Ok. Right now I was filling a bug report. Should I continue or can I leave it?
↧
OpenVPN service not started on NS 7b2
↧
OpenVPN service not started on NS 7b2
Please go ahead and file the issue, it will be referenced in the commit message. Thank you.
EDIT: It seems that @dnutan knows the development cycle better than me. 
↧
↧
OpenVPN service not started on NS 7b2
Thanks for the compliment 
, but really far from that. I barely know how to use github.
↧
OpenVPN service not started on NS 7b2
↧
Lightsquid Nethgui: "Language not found"
It is entirely possible that I changed the hostname and on the first one I did select another language to install. I'm traveling, but next week I'll be doing another similar install and will try to pay attention to exact steps and report back what I find. Thanks.
↧
↧
BID Group One & Business Initiative Directions for Hard & Soft Tecnologia C.A
Hi @dnutan Unfortunately I could not attend the event, had no foreign exchange to make the trip.
↧
Gateway ip not on interfaces ip network problems
Hi @lorentedford,
As @alefattorini said and what the red message show, in the Network address field you must use the CIDR format of the network: 192.99.90.0/24, as example.
Did you try and solved?
BR,
Gabriel
↧
Trying to set up IPsec Tunnel NS->Fritzbox
Okay now i tried the following configs and something happen.
ipsec.conf:
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=%v4:192.168.179.0./24,%v4:192.168.177.0./24
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=
conn Site-to-Site
authby=secret
auto=add
type=tunnel
aggrmode=yes
left= PUBLIC IP ADRESS OF NSSERVER
leftid= FQDN OF NSSERVER
leftnexthop=%defaultroute
leftsourceip=192.168.177.21
leftsubnet=192.168.177.0/24
right=%any
rightsubnet=192.168.179.0/24
rightid= FQDN OF FRITZBOX
ike=aes256-sha1;modp2048
phase2=esp
phase2alg=aes256-sha1;modp2048Fritzbox config:
vpncfg {
connections {
enabled = yes;
conn_type = conntype_lan;
name = "ANYNAME";
always_renew = yes;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = PUBLIC IP OF NSSERVER;
remote_virtualip = 0.0.0.0;
localid {
fqdn = "FQDN OF FRITZBOX";
}
remoteid {
ipaddr = "PUBLIC IP ADRESS OF NSSERVER";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "SECRET KEY";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.179.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.177.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.177.0 255.255.255.0";
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOFAnd the ipsec.log shows this on and on:
Sep 24 11:20:09 NET01 pluto[6327]: packet from 79.235.2.199:500: initial Aggressive Mode message from 79.235.2.199 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Sep 24 11:20:17 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [XAUTH]
Sep 24 11:20:17 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 11:20:17 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [RFC 3947]
Sep 24 11:20:17 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 24 11:20:17 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Sep 24 11:20:17 NET01 pluto[6327]: packet from 79.235.2.199:500: initial Aggressive Mode message from 79.235.2.199 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Sep 24 11:20:37 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [XAUTH]
Sep 24 11:20:37 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 11:20:37 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [RFC 3947]
Sep 24 11:20:37 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 24 11:20:37 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Sep 24 11:20:37 NET01 pluto[6327]: packet from 79.235.2.199:500: initial Aggressive Mode message from 79.235.2.199 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Sep 24 11:20:39 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [XAUTH]
Sep 24 11:20:39 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 11:20:39 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [RFC 3947]
Sep 24 11:20:39 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 24 11:20:39 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Sep 24 11:20:39 NET01 pluto[6327]: packet from 79.235.2.199:500: initial Aggressive Mode message from 79.235.2.199 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Sep 24 11:20:43 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [XAUTH]
Sep 24 11:20:43 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 11:20:43 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [RFC 3947]
Sep 24 11:20:43 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 24 11:20:43 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Sep 24 11:20:43 NET01 pluto[6327]: packet from 79.235.2.199:500: initial Aggressive Mode message from 79.235.2.199 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOW
Sep 24 11:20:51 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [XAUTH]
Sep 24 11:20:51 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 11:20:51 NET01 pluto[6327]: packet from 79.235.2.199:500: received Vendor ID payload [RFC 3947]
Sep 24 11:20:51 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 24 11:20:51 NET01 pluto[6327]: packet from 79.235.2.199:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Sep 24 11:20:51 NET01 pluto[6327]: packet from 79.235.2.199:500: initial Aggressive Mode message from 79.235.2.199 but no (wildcard) connection has been configured with policy PSK+AGGRESSIVE+IKEV1_ALLOWDisabling aggressive mode on both sides gives this:
Sep 24 11:45:48 NET01 pluto[8193]: packet from 79.235.30.110:500: initial Main Mode message received on 192.168.177.6:500 but no connection has been authorized with policy PSK+IKEV1_ALLOW
Sep 24 11:45:52 NET01 pluto[8193]: packet from 79.235.30.110:500: received Vendor ID payload [XAUTH]
Sep 24 11:45:52 NET01 pluto[8193]: packet from 79.235.30.110:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 11:45:52 NET01 pluto[8193]: packet from 79.235.30.110:500: received Vendor ID payload [RFC 3947]
Sep 24 11:45:52 NET01 pluto[8193]: packet from 79.235.30.110:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 24 11:45:52 NET01 pluto[8193]: packet from 79.235.30.110:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Sep 24 11:45:52 NET01 pluto[8193]: packet from 79.235.30.110:500: initial Main Mode message received on 192.168.177.6:500 but no connection has been authorized with policy PSK+IKEV1_ALLOW
Sep 24 11:46:00 NET01 pluto[8193]: packet from 79.235.30.110:500: received Vendor ID payload [XAUTH]
Sep 24 11:46:00 NET01 pluto[8193]: packet from 79.235.30.110:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 11:46:00 NET01 pluto[8193]: packet from 79.235.30.110:500: received Vendor ID payload [RFC 3947]
Sep 24 11:46:00 NET01 pluto[8193]: packet from 79.235.30.110:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 24 11:46:00 NET01 pluto[8193]: packet from 79.235.30.110:500: ignoring unknown Vendor ID payload [a2226fc364500f5634ff77db3b74f41b]
Sep 24 11:46:00 NET01 pluto[8193]: packet from 79.235.30.110:500: initial Main Mode message received on 192.168.177.6:500 but no connection has been authorized with policy PSK+IKEV1_ALLOWWhats wrong?
