Hi there,

As mentioned in one my previous posts here is my feedback. Unfortunately, not much to report back on though...

My sysadmin joined the team start of October. Due to the history of getting the ClearOS installation to the state where we had it at that point, we pulled the drives in the state that they were for backup purposes in case we had to revert and dunked pfSense on the server which took less than an hour to install and configure. Unfortunately, we're in the middle of a term at campus, so we never got around to play around with the other network drivers (well, without the risk of disrupting service) to see if that fixed the problem but I'd like to thank Marcel & Nick for the responses on this thread.

We've placed an order for the Ubiquiti gateway device but that was on back-order and cancelled the order in the meantime as we've decided to leave the pfSense installation in place as the permanent solution because it has been running super stable since the start of October and we're very happy with the performance and throughput. It's kind of a waste to run such a specification server just for gateway/firewall purposes but oh well whatever gets the job done then I'm happy.

Lastly, again I would like to apologize if I offended anyone with my initial post involved on the ClearOS project. I'm sorry that we're not able to contribute further to this project but we're running a private education operation, hence available hardware to lab these kind of things is scarce and human capital to allocate to experimental projects even more so.

All the best with this project!

Kind regards,
Johan.

@Marcel & Nick: thanks for your replies guys.

Last night I took down the server and stripped it to its absolute bare essentials (software-wise), so there is very little other than basic infrastructure services, firewall, and the multi-WAN module currently in operation. Not that it was running much more though but I think the cleanup and reboot did the server good. So far so good but I'm monitoring the server closely and will look at the driver roll-out over the weekend if the need arises. Thanks for the heads-up though!

In terms of the Ubiquiti hardware, thanks for the word of warning. I'll dip my feet in the water with the gateway device first and take it from there but I really need to get the current AP's recycled. They're old (as in 5+ years) and slow (150Mbps), incapable of handling the number of nodes connecting to them and about a third of them are actually consumer grade AP's deployed as a quick fix by the previous sysadmin.

Fortunately, I've got a sysadmin starting on Monday and he'll have the time to figure out all these challenges. Like I explained to Ben in my previous post, I'm not directly involved with ground zero so it is difficult to juggle my core responsibilities along with curve-balls like these which at this particular point in time is extremely taxing because we're currently busy drawing up budgets for 2017 and there is little time available even without the curve-balls.

If we are able to give back anything from our particular situation, I'm happy to contribute especially if we can pin down our particular challenge on the bandwidth manager app which is probably the largest pain in my back at the moment. Otherwise, we'll need to get on the eGloo bandwagon, I have no problem participating in beta testing if it means that we can give our staff and students a better experience than no bandwidth management at all. The rest I can live with for now, at least I know there is 100Mbps microwave idling in case the 200Mbps fiber goes down, hehehe.

BTW, I got no bad vibes/impression about the other thread. I was merely puzzled why this thread did not show up, so I tried posting again and then suddenly there were two. :P

I must warn you I used UniFi devices for a short time but it was to buggy for my taste. So I sold most of my Ubiquiti stuff. The only Ubiquiti device I have is a UAP Pro at the moment. Some times the grass looks greener on the other side. Now I regret that I leaved this community for awhile.

Maybe my post of "forum post disappeared after moderation" gave you a wrong impression. So I apologise for that. We are the ClearOS community. So I invite you to help someone else if you have some spare time left.

P.S. Please check the Egloo site. This is coming to ClearOS!

Johan Kirsten wrote:
What puzzles me though is that these are long-running NICs, surely drivers for an OS such as RHEL/CentOS/ClearOS should be sorted out by now?

NIC drivers, I believe, are written by Intel and then absorbed into the kernel. Any distro on a similar kernel will have the same issues, not just the RHEL/CentOS/ClearOS branch. RHEL even backport later drivers into the current kernel.

The 82574L used to be a problem up to about driver version 2.3.2. The kernel driver is up to 3.2.5. The issue I linked to for the 82579 exists up to 3.3.4 which is the latest one I have compiled from ElRepo and is also the latest produced by Intel. You are welcome to try it.

One thing this forum suffers from is the lack of people willing to give back to the community. We really need more people who are prepared to help out and dig into things. If you've been using ClearOS since 5.x it would be good if you could give something back. I try my best but I am not an IT person at all and I only use ClearOS in a home environment. I've learned a lot from listening, searching and trying things out and I give back.

FWIW ClearOS Community version is only optimised for about 10 users. There are a number of things which should be tweaked for more users. I don't know what they are - possibly in the Proxy/Content Filter/Antivirus area, but this is done for you in the Pro version.

