Hi Francisco,
Sorry for my delay.
Yes, sure you can! You should configure TLS Enable = yes and TLS Require =
yes for the clients in the VPN network. All the others that will surely not
use TLS, you can set TLS Enable = No.
Best regards,
Ana
On Mon, May 30, 2016 at 10:58 AM, Francisco Javier Funes Nieto <
esen...@gmail.com> wrote:
> Hi Ana,
>
> My question is:
>
> Can I have a mixed set of clients with TLS enabled and others with no TLS
> ?
>
> The clients into my LAN doesn't need the TLS support but all in the VPN
> network must use TLS.
>
>
>
> J.
>
>
>
>
>
>
>
>
>
> 2016-05-30 10:25 GMT+02:00 Ana Emília M. Arruda <emiliaarr...@gmail.com>:
>
>> Hi Javier,
>>
>> Yes, sure. If you configure TLS Require = No, if any of the daemons host
>> do not speak TLS, they will communicate with no encryption (ssl=0).
>>
>> Regards,
>> Ana
>>
>> On Sun, May 29, 2016 at 12:27 PM, Francisco Javier Funes Nieto <
>> esen...@gmail.com> wrote:
>>
>>> Hi Ana,
>>>
>>> The problem now it's solved. There was an incomplete configuration of
>>> the Storage Daemon and Director TLS subset.
>>>
>>> I have a cuestion around this,
>>>
>>> Can I have a mixed enviroment with TLS and Non-TLS clients in the same
>>> Bacula server?
>>>
>>> J.
>>>
>>> 2016-05-27 22:35 GMT+02:00 Ana Emília M. Arruda <emiliaarr...@gmail.com>
>>> :
>>>
>>>> Hello Javier,
>>>>
>>>> Did you solve this?
>>>>
>>>> ssl=0 means that no TLS connection is being used. Since TLS Require =
>>>> no for both director and storage daemon, it seems that they are unable to
>>>> establish one and then are communicating with no encryption.
>>>>
>>>> You can always run tests to verify your certificates:
>>>>
>>>> open a server-side ssl connection to listen to 9102:
>>>>
>>>> openssl s_server -accept 9102 -key betelgeuse.canonigos.es-daemon.key
>>>> -cert betelgeuse.canonigos.es.crt -CApath /usr/local/etc/ssl/ Verify 0
>>>>
>>>> try to connect from a client:
>>>>
>>>> openssl s_client -connect betelgeuse.canonigos.es:9102 -key
>>>> director.example.com.key -cert director.example.com.crt -CApath /
>>>> usr/local/etc/ssl/
>>>>
>>>> Regards,
>>>>
>>>> Ana
>>>>
>>>> On Tue, May 17, 2016 at 12:43 PM, Francisco Javier Funes Nieto <
>>>> esen...@gmail.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> The first time I'm trying to configure the TLS part of my (new) server
>>>>> under FreeBSD. (10.2/7.4 from ports)
>>>>>
>>>>> Communication sd <-> dir seems ok with debugging activated. I don't
>>>>> know if "ssl=0" means not using TLS.
>>>>>
>>>>> More info:
>>>>>
>>>>> betelgeuse.canonigos.es-dir: ua_status.c:183-0 item=1
>>>>> betelgeuse.canonigos.es-dir: job.c:1744-0 wstore=LocalChgr
>>>>> where=unknown source
>>>>> Automatically selected Storage: LocalChgr
>>>>> Connecting to Storage daemon LocalChgr at betelgeuse.canonigos.es:9103
>>>>> betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server
>>>>> Storage daemon betelgeuse.canonigos.es:9103.
>>>>> betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to
>>>>> challenge: J6c+pxk+t+/KDXl0B4IjVC
>>>>> betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5
>>>>> challenge <2125264182.1463481...@betelgeuse.canonigos.es-dir> ssl=0
>>>>> betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
>>>>> b++7uF+e3/JMCxZcv+/51C
>>>>> betelgeuse.canonigos.es-dir: ua_status.c:382-0 Connected to storage
>>>>> daemon
>>>>>
>>>>> betelgeuse.canonigos.es-sd Version: 7.4.0 (16 January 2016)
>>>>> amd64-portbld-freebsd10.2 freebsd 10.2-RELEASE-p9
>>>>>
>>>>>
>>>>> But with the FD I get this error:
>>>>>
>>>>> Select Client (File daemon) resource (1-8): 8
>>>>> Connecting to Client betelgeuse.canonigos.es-fd at
>>>>> betelgeuse.canonigos.es:9102
>>>>> betelgeuse.canonigos.es-dir: bsock.c:305-0 OK connected to server
>>>>> Client: betelgeuse.canonigos.es-fd betelgeuse.canonigos.es:9102.
>>>>> betelgeuse.canonigos.es-dir: fd_cmds.c:110-0 Opened connection with
>>>>> File daemon
>>>>> betelgeuse.canonigos.es-dir: authenticate.c:202-0 Sent: Hello Director
>>>>> betelgeuse.canonigos.es-dir calling 102
>>>>> betelgeuse.canonigos.es-dir: cram-md5.c:147-0 sending resp to
>>>>> challenge: 0i+14m/EA9/jvH4HAG/3BA
>>>>> betelgeuse.canonigos.es-dir: cram-md5.c:71-0 send: auth cram-md5
>>>>> challenge <2099914463.1463480...@betelgeuse.canonigos.es-dir> ssl=2
>>>>> betelgeuse.canonigos.es-dir: cram-md5.c:90-0 Authenticate OK
>>>>> Y8+3N1t0t3+0VhI93F9vvB
>>>>> betelgeuse.canonigos.es-dir: fd_cmds.c:117-0 Authentication error with
>>>>> FD.