↧
Backup ERROR Report for data backup
Help how can I fix this problem:
===== Report for data backup =====
Backup started at 2016-09-24 14:22:04
Pre backup scripts status: SUCCESS
Backup script status: ERROR
Extract from log file /var/log/backup-data.log:
2016-09-24 14:22:04 - START - Backup data started
2016-09-24 14:22:15 - STEP - pre-backup-done done
2016-09-24 14:22:15 - ERROR - Backup failed, see /var/log/last-backup.log for details - 5888
2016-09-24 14:22:15 - ERROR - Action backup-data-duplicity failed - 1
Extract from log file /var/log/last-backup.log:
Duplicity 0.6 series is being deprecated:
See http://www.nongnu.org/duplicity/
Reading globbing filelist /tmp/osMw5ja2z_
Another instance is already running with this archive directory
If you are sure that this is the only instance running you may delete
the following lockfile and run the command again :
/var/lib/nethserver/backup/duplicity/eb37decb924aad9b30b46d34585c0c6e/lockfile.lock
how to fix help help
↧
↧
How to enable Digest MD5
So...
I had the opportunity to test another server - Zentyal 2.3, which is an old version and it supports digest-md5. With this server I was able to successfully authenticate with our Avid appliance.
This makes me think that digest-md5 has been discontinued in many distributions like yours. I just want someone to confirm this.
... in meanwhile I've asked Avid support for help and I'm hoping that they can change their appliance in order to use another authentication mechanism.
↧
The stephdl repository is opened
reopened -> http://mirror.de-labrusse.fr/NethServer/
↧
Ns7b2/centos installation problem on N36L N40L N54L
I write this post just to warn owners of these small server before installing the ns7b2
not really an NS7 bug, but a Centos bug with HP N36L,N40L, N54L and some others AMD based server...
it's a bug of the kernel-3.10.0-327.el7.x86_64 shipped with CentOS 7.2.1511 and of course with ns7b2
more info here:
https://bugs.centos.org/view.php?id=9860
https://bugzilla.redhat.com/show_bug.cgi?id=1285235
to recap:
- boot from install dvd/usb
- from the boot menu (I've used Interactive Install) press TAB and add at the end of the line: initcall_blacklist=clocksource_done_booting
press enter and go on with installation
- after reboot press the e key on boot menu, and add afterLANG=en_US.UTF8 the same kernel parameter: initcall_blacklist=clocksource_done_booting
press Ctrl-X to start, go on with normal setup but update the NS/ before reboot... the installation of new kernel will solve the bug.
note: also the kernel-lt-4.4.19-1.el7.elrepo.x86_64 used for nDPI will work without problem
↧
Remembering our origins GNU/Linux
A closed family photo with the great-grandparents (On the right edge are we)
And the whole family is on wikipedia SVG in Wikipedia Commons
While we prepare our school 
↧
↧
The stephdl repository is opened
Thank you!
I just installed and configured without issues F2B for NS7!
↧
Nethserver-fail2ban needs testers
I just installed and configured without issues F2B for NS7 from @stephdl repository!
http://community.nethserver.org/t/the-stephdl-repository-is-opened/903/3
Thank you Stephane!
↧
How to use Shell (basic commands)
Very good, thanks.
↧
The stephdl repository is opened
Hi @stephdl ,
Sorry to bother you but I still learn Linux.
So, how can I do that to receive email notifications?
TIA,
Gabriel
↧
↧
How to enable Digest MD5
I don't have a clue about this, but think what follows may be of use.
RFC 4513: LDAP Authentication Methods and Security Mechanisms (year 2006)
The name/password authentication mechanism (...) protected by TLS replaces the SASL DIGEST-MD5 mechanism as LDAP's mandatory-to-implement password-based authentication mechanism. Implementations are encouraged to continue supporting SASL DIGEST-MD5
RFC 4513: LDAP Authentication Methods and Security Mechanisms (year 2006)
As the SASL-DIGEST-MD5 mechanism is no longer mandatory to implement, this section is now historical
RFC 6331: Moving DIGEST-MD5 to Historic (year 2011)
This memo describes problems with the DIGEST-MD5 Simple Authentication and Security Layer (SASL) mechanism as specified in RFC 2831. It marks DIGEST-MD5 as OBSOLETE in the IANA Registry of SASL mechanisms and moves RFC 2831 to Historic status.
↧
The stephdl repository is opened
probably a bug, my guess
Each day, yum does a checkupdate and tests if some updates are available, then a mail is sent to the defunct 'admin' user. But Here I need to send the email to the root for NS7.
↧
How to enable Digest MD5
@dnutan, thank you for this document.
This documents supports what I've talked to Avid support. Digest-MD5 is deprecated. I asked them for the possibility of the use of another authentication mechanism, like GSSAPI.
I'm hoping they are willing to do this.
Anyway, I appreciate the help I've got here!!
↧