Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 112/216 | < Previous Page | 108 109 110 111 112 113 114 115 116 117 118 119  | Next Page >

  • openVPN as a way to connect to a LAN by another client, different from server

    - by Einar
    Setup: one LAN handled by a router without a publicly available IP address but without any outbound connection restrictions ("target LAN"); a separate server publicly reachable from the Internet ("gateway"). I am trying to set up openVPN so that a third client can connect to the "gateway" and access the "target LAN". As the router of "target LAN" is not reachable from the Internet directly, it connects to the gateway itself via openVPN as well. The problem is how to handle routing. The LAN router has two network interfaces (for the outside network and the LAN itself). In openVPN (the server on the gateway) I set client-to-client and push "route 192.168.10.0 255.255.255.0" but I assume this would be horribly wrong (it actually messed up the routing on the LAN router until I killed openVPN). openVPN is not using bridging, is configured via tun. Other config details from the server server 10.8.0.0 255.255.255.0 client-config-dir ccd route 192.168.10.0 255.255.255.0 And the client file in ccd is iroute 192.168.10.0 255.255.255.0 What can be adjusted to ensure that a third client can connect through openVPN and access the LAN mentioned earlier?

    Read the article

  • Windows Server 2003 IPSec Tunnel Connected, But Not Working (Possibly NAT/RRAS Related)

    - by Kevinoid
    Configuration I have setup a "raw" IPSec tunnel between a Windows Server 2003 (SBS) machine and a Netgear FVG318 according to the instructions in Microsoft KB816514. The configuration is as follows (using the same conventions as the article): NetA | SBS2003 | FVG318 | NetB 10.0.0.0/24 | 216.x.x.x | 69.y.y.y | 10.0.254.0/24 Both the Main Mode and Quick Mode Security Associations are successfully completed and appear in the IP Security Monitor. I am also able to ping the SBS2003 server on its private address from any computer on NetB. The Problem Any traffic sent from a computer on NetA to NetB, or from SBS2003 to NetB (excluding ICMP Ping responses), is sent out on the public network interface outside the IPSec tunnel (no encryption or header authentication, as if the tunnel were not there). Pings sent from a computer on NetB to a computer on NetA successfully reach computers on NetA, but the responses are silently discarded by SBS2003 (they do not go out in the clear and do not generate any encrypted traffic). Possible Solutions Incorrect Configuration I could have mistyped something, somewhere, or KB816514 could be incorrect in some way. I have tried very hard to eliminate the first option. Have re-created the configuration several times, tried tweaking and adjusting all the settings I could without success (most prevent the SA from being established). NAT/RRAS I have seen multiple posts elsewhere suggesting that this could be due to interaction between NAT and the IPSec filters. Possibly the NetA private addresses get rewritten to 216.x.x.x before being compared with the Quick Mode IPSec filters and don't get tunneled because of the mismatch. In fact, The Cable Guy article from June 2005 "TCP/IP Packet Processing Paths" suggests that this is the case, (see step 2 and 4 of the Transit Traffic path). If this is the case, is there a way to exclude NetA-NetB traffic from NAT? Any thoughts, ideas, suggestions, and/or comments are appreciated.

    Read the article

  • Have servers behind OpenVPN subnet reach connecting clients

    - by imaginative
    I am trying to find some relevant documentation or what directives I need in either the OpenVPN server configuration or client configuration to accommodate for this use case. I have an OpenVPN server that clients connect to. The OpenVPN server can communicate directly with any of the clients already, this is not an issue. The client is able to reach any machine on the private subnet where OpenVPN resides, this is also not an issue. My issue is that the reverse is currently not possible - I have servers on the same subnet as the OpenVPN box that cannot reach any of the connecting clients. I'd like to be able to SSH to them and more, the same way the client can reach the servers behind the OpenVPN subnet. What do I need to do to make this possible? I already have masquerading rules set on the OpenVPN box: iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE IP Forwarding is enabled: echo 1 >/proc/sys/net/ipv4/ip_forward I added a route on the server behind the private subnet to be aware of the route: 192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 What am I missing?

    Read the article

  • How to generate new CSRs for TLS use in sendmail?