>>>>> Failed to connect to Client betelgeuse.canonigos.es-fd.
>>>>> ====
>>>>> You have messages.
>>>>> *m
>>>>> 17-May 12:17 betelgeuse.canonigos.es-dir JobId 0: Fatal error:
>>>>> Authorization problem: FD "Client: betelgeuse.canonigos.es-fd:
>>>>> betelgeuse.canonigos.es" did not advertise required TLS support.
>>>>>
>>>>>
>>>>> The Config:
>>>>>
>>>>> dir.conf >>
>>>>>
>>>>>
>>>>> Director {
>>>>> Name = betelgeuse.canonigos.es-dir
>>>>> DIRport = 9101
>>>>> QueryFile = "/usr/local/share/bacula/query.sql"
>>>>> WorkingDirectory = "/var/db/bacula"
>>>>> PidDirectory = "/var/run"
>>>>> Maximum Concurrent Jobs = 20
>>>>> Password = "XX" # Console password
>>>>> Messages = Daemon
>>>>> # configuracion relativa a TLS
>>>>> TLS Require = no
>>>>> TLS Enable = yes
>>>>> TLS Verify Peer = yes
>>>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>>>> TLS Certificate =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>>>> TLS Key =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>>>> }
>>>>>
>>>>> # Client (File Services) to backup
>>>>> Client {
>>>>> Name = betelgeuse.canonigos.es-fd
>>>>> Address = betelgeuse.canonigos.es
>>>>> FDPort = 9102
>>>>> Catalog = MyCatalog
>>>>> Password = "XX"
>>>>> File Retention = 60 days # 60 days
>>>>> Job Retention = 6 months # six months
>>>>> AutoPrune = yes # Prune expired Jobs/Files
>>>>> # configuracion relativa a LTS
>>>>> TLS Require = yes
>>>>> TLS Enable = yes
>>>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>>>> TLS Certificate =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>>>> TLS Key =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>>>> }
>>>>>
>>>>>
>>>>> fd.conf >>
>>>>>
>>>>> FileDaemon { # this is me
>>>>> Name = betelgeuse.canonigos.es-fd
>>>>> FDport = 9102 # where we listen for the director
>>>>> WorkingDirectory = /var/db/bacula
>>>>> Pid Directory = /var/run
>>>>> Maximum Concurrent Jobs = 20
>>>>> # Plugin Directory = /usr/local/lib
>>>>> # configuracion relativa a TLS
>>>>> TLS Require = yes
>>>>> TLS Enable = yes
>>>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>>>> TLS Certificate =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>>>> TLS Key =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>>>> }
>>>>>
>>>>>
>>>>> sd.conf >>
>>>>>
>>>>> Storage { # definition of myself
>>>>> Name = betelgeuse.canonigos.es-sd
>>>>> SDPort = 9103 # Director's port
>>>>> WorkingDirectory = "/var/db/bacula"
>>>>> Pid Directory = "/var/run"
>>>>> Maximum Concurrent Jobs = 20
>>>>> # configuracion relativa al TLS
>>>>> TLS Require = no
>>>>> TLS Enable = yes
>>>>> TLS Verify Peer = yes
>>>>> TLS CA Certificate File = /usr/local/etc/ssl/cacert.pem
>>>>> TLS Certificate =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es.crt
>>>>> TLS Key =
>>>>> /usr/local/etc/ssl/betelgeuse.canonigos.es-daemon.key
>>>>> }
>>>>>
>>>>>
>>>>> J.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> _____________________________________________
>>>>>
>>>>> Francisco Javier Funes Nieto [esen...@gmail.com]
>>>>> CANONIGOS
>>>>> Servicios Informáticos para PYMES.
>>>>> Cl. Cruz 2, 1º Oficina 7
>>>>> Tlf: 958.536759 / 661134556
>>>>> Fax: 958.521354
>>>>> GRANADA - 18002
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Mobile security can be enabling, not merely restricting. Employees who
>>>>> bring their own devices (BYOD) to work are irked by the imposition of
>>>>> MDM
>>>>> restrictions. Mobile Device Manager Plus allows you to control only the
>>>>> apps on BYO-devices by containerizing them, leaving personal data
>>>>> untouched!
>>>>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
>>>>> _______________________________________________
>>>>> Bacula-users mailing list
>>>>> Bacula-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> _____________________________________________
>>>
>>> Francisco Javier Funes Nieto [esen...@gmail.com]
>>> CANONIGOS
>>> Servicios Informáticos para PYMES.
>>> Cl. Cruz 2, 1º Oficina 7
>>> Tlf: 958.536759 / 661134556
>>> Fax: 958.521354
>>> GRANADA - 18002
>>>
>>
>>
>
>
> --
> _____________________________________________
>
> Francisco Javier Funes Nieto [esen...@gmail.com]
> CANONIGOS
> Servicios Informáticos para PYMES.
> Cl. Cruz 2, 1º Oficina 7
> Tlf: 958.536759 / 661134556
> Fax: 958.521354
> GRANADA - 18002
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
