Changes

From SME Server
Jump to navigationJump to search

OpenVPN Routed (view source)

Revision as of 02:55, 15 January 2019

651 bytes added ,  02:55, 15 January 2019
→‎Other articles in this category
Line 4: Line 4:     
===Maintainer===
 
===Maintainer===
[mailto:daniel@firewall-services.com[[User:VIP-ire|Daniel B.]]] from [http://www.firewall-services.com Firewall Services]
+
[mailto:daniel@firewall-services.com][[User:VIP-ire|Daniel B.]] from [http://www.firewall-services.com Firewall Services]
    
=== Description ===
 
=== Description ===
Line 226: Line 226:  
|  ||  ||  || CrlUrl ||None || http://url/phpki/index.php?stage=dl_crl_pem ||
 
|  ||  ||  || CrlUrl ||None || http://url/phpki/index.php?stage=dl_crl_pem ||
 
|}
 
|}
 +
===Workarounds and known issues===
 +
if you migrate from SME8 to SME9 and are not able to connect after correctly migrating your certificates, this might be related to not secure enough algorithm. CentOS 6.9 release notes state that "Support for insecure cryptographic protocols and algorithms has been dropped. This affects usage of MD5, SHA0, RC4 and DH parameters shorter than 1024 bits." Of course real solution would be to migrate all your certs to better algorithm.
 +
 +
workaround :<syntaxhighlight lang="bash">
 +
echo -e "LegacySigningMDs md2 md5\nMinimumDHBits 512\n" >> /etc/pki/tls/legacy-settings
 +
service openvpn-bridge restart
 +
</syntaxhighlight>
    
==Other articles in this category==
 
==Other articles in this category==
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,249

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/37844"

Navigation menu