Line 3: |
Line 3: |
| | | |
| ===Maintainer=== | | ===Maintainer=== |
− | [[User:VIP-ire|Daniel B.]]<br/> | + | [[User:VIP-ire|Daniel B.]]<br /> |
| [http://www.firewall-services.com Firewall Services]<br> | | [http://www.firewall-services.com Firewall Services]<br> |
| mailto:daniel@firewall-services.com | | mailto:daniel@firewall-services.com |
Line 9: |
Line 9: |
| === Version === | | === Version === |
| | | |
− | {{ #smeversion: smeserver-openvpn-s2s }} | + | {{#smeversion: smeserver-openvpn-s2s }} |
| | | |
| === Description === | | === Description === |
Line 135: |
Line 135: |
| === Source === | | === Source === |
| The source for this contrib can be found in the smeserver [http://smeserver.cvs.sourceforge.net/smeserver/smeserver-openvpn-s2s/ CVS] on sourceforge. | | The source for this contrib can be found in the smeserver [http://smeserver.cvs.sourceforge.net/smeserver/smeserver-openvpn-s2s/ CVS] on sourceforge. |
− | === Bugs === | + | === Workarounds and known issues === |
| + | if you migrate from SME8 to SME9 and are not able to connect after correctly migrating your certificates, this might be related to not secure enough algorithm. CentOS 6.9 release notes state that "Support for insecure cryptographic protocols and algorithms has been dropped. This affects usage of MD5, SHA0, RC4 and DH parameters shorter than 1024 bits." Of course real solution would be to migrate all your certs to better algorithm. |
| + | |
| + | workaround :<syntaxhighlight lang="bash"> |
| + | echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings |
| + | service openvpn-s2s restart |
| + | </syntaxhighlight> |
| + | |
| + | ===Bugs=== |
| Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] |
| and select the smeserver-openvpn-s2s component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-openvpn-s2s|title=this link}} | | and select the smeserver-openvpn-s2s component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-openvpn-s2s|title=this link}} |