I got a job in a supermarket to do technological miracles for them, the previous outsourcing made a disaster from network cabling, servers, router (for home).
nothing is licensed, everything is cracked, even the windows server itself.
I need your advice according to your requirements. they have a ml350 gen8 to mount the firewall since in the other they have the windows server without any service.
Your ISP provider gives you a connection through an external ubiquiti antenna and this delivery is a private IP 192.168.50.10, they have internet but no public IP, they cannot use dyndns since apparently they have it blocked by the ISP.
they use anydesk without problems. I imagine that I can use an openvpn or wireguard to connect without a public ip
It depends. You should make a listing of what the new server should be able to do. What are the business requirements. I guess the Ubiquity requires a LOS and thus is not very reliable? And is the ISP the real ISP or a local IT company with several transmitters providing internet to clients?
What I will do is establish the entire network in a domain or the same workgroup that is not there and there are problems since the technician who is there has shared resources with different workgroups.
I will disable the router as a dhcp server and the firewall will have it.
I have to see how to adapt the local upnp services in nethserver.
It is an ISP provider, but it happens that they use the bad practice of holding the client captive indicating that they must change the plan to have a public IP among others. I tell the owner. that the internet service must come open and with a public IP. but they do not believe me and they believe more those who deceive them.
So I was planning to use vpn to let them enter your network from outside.
They want an additional hotspot and I was documenting how to implement it with local icaro nethserver
If Windows server is properly configured (I doubt it) NethServer cannot completely fill its shoes. It can do a lot of useful and things, but it’s not a full drop-in replacement.
AFAIK, without external VPS as concentrator, no public IP, no OpenVPN (as service provided). NethServer can connect to external, but cannot be reached.
Tough spot being in charge for making things works but not being believed.
In Italy several ISPs don’t provide public ip address for specific plan, and provide only static IPs for business plans, so not having public ip is not that new to me (for instance, standard mobile/4G/5G plans do not have public IP).
Maybe the provider is not lying about it, but with more RED interfaces you can add a connection sideline the current one only for providing OpenVPN.
If Linux Server is properly configured (possible!), Windows Server cannot completely fill its shoes. It can do a lot of useful and things, but it’s by FAR not a full drop-in replacement…
What it CAN do better than Linux is distribute Malware and Viruses, as any Windows is much easier to compromise than Linux (as stated above - properly configured!).
No matter what it does, Windows Server comes with MUCH higher licensing costs than Linux.
An exception may be installing a SAP system (popular in Europe, not to my taste…), this entails almost the same costs, only marginally lower…
I would strongly like to correct this!
OpenVPN works rock solid with a public IP (Static IP not needed, but something like a DynDNS dns-name (or the free DuckDNS) on the server side - any client can connect. CGNAT will NOT work for the server side!
In Switzerland most Smartphone plans have NO real IP, but use CGNAT…
Yet it works here, as well as in several countries where I have implemented it.
CGNAT (Carrier Grade NAT) is often recognized by them using a 10.x.x.x IP adress, part of the Private-IPs set aside for private use in the RFCs. Very often used for Mobile connections in most countries / plans!
Thanks for your answers, today I will go to where the client is and I will test the connection, when I told you that the server does not have any service configured, it is because of the same client and additionally it is hacked and every effort I make to mount an active directory , dhcp, dns, gpo among others will be in vain.
The previous technician has poisoned their minds with absurd things that according to him have worked for them and I have stressed that it is not what should be.
Can help, I’ve had cases like a client with business plan move (to a new site / building). That worked - at first.
2 weeks after moving, the provider modem died.
The replacement worked - for another two weeks…
Internet would see DSL, but could not connect.
A technician spent 3 hours on site, until he found out that the providers back office, instead of correctly changing the address, had deleted the clients account by mistake…
He did use a few strong depletives on the phone to his colleagues…
Sh*t happens - no one needs it…
It’s been running stable since then, now 4 Months ago…
I always educate my clients on what they have, what should be done and how my work turned out.
With this client who is outside my area, it has been difficult for me in the sense of gasoline, which is a problem to supply without queuing.
I have to stay on site from 9am sometimes until 7pm solving what I call “Deads left by other technicians”
but at least the client saw my way of working and I’ve been solving problems for a week.
I tell you that I even found a problem with a PC that turned off every 10 minutes or so. and guess what, their technician loosened the processor heat sink and therefore damaged the pc by trying to turn it on every so often.
something absurd but it happens here. and I try to correct the previous education of technicians with bad practices who only want money. and not a client
A problem that I found and that the client paid a lot of money for, was that out of 6 cash registers their network structure was created in this way.
In box 1 there is a switch and the network cable from box one reaches the switch, from box 2 it travels to the ceiling and passes through the channel of box 1 to reach the switch and so on to box 6 and a long cable to a home router to connect that switch, from that home router another long cable to the server passing two more switches. It was quite a nightmare, in the home router they connected two antennas, one ISP and another one that according to was to link headquarters a with headquarters b and one of their antennas was configured delivering dhcp which generated conflict with the home router and caused constant falls
I think that your experience with Windows Server might be a bit outdated. Things are working less bad during last 10 years.
Also, for some groupware capabilities Exchange is still a solid player, but as many other software products need a proper configuration to work. Like sendmail.
Might be a chance that i wrote public and you read static?
As far as I know, as a client OpenVPN works without issues behind NAT and CGNAT.
However, as far as i know, client must connect to a public reachable OpenVPN server port (if not using NethServer, even IPv6) which could not be achieved if the server is behind a CGNAT, or as I worded before, the connection do not provide a public IP address. Unless a VPS with OpenVPN capabilities act as a router among several OpenVPN Connections…
@jgjimenezs if you can solve not only tech problems, but also flawed way of thoughts, you’re a far more capable person than me.
Make your time worth for your customers. A lot.
It’s not three weeks ago, that the chinese were able to read Mails from a hosted Microsoft Mail Solution (Exchange?), specially secured for the US government…
And the foreign ministerium, no less!
I think that’s still very current!
OpenVPN, just confirming the server needs to be reachable, not behind CGNAT.
The client is no issue if or without CGNAT.
A vpn or site to site or roadwarrior does not work for me the local ip given by the isp. I used zerotier to be able to connect from my home and make adjustments with more peace of mind and avoid so many trips to the destination.
They have an antenna from site A to site B where previously it was to interconnect sites, but the previous technician did not make the necessary changes and a disaster was created in dhcp services between the sites.
Today at dawn I was able to connect offices A and B, office B has a mikrotik and I have configured load balancing and failover. and the communication step from site B to site A through the WAN port where the connection of the antenna of Site A arrives, avoiding dhcp granting between the sites and they can communicate without problems
I’m going to see if I can connect openvpn using zerotier.
wow, and I thought I lived in the twilight zone, but this particular client has this mess on the drop ceiling between electrical cables.
The network cable from the ISP antennas and the business link go through a 2" tube where the high voltage electrical cables go down from the power line to the premises.