Thanks for the great reply Ben, I'm sure you've put a lot of thought into it.

My involvement in IT is mostly strategic (well, supposed to be) but I'm currently short of a sysadmin, so I had to jump into the infra-side of things to help out. Please note, I have not dealt with infrastructure hands-on for a whole number of years, hence I'm rusty if you could call it that.

I did not intend to attack anybody especially not a community (not referring exclusively to the ClearOS community) that I've interfaced with for many years. I support OSS where I can and use it a lot myself in my personal capacity.

The reason for my post was not really to get help on a granular configuration level because as I've said I'll rather get a hardware firewall/gateway solution deployed as soon as I can. My intention was to find out if anyone else is having the same overall frustrations/experience as I've had over the past week. If you need examples, just do a couple of Google searches... You'll find plenty of unanswered questions. I just became extremely frustrated with the situation working through the process of configuration only to find it's not doing what I intended it to do. Take for example, if I tell the "Bandwidth Manager" app to "Limit" all IP's upload and download rates to 1024kbps and that is literally the only rule-set I've got setup and nothing else nada, then try to download something just to see the download rate fly through the roof, how can I explain this in more detail to you? No errors, warnings or anything of significance in the logs...

If the experience swung the other way I would've opted for a ClearBox device, in fact it was already on my budget (yup, the actual device! 300 Series) because I really wanted to push the use of OSS in the very closed-source/proprietary environment that I'm working in now to show off the power of OSS.

You could say that this was probably more of an interactive "poll" I guess? I was purely curious to see if I'm just an idiot because I felt kind of dumb over the last couple of days trying to figure out the simplest of things such as limiting bandwidth per IP address.

I sincerely apologize for offending you and/or the community but it really does not count in your favor to have replied to me in such an elitist tone. I'm just an information systems manager that need to take the heat for solutions that does not work and don't get me wrong I know what I've signed up for and I'm happy to take the heat for decision as I've made as long as I can provide a logical answer to my bosses of what went wrong but I'm sure we can't relate to each other... Agreed?

Have a good day!

Hi Johan,

Nice first post....not really sure how to respond, but I'll give it a shot.

It could be a cultural issue, but my own personal take-away is that your sense of entitlement is without limits and your definition of community is completely one-sided. By that I mean, you tell everyone here in the community you are 'shocked and disappointed' about the state of ClearOS, but take no responsibility yourself for the very-same community you are a part of and have previously benefited from.

Let me back that up with "Clintonesque" specifics.

Many years ago at another company I deployed a version 5.x box with 4x ADSL & 1x fibre connections, setup load-balancing, DHCP with subnetting with redirection to different gateways, and bandwidth control to prevent users from monopolizing the Internet connectivity; and this all from the web interface in a couple of easy steps.

Great to hear - we've established that you have benefitted tremendously from ClearOS in the past.

However, it seems like this project is dying a slow death

I get to see the statistics of usage, retention etc. and I can assure you this is not the case. Ironically, it's comments like this in a public forum that can deter new users from trying ClearOS. Thanks for helping out!

and it is really simple stuff

You failed to provide one example. You mentioned earlier, bandwidth QoS - implementation is anything but 'really simple stuff'.

huge hacks to the config files

You make modifying a config file sound like it's something terrible. We try and make ClearOS as simple as possible for the end-user...in doing so, we abstract much of the complexity of an underlying technology from the UI.

If your deployment goes outside the boundaries of what the UI provides, you are encouraged to modify things from the command line - that is one of the benefits of ClearOS. In 99% of all cases, the ClearOS API doesn't stomp on your changes and in the case of the 1%, there are clear warnings at the top of an API created config that let you know something you change might get blown away if you don't take precautions.

or just not answered at all

Really? You've never Googled to help you solve a problem only to spend the next few hours going down paths that don't turn up with your solution? You must have some very powerful Google-Fu.

Posts like this certainly don't generate alot of motivation for me to help you...the fact that Nick did (and so quickly) just shows you how generous he is with his times. That's true community!

traffic redirection that does not work etc.

Show us what you have tried?

Documentation pages are just dead or non-existent

Agree with you here...the documentation of ClearOS is one of the weakest points. However, here's another way of saying this and at the same time helping the community you're criticising:

"I just clicked on xyz link from this URL and it's 404ing...anybody know where it should go? Anyone out there want to help me write it if the topic doesn't exist?"

I'm dreaming of Utopia, I know.

screenshots does not match the functionality that we see on the software

True, but it's just a skin/template and some CSS differences. All the forms/controls between 6 and 7 are very nearly identical if you can get around the visual differences.

