userdoc:system-config

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:system-config [2014/05/28 17:28]
droemel [Network Interfaces]
userdoc:system-config [2016/12/02 19:07] (current)
abelbeck [Network Services]
Line 3: Line 3:
 It is assumed that the instructions for a "New Installation" were followed, "Persistent Storage" and "Security and Sound Files" have been configured. It is assumed that the instructions for a "New Installation" were followed, "Persistent Storage" and "Security and Sound Files" have been configured.
  
-By default a single ''/mnt/kd/rc.conf'' file contains the AstLinux configuration, using options defined as shell script variables.  If you do not wish to use the web interface for AstLinux configuration and management, edit the ''/mnt/kd/rc.conf'' file as desired and the rest of this document can be ignored.+By default a single ''/mnt/kd/rc.conf'' file contains the AstLinux configuration, using options defined as shell script variables. If you do not wish to use the web interface for AstLinux configuration and management, edit the ''/mnt/kd/rc.conf'' file as desired and the rest of this document can be ignored.
  
 Most administrators will want to use the web interface, the next step is via the Network Tab in the web interface:\\ Most administrators will want to use the web interface, the next step is via the Network Tab in the web interface:\\
Line 10: Line 10:
 {{:userdoc:system-config-save-settings.jpg?nolink|Save Settings}} {{:userdoc:system-config-save-settings.jpg?nolink|Save Settings}}
  
-Click "Save Settings" to save any changes, and additionally it creates the ''/mnt/kd/rc.conf.d/'' directory if it did not exist.  From that point on the single ''/mnt/kd/rc.conf'' file will be ignored, instead all the ''/mnt/kd/rc.conf.d/*.conf'' files will be used for the system configuration.  All web interface configurations will be saved as ''/mnt/kd/rc.conf.d/*.conf'' files.+Click "Save Settings" to save any changes, and additionally it creates the ''/mnt/kd/rc.conf.d/'' directory if it did not exist. From that point on the single ''/mnt/kd/rc.conf'' file will be ignored, instead all the ''/mnt/kd/rc.conf.d/*.conf'' files will be used for the system configuration. All web interface configurations will be saved as ''/mnt/kd/rc.conf.d/*.conf'' files.
  
 Every administrator will want to make a few changes in the Network Tab after a "New Installation", a basic guide is described below. Every administrator will want to make a few changes in the Network Tab after a "New Installation", a basic guide is described below.
Line 17: Line 17:
 {{:userdoc:system-config-external-interface.jpg?nolink|External Interface}} {{:userdoc:system-config-external-interface.jpg?nolink|External Interface}}
  
-All AstLinux configurations require an external interface to be defined.  Select the "Connection Type:" for your situation.+All AstLinux configurations require an external interface to be defined. Select the "Connection Type:" for your situation.
  
 Check "Local Domain" if the "Domain:" is unique to this box. Uncheck "Local Domain" if the "Domain:" is shared via an upstream DNS server. Check "Local Domain" if the "Domain:" is unique to this box. Uncheck "Local Domain" if the "Domain:" is shared via an upstream DNS server.
Line 46: Line 46:
 !!Tip ->!! VPN's require the Firewall to be enabled, and each have associated firewall plugins that will be automatically enabled. !!Tip ->!! VPN's require the Firewall to be enabled, and each have associated firewall plugins that will be automatically enabled.
  
-!!Note ->!! If you are currently accessing the web interface via the external interface, be certain to add a "Pass EXT->Local, TCP, 0/0, 443" firewall rule before enabling the Firewall.  But in production, keep the number of "Pass EXT->Local" firewall rules to only what is absolutely required when that interface has access to the public internet. Use a VPN to remotely manage your AstLinux system.+!!Note ->!! If you are currently accessing the web interface via the external interface, be certain to add a "Pass EXT->Local, TCP, 0/0, 443" firewall rule before enabling the Firewall. But in production, keep the number of "Pass EXT->Local" firewall rules to only what is absolutely required when that interface has access to the public internet. Use a VPN to remotely manage your AstLinux system.
 ===== Network Time ===== ===== Network Time =====
 {{:userdoc:system-config-network-time.jpg?nolink|Network Time}} {{:userdoc:system-config-network-time.jpg?nolink|Network Time}}
  
-It is important for your AstLinux box to have the proper time set, therefore on every boot the system automatically tries to get the current time from an upstream NTP server.  Use the Network Time Settings above to define the NTP server(s) (local or remote) and your local timezone.+It is important for your AstLinux box to have the proper time set, therefore on every boot the system automatically tries to get the current time from an upstream NTP server. Use the Network Time Settings above to define the NTP server(s) (local or remote) and your local timezone.
  
