Active Directory

zimny · September 26, 2018, 4:00pm

Ok guys,
I will start from all this appreciation to the project.
I’m not fedora user but still open CentOS one.
Scenario:
Over vpn tunnels we have some servers
(In my knowledge I don’t need set special routing bee-twin then because NS soft is doing this for you)
Some of my applications don’t have problems over VPN and some accept just dns names. Miss much even you set proper path to your dns services.
Can’t find nothing valuable on your static routes manual but looks like NS can redirect request by IP but get sometimes confused by dns name
So basically some of the service is available over the tunnel and some can’t resolve the names.
When I got this issues: when I use NS like a back end over VPN for some services .
Any one have this problems?
Maybe we can share logs just to understand what is going on?
I think is not clear what is “trusted network” doing for the NS firewall
Do we need still static routes when we are talking about “Trusted networks”?
Do we have project to build in NS iptables so much more powerful like shorewall ?
Any one have the same issues when connect NS over VPN?

zimny · September 26, 2018, 4:32pm

maybe some proper manual can be discover on this?
trusted networks = ok but what then through the firewall

zimny · September 26, 2018, 4:34pm

even more options - so what is this “trusted networks” do for you if not routing?

mrmarkuz · September 29, 2018, 1:02am

Yes, it may be that you need a static route to the trusted network, i.e. when your VPN host is not your gateway.

http://docs.nethserver.org/en/v7/base_system.html#static-routes

http://docs.nethserver.org/en/v7/base_system.html#trusted-networks

zimny · September 29, 2018, 10:26am

Please give me a break.
Is this manuals any mean for you?
Ok static routes are general in any router distro.
But trusted networks?
In NS docs this is described like “trusted” and kind of almost like your green zone in firewall but actualy this don’t work that way.
Green interface should be routed without any static routs only by default. This is the meaning of LAN/green interface.
I got issue with NS on the logical layer. ICMP is great and no complains. But TCP is not going so smoothly.
Thank you for the links but they are mean anything?

mrmarkuz · September 29, 2018, 10:55am

You need trusted networks if you want to allow other networks (like VPNs not hosted by Nethserver itself) the access to Nethserver services.

You use a static route for example from your Nethserver to your VPN server when your Nethserver is your gateway because it doesn’t know the VPN network but has to route VPN traffic to the VPN server.

So both options are there if you have other networks that Nethserver doesn’t know about but needs to trust or forward in a way.

This topic was also discussed some time ago:

davidep · September 29, 2018, 11:30am

I don’t understand the issue, and how it deals with Active Directory.

This is a good idea. Sometimes a log file helps to understand what’s all about…