I'm getting really weird performance issues on this setup... ClearOS says it's idling, but webconfig locks up randomly, I don't get the throughput of the WAN connections (200Mbps & 100Mbps respectively) at all.

Details please! You're asking for our help...we shouldn't have to pull this stuff out of you.

What have you tried
Snippets of log files
Output of command line tools (ps, top, df, free etc.)
Low level tests (ping, arping etc.)
Isolating the problem - what have you done to try and narrow the scope of some issue down to something manageable.

I strongly considered procuring a dedicated ClearOS device with the next batch of infrastructure purchases because I'd really like to support the OSS community but I've lost all confidence in the software!

Egg, meet chicken.

Sooo many cool features that were present in 5.x and 6.x are now just taken out or replaced

Categorically not true. The only feature that has been removed from 5.x is the mail queue tool (based on MailZu) which was done so because the project is no longer being maintained and wasn't compatible with ClearOS 6/7 framework and we failed to find a replacement.

Apologies for my rant

No apologies required...just don't expect a whole lot of help with the attitude you've come with. Maybe I'm wrong and you've posted in the past and helped out new users. Maybe you've recommended a hundred businesses to use ClearOS. Maybe you've spent money purchasing software subscriptions for dedicated support or service that helps fund the project. Maybe you've created YouTube videos on how to deploy ClearOS. Maybe you've written documentation or translated ClearOS webconfig into another language. If any of those are true, I thank you for your contributions to the community and you have my apology for dumping on you like this.

And finally, from your follow-up post...

Alas, the bottom line is that I've lost two days of my own work time in containing this situation, we suffered damage to our company image, and loss of productivity for our staff and students. That was a much higher price to pay...

A higher price than, say, a ClearOS Business Gold subscription that would have given you access to ClearCenter developers, admins and experts in deploying a ClearOS gateway? I'm not a sales/marketing guy, just lowly developer, but seems to me, options exist, but you chose a path, didn't like the outcome and came here to vent.

Ben

Thanks for the comments Marcel.

The jump-start towards an Ubiquiti setup will probably only include the gateway device at first, I'm looking at the UniFi AP's and other devices going forward so then it will probably become integral to the solution. What I understand from the documentation is that the administration can be done with a cloud based subscription too which is probably what I'll be going with at first.

Alas, the bottom line is that I've lost two days of my own work time in containing this situation, we suffered damage to our company image, and loss of productivity for our staff and students. That was a much higher price to pay...

Are you aware that you need a Ubiquiti cloudkey for the Unifi devices?

There is a new app coming not sure if it is where you looking for. See this post.

Thanks for the reply and information Nick.

Our server is configured with 4x Intel 82574L Gigabit NICs, two of which are onboard and the other two discrete cards: http://intel.ly/2dcjjUX

What puzzles me though is that these are long-running NICs, surely drivers for an OS such as RHEL/CentOS/ClearOS should be sorted out by now?

About the configuration... I've specifically opted to use the dedicated cards for the WAN connections with the intent that if there is any bottleneck on the expansion PCIe bus, that it would be between the two WAN connections and that the LAN connection would use one of the onboard NICs to be as "close to home" to the system bus as possible. Whether this is/was a good thought on my part, I'm not sure but I'm very certain that even with 1Gbps worth of LAN traffic to the server and 300Mbps worth of traffic on the WAN connections, there is no way that this would saturate the PCIe bus or system bus, or the NICs for that matter.

The problem might be the drivers though but I don't have the time right now to look at that or jeopardize the stability of the system during production hours. As it stands now, the 200Mbps fiber connection is configured as "Primary" and the 100Mbps microwave connection is configured as "Backup" on the "Multi-WAN" app.

ClearOS have left me red-faced this week with staff and students because everyone involved is very dependent on Internet connectivity. I've ordered the following device from Ubiquiti but due to stock availability it is on back-order and I will only have my hands on the device in November: http://bit.ly/2dctU2s

It's still a long wait until the Ubiquiti is in my hands, so I'm seriously considering replacing the ClearOS installation with pfSense as a temporary solution to tide us over until November, because I really can't afford another stint like this. Our students went berserk on social media and on campus, which left a very bad taste in our mouths and damaged our company image. I think it's very evident that I'm sorely disappointed with ClearOS after vouching for it when we looked at an open-source solution.

I can't comment on bandwidth and QoS as I don't use them and I sympathize with some your gripes.

There is a known issue affecting some Intel NICs which would affect RHEL, CentOS and therefore ClearOS. Can you have a quick look at this thread? I don't know if the issue is hardware (so it affects one type of NIC only) or driver dependent (so it affects all NICs using the e1000e)