 Additionally, a local NTP server is automatically enabled to support local network devices and IP phones. Additionally, a local NTP server is automatically enabled to support local network devices and IP phones.
 +
 +!!Detailed Info ->!! **[[userdoc:tt_ntp_client_server|NTP Client/Server (chrony) Configuration]]**
 ===== SMTP Mail Relay ===== ===== SMTP Mail Relay =====
 {{:userdoc:system-config-smtp-relay.jpg?nolink|SMTP Mail Relay}} {{:userdoc:system-config-smtp-relay.jpg?nolink|SMTP Mail Relay}}
  
-There are many situations when it is desired for AstLinux to send an email, eg. voicemail messages, error notifications, etc. .  Define the appropriate credentials for your upstream SMTP server.+There are many situations when it is desired for AstLinux to send an email, eg. voicemail messages, error notifications, etc. . Define the appropriate credentials for your upstream SMTP server.
  
 Common "SMTP Port:" values are: 25, 465 or 587. Common "SMTP Port:" values are: 25, 465 or 587.
Line 66: Line 68:
 {{:userdoc:system-config-ipv6-tunnel.jpg?nolink|IPv6 Tunnel}} {{:userdoc:system-config-ipv6-tunnel.jpg?nolink|IPv6 Tunnel}}
  
-If you only have IPv4 connectivity, it is possible to create a tunnel via IPv4 to support IPv6 connectivity.  One common service is www.tunnelbroker.net by Hurricane Electric.+If you only have IPv4 connectivity, it is possible to create a tunnel via IPv4 to support IPv6 connectivity. One common service is www.tunnelbroker.net by Hurricane Electric.
  
 !!Detailed Info ->!! **[[userdoc:tt_ipv6_tunnel_config|IPv6 Tunnel Configuration]]** !!Detailed Info ->!! **[[userdoc:tt_ipv6_tunnel_config|IPv6 Tunnel Configuration]]**
Line 73: Line 75:
 {{:userdoc:system-config-dynamic-dns.jpg?nolink|Dynamic DNS}} {{:userdoc:system-config-dynamic-dns.jpg?nolink|Dynamic DNS}}
  
-The Dynamic DNS service allows users with (often or seldom) changing public IPv4 addresses to set a public DNS record to consistently reach your AstLinux box on the public internet.  A Dynamic DNS provider is required, supplying you with the required credentials.+The Dynamic DNS service allows users with (often or seldom) changing public IPv4 addresses to set a public DNS record to consistently reach your AstLinux box on the public internet. A Dynamic DNS provider is required, supplying you with the required credentials.
  
 Available methods: [disabled], [inadyn] or [ddclient] Available methods: [disabled], [inadyn] or [ddclient]
Line 81: Line 83:
 {{:userdoc:system-config-network-services.jpg?nolink|Network Services}} {{:userdoc:system-config-network-services.jpg?nolink|Network Services}}
  
-Many, many Network Services are supported by AstLinux.  Too many to itemize and describe here, but the more featured services have detailed information within this documentation.+Many, many Network Services are supported by AstLinux. Too many to itemize and describe here, but the more featured services have detailed information within this documentation.
  
 !!Detailed Info ->!! **[[userdoc:tt_dnscrypt_proxy|DNSCrypt Proxy Server]]** !!Detailed Info ->!! **[[userdoc:tt_dnscrypt_proxy|DNSCrypt Proxy Server]]**
Line 88: Line 90:
  
 !!Detailed Info ->!! **[[userdoc:tt-ldap-server|LDAP Server Configuration]]** !!Detailed Info ->!! **[[userdoc:tt-ldap-server|LDAP Server Configuration]]**
 +
 +!!Detailed Info ->!! **[[userdoc:tt_zabbix_monitoring|Zabbix Monitoring Configuration]]**
  
 {{:userdoc:system-config-http-https.jpg?nolink|HTTP/HTTPS}} {{:userdoc:system-config-http-https.jpg?nolink|HTTP/HTTPS}}
  
-THe HTTP/HTTPS settings control the built-in web server.  The web server is used for the web interface as well as serving files for phone provisioning and other situations.+THe HTTP/HTTPS settings control the built-in web server. The web server is used for the web interface as well as serving files for phone provisioning and other situations.
  
