tunnels and IPSec tunnels
And the output of my iptables regarding of the vpn network:
iptables -vnL | grep 172.16.45
0 0 loc_frwd all – * * 172.16.45.0/24 0.0.0.0/0
0 0 net2loc all – * br0 0.0.0.0/0 172.16.45.0/24
0 0 loc2fw all – * * 172.16.45.0/24 0.0.0.0/0
0 0 ACCEPT all – * br0 0.0.0.0/0 172.16.45.0/24
↧
NethServer 8: planning an evolution
A new version each two years, with a lot of breaking changes, it is a kind of challenges, even if I like this distro
↧
Cannot resolve maps.rspamd.com
Unbound is there for caching dns request, in fact rspamd does a lot
↧
↧
Restic encryption password
Hi Thomas, and welcome to the NS community ! I believe that it is a generated password, at least it’s the case for all NS services I know.
↧
Cannot accept OpenVPN-Client config: validation.missing_wanpriority_rules
The but seems to be, that the rules are not unselectable.
Originally I had only one WAN, than I added another, and in the OpenVPN-Client settings only one of two interfaces were filled out and the “special WAN providers priority order” was checked. I was not able to uncheck it. When I have both interfaces filled out, I can accept the changes.
However, it should be possible to undcheck the check box.
↧
NethServer 8: planning an evolution
Just my input but this is why I started purchasing subscriptions for my business deployments were these two points & added security. I have almost entirely replaced all of my existing Zentyal deployments because of things like @stephdl fail2ban, 2fa and soon to be threat shield. I cannot emphasize enough how much of an attractive item these additions are that can be consistently deployed & monitored at the GUI level and is something I would pay for.
↧
Backup cockpit missing
↧
↧
How to set different schedules and number of versions to keep for file share backup
Hello @mrmarkuz,
I’ve been testing backups using includes files for each backup I’ve created. I have two that I’m testing out. Here are the details:
- My Nethserver is version 7.8.2003 (fully updated today)
- I’ve created two shared folders on my Nethserver. Shared Folder “Accounting” and Shared Folder “DB BKUP”
- I’ve created two backup schedules on Nethserver Backup both going to the same S3 bucket for each shared folder. Accounting backup starts at Midnight and DB BKUP starts at 3am. Both backups run daily.
- My Accounting backup scheduled job runs without errors each day.
- My DB BKUP backup scheduled job fails with the following error:
Backup: DB BKUP
Backup started at 2020-05-27 3:00:00
Pre backup scripts status: SUCCESS
Fatal: create key in repository at s3:s3.symm.cloud/files failed: repository master key and config already initializedFatal: wrong password or no key found
Backup failed
Action ‘backup-data-restic DB BKUP’: FAIL
Backup status: FAIL
Like I mentioned above my Accounting backup goes to the same S3 bucket and has no Fatal Errors. I’ve walked through my configuration setup of the DB BKUP job and confirmed through the Test connection that I can successfully connect to my S3 bucket using the S3 Access Key and S3 Server Key with no problems.
Do you have any insight on where else I can look for the reason why the Nethserver Backup task for my DB BKUP fails with “wrong password or no key found”?
Is the problem that I can’t send two backup jobs to the same S3 bucket?
Thank you.
↧
Outbound ping or traceroute not working
By Default this works.
Green -> Firewall->net ping and traceroute service ,direction outbound.
I am try to lock down the firewall from default allow all green outbound.
I changed default policy from allow to not allow [drop]
I add all types of icmp outbound but ping and traceroute not working.
If I create a rule ,Green all services outbound ,ping and traceroute works.
What am I missing here.
Thanks for your assistance.
For users who want more information : default policy adjusted and rules added for outbound.
The reason for this ,I have some devices who need to be ping and traceroute from my Green for troubleshooting and also do not want to open all 65535 ports outbound.So I limited.
Please let me know if more information is needed.
↧
Nextcloud Talk 9 - Grid view, file editing, open sources Talk back-end?
It got bumped to release 2 days ago (Nextcloud Talk) and Nextcloud 19 is still in beta (v7 i think) so I’d still expect there to be release candidate(s) to test then full release; best guesstimate for NS release late June to mid July.
↧