Changes

Jump to navigation Jump to search
827 bytes added ,  07:21, 1 April 2021
no edit summary
Line 25: Line 25:     
=== Installation ===
 
=== Installation ===
 +
<tabs container><tab name="For SME 10">
 +
/!\ new default cipher = AES-128-GCM and HMAC SHA256, if you have issues check the  configuration options
 +
  yum  install smeserver-openvpn-routed --enablerepo=smecontribs
 +
if you have smeserver-openvpn-bridge installed and configured then all will work automaticly.
 +
It will change its port to a different one, and it will copy certificates from the bridge openvpn
   −
==== install the rpms ====
+
to know the new port
 +
  config getprop openvpn-routed UDPPort
 +
</tab>
 +
<tab name="For SME 9">
 
install fws repo, see : [[Fws]]
 
install fws repo, see : [[Fws]]
   Line 33: Line 41:  
  yum  install smeserver-openvpn-routed --enablerepo=fws,smecontribs
 
  yum  install smeserver-openvpn-routed --enablerepo=fws,smecontribs
    +
you will then have to configure by hand
 +
</tab>
 +
</tabs>
 
==== Configure  ====
 
==== Configure  ====
   −
This contribs is really minimal and doesn't have a panel to configure everything. You have to configure all by hand.
+
This contribs is really minimal and doesn't have a panel to configure everything. You have to configure all by hand. Except on SME10 if you already have smeserver-openvpn-bridge installed and configured.
    
here's the file the contrib expects to see before being started:
 
here's the file the contrib expects to see before being started:
Line 225: Line 236:     
|-
 
|-
|  ||  ||  || Cipher || None || Various. AES-256-CBC  || Default BF-CBC deprecated
+
|  ||  ||  || Cipher || None || Various. AES-128-CBC  || Default BF-CBC deprecated
 +
 
 +
|-
 +
|  ||  ||  || HMAC || None || Various. SHA256  || Default SHA1 deprecated
    
|-
 
|-
 
|  ||  ||  || CrlUrl ||None || http://url/phpki/index.php?stage=dl_crl_pem ||
 
|  ||  ||  || CrlUrl ||None || http://url/phpki/index.php?stage=dl_crl_pem ||
 
|}
 
|}
 +
 +
you can also set the property PushRoute to disable to any network in networks db to avoid the contrib to push the network to the client
 +
 +
 
===Workarounds and known issues===
 
===Workarounds and known issues===
 
if you migrate from SME8 to SME9 and are not able to connect after correctly migrating your certificates, this might be related to not secure enough algorithm. CentOS 6.9 release notes state that "Support for insecure cryptographic protocols and algorithms has been dropped. This affects usage of MD5, SHA0, RC4 and DH parameters shorter than 1024 bits." Of course real solution would be to migrate all your certs to better algorithm.
 
if you migrate from SME8 to SME9 and are not able to connect after correctly migrating your certificates, this might be related to not secure enough algorithm. CentOS 6.9 release notes state that "Support for insecure cryptographic protocols and algorithms has been dropped. This affects usage of MD5, SHA0, RC4 and DH parameters shorter than 1024 bits." Of course real solution would be to migrate all your certs to better algorithm.
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,254

edits

Navigation menu