    - by Mikey B
    SendMail 8.13.8 | CentOS 5.x Hi Guys, I'm using ca-signed TLS certificates on my sendmail server and they are up for renewal soon. Our new CA doesn't like our old CSR so I need to generate a new CSR. Can someone point me to the procedure for doing this (without affecting the production certs that are already in use)? I'm paranoid of overwriting the old TLS certs in the process of generating a CSR. Most of the instructions I've found are for implementing self-signed TLS certs -- which isn't an option for me at this time. I'm thinking it would something like: openssl req -new -nodes -out new-tls.csr -keyout new-tls-private.key But I wasn't sure if I was missing some options there such as the -x509 option... -M

    Read the article

  • Our company claims that the DLP system can even monitor the contents of HTTPS traffic, how is this possible?

    - by Ryan
    There is software installed on all client machines for DLP (Data Loss Prevention) and HIPAA compliance. Supposedly it can read HTTPS data clearly. I always thought that between the browser and the server, this was encrypted entirely. How can software sneak in and grab this data from the browser prior to it is encrypted or after it is decrypted? I am just curious as to how this could be possible. I would think that a browser wouldn't be considered very secure if this was possible.

    Read the article

  • IIS 6.0 mitigating BEAST

    - by D3l_Gato
    Recently, my PCI assessor informed me that my servers are vulnerable to BEAST and failed me. I did my homework and I want to change our webservers to prefer RC4 ciphers over CBC. I followed every guide I could find... I changed my reg keys for my weaker than 128bit encryption to Enabled = 0. completely removed the reg keys for the weaker encryptions. I downloaded IISCrypto and unchecked everything but RC4 128 ciphers and triple DES 168. My webserver still prefers AES-256SHA. Is there a trick in IIS 6.0 to get your webservers to prefer RC4 ciphers that I am not figuring out? It seems like in IIS 7 they made this very easy to fix but that doesn't help me now!

    Read the article

  • How can I persist certificates in Java's cacerts?

    - by Alan Spark
    We need to have a certificate in Java's cacerts keystore for one of our servers that is authenticated by LDAP. We are using Ubuntu server. We have successfully done this by updating the cacerts file in /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/security but occasionally a Java update is installed and the cacerts file seems to be getting replaced by a default one that doesn't contain our changes. This doesn't happen very often but it is becoming a bit of a pain when it does happen. Is there a better way of adding things to cacerts so that they don't get lost when a Java update happens? Thanks, Alan

    Read the article

  • Encrypt client connection with squid forward proxy using SSL

    - by Twisted Whisper
    I'm setting up a Squid forward proxy and I'm wondering if I could configure Squid in such a way that the connection from my web browser to squid is https regardless of whether the connection from squid to the destination website is http or https. In other words, I want my connection from my web browser to my forward proxy to be encrypted even though I'm just surfing normal http website through that proxy. Can it be done?

    Read the article

  • Opening firewall to incoming port 443

    - by jrdioko
    I recently set up the ufw firewall on a Linux machine so that outgoing connections are allowed, incoming connections are denied, and denied connections are logged. This seems to work fine for most cases, but I see many denied connections that are incoming on port 443 (many with IPs associated with Facebook). I can open that port to incoming connections, but first wanted to ask what these could be. Shouldn't HTTPS requests be initiated by me and be treated as outbound, not inbound connections? Is it typical to open incoming port 443 on consumer firewalls?

    Read the article

  • EasyVPN client Access mutiple subnet behind cisco 5510

    - by zatrac
    I need help with the following scenario Main network ASA 5510 (one inside 192.168.10.1 connection and one outside connection). This ASA 5510 connect to switch 3570 with 3 VLANS configured (192.168.10.0, 10.10.11.0, 10.10.12.0). On the remote site I have ASA5505 ( 10.10.13.0) connected to this ASA5510 through EZVPN, but all it can see is the 192.168.10.0 subnet. What do I need to do to get the subnet 10.10.13.0 to see all 3 internal subnets.

    Read the article

  • Need advise on linking apache and tomcat

    - by hsnm
    I have been searching this for hours with no luck. I have a web server that uses https on Apache2. I also have installed tomcat7 on the same server to run some Java webapp on it. I need to keep my https port 443 on Apache but forward the requests to the Java webapp to tomcat. I tried to use mod_jk to redirect the requests to tomcat but I failed. Most tutorials talk about redirecting plain http requests not https. I also could not let tomcat use https on 8443. I'm following the steps here but facing errors. The question: Can I redirect https traffic to tomcat without installing https on tomcat? Is there a good tutorial you can recommend to me?