 After you have visited the Prefs tab and specified the "Distinguished Name:" section (in the Prefs tab), you may check "Create New HTTPS Certificate" followed by "Save Settings" (in the Network tab) to generate a custom self-signed certificate for the web interface. After you have visited the Prefs tab and specified the "Distinguished Name:" section (in the Prefs tab), you may check "Create New HTTPS Certificate" followed by "Save Settings" (in the Network tab) to generate a custom self-signed certificate for the web interface.
  
-!!Note ->!! If you manually create the ''/mnt/kd/phoneprov/'' directory, HTTP/HTTPS serves files under the ''/mnt/kd/phoneprov/'' directory with URL paths beginning with ''/phoneprov/'' Be sure to consider restricting ''/phoneprov/'' access as shown above.+!!Note ->!! If you manually create the ''/mnt/kd/phoneprov/'' directory, HTTP/HTTPS serves files under the ''/mnt/kd/phoneprov/'' directory with URL paths beginning with ''/phoneprov/'' . Be sure to consider restricting ''/phoneprov/'' access as shown above.
  
 {{:userdoc:system-config-vpn.jpg?nolink|VPN Types}} {{:userdoc:system-config-vpn.jpg?nolink|VPN Types}}
Line 108: Line 112:
     * IPsec Peers - Tunnel routed local and remote subnets using static IP addresses.     * IPsec Peers - Tunnel routed local and remote subnets using static IP addresses.
     * IPsec Mobile - Act as an IPsec server to allow remote IPsec client's with dynamic IP addresses to access selected network subnets.     * IPsec Mobile - Act as an IPsec server to allow remote IPsec client's with dynamic IP addresses to access selected network subnets.
-    * PPTP Server - Do not enable this server unless absolutely required for compatibility.  Both OpenVPN and IPsec are more secure choices.+    * IPsec strongSwan - Act as an IPsec endpoint using strongSwan. 
 +    * PPTP Server - Do not enable this server unless absolutely required for compatibility. Both OpenVPN and IPsec are more secure choices.
  
 !!Detailed Info ->!! **[[userdoc:tt_openvpn_server|OpenVPN Configuration]]** !!Detailed Info ->!! **[[userdoc:tt_openvpn_server|OpenVPN Configuration]]**
Line 114: Line 119:
 !!Detailed Info ->!! **[[userdoc:tt_ipsec_vpn_apple_ios|IPsec VPN Configuration]]** !!Detailed Info ->!! **[[userdoc:tt_ipsec_vpn_apple_ios|IPsec VPN Configuration]]**
  
-!!Note ->!! VPN's require the Firewall to be enabled, and each have associated firewall plugins that will be automatically enabled.+!!Detailed Info ->!! **[[userdoc:tt_ipsec_vpn_strongswan|IPsec VPN (strongSwan) Configuration]]**
  
 +!!Note ->!! VPN's require the Firewall to be enabled, and each have associated firewall plugins that will be automatically enabled.
 ===== UPS Monitoring ===== ===== UPS Monitoring =====
 {{:userdoc:system-config-ups.jpg?nolink|UPS Monitoring}} {{:userdoc:system-config-ups.jpg?nolink|UPS Monitoring}}
Line 125: Line 131:
 {{:userdoc:system-config-advanced.jpg?nolink|Advanced Configuration}} {{:userdoc:system-config-advanced.jpg?nolink|Advanced Configuration}}
  
-Not every configuration option of AstLinux has a web interface implementation, in those cases the configuration variables must be defined manually.  The "User System Variables:" is for such a case, and edits the ''/mnt/kd/rc.conf.d/user.conf'' file by clicking on the **Edit User Variables** button.+Not every configuration option of AstLinux has a web interface implementation, in those cases the configuration variables must be defined manually. The "User System Variables:" is for such a case, and edits the ''/mnt/kd/rc.conf.d/user.conf'' file by clicking on the **Edit User Variables** button.
  
 Configuration variables are specified using the format: Configuration variables are specified using the format:
  • userdoc/system-config.1401316097.txt.gz
  • Last modified: 2014/05/28 17:28
  • by droemel