    Read the article

  • I am not able to open gmail and some other sites.

    - by pam
    Last day my system got hanged so I restarted and recovered windows to the the date of 1 day before. Now I am not able to open gmail, orkut and some other sites. When I try to open these sites I receive this message: This Connection is Untrusted www.google.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. The certificate is only valid for 78-159-121-94.local (Error code: sec_error_untrusted_issuer)

    Read the article

  • Windows 2003 Server, can't connect to an SSL Site from IE.

    - by JL
    I am trying to connect to connect to www.czebox.cz using internet explorer on Windows 2003 server. If you have a server to test from please do, and you'll notice that it does not connect instead returns - Internet Explorer cannot display the webpage. From Firefox it works fine on the server. From Windows 7 it works fine in Internet Explorer. How can I get it to work in Windows 2003 Server using IE?

    Read the article

  • Two virtual host one with Domain name one with internal ip#?

    - by Abhishek
    Is it possible to have two virtual host configurations for the same server - one with internal ip address and one with domain name? Something like <VirtualHost {{internal-ipaddress}}:80> ....... </VirtualHost> <VirtualHost {{domain-name}}:80> ....... </VirtualHost> Note that the internal IP address and the domain name belong to the same server or same server instance. I am asking this to restrict some URLs for external users, redirect to https all external access and allow everything for internal users(without https)..

    Read the article

  • Setting up a subdomain SSL with custom port

    - by Webnet
    I'm setting up a subdomain on a dedicated server that I'm going to use for SVN services. The SVN server is up and running I just need to setup the subdomain. The https has been switched to a custom port because there's a confliction with a port forward pointing to another server. Should I do this through GoDaddy or Apache?

    Read the article

  • IIRF - Redirecting all traffic to the http equivalent

    - by GordonB
    I'm using IIRF and having some trouble getting it to redirect all traffic to the secure version of my sites. So... I have a website with about 20 apps in virtual directories in IIS6. The website takes 80 and 443 traffic. I want to use IIRF to redirect all port 80 traffic EG; http://myserver/app1/page1/param1 http://myserver/app2/ http://myserver To the secure equivalent (https). Here's my config so far; # Iirf.ini # # ini file for IIRF # RewriteLogLevel 1 RewriteLog D:\Websites\Apptemetry\IirfLogs RewriteEngine ON StatusInquiry ON IterationLimit 5 RewriteLogLevel 3 RewriteCond %{HTTPS} off RewriteCond %{SERVER_PORT} ^80$ RedirectRule ^http(.*)$ https$1 Can anyone advise the correct configuration to use, to redirect all traffic?

    Read the article

  • ssl_prefer_server_cipers unknown directive

    - by trobrock
    I just compiled nginx v1.2.3 from source on a CentOS 6.3 server and am trying to use the ssl_prefer_server_ciphers directive, but I am getting an error nginx: [emerg] unknown directive "ssl_prefer_serfver_cipers" in /etc/nginx/sites-enabled/application:5 I am not seeing anywhere that this directive depends on any specific versions of other libraries, or even specific versions of nginx. What could I be doing wrong here?

    Read the article

  • Apache: serving SSL only

    - by elect
    I have a website that I want to be access only by https://myurl.com. A normal typing myurl.com should be forwarded to the https. I tried different things such as: RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://myurl.com/$1 [R,L] (rewrite mod ON) or NameVirtualHost *:80 <VirtualHost *:80> ServerName mysite.example.com DocumentRoot /usr/local/apache2/htdocs Redirect permanent /secure https://mysite.example.com/secure </VirtualHost> But they didnt work, which is the right way to do it? Debian & Apache 2

    Read the article

  • Conditional https redirect to http depending on URL? (Apache)

    - by Joel Marcey
    Right now I redirect 100% of the time if someone does https://mysite.com <VirtualHost *:443> ServerAdmin [email protected] ServerName mysite.com ServerAlias www.mysite.com RewriteEngine on RewriteRule (.*) http://%{HTTP_HOST} [L,R=permanent] <VirtualHost> However, now I want to conditionally redirect. If a user goes to https://mysite.com/abc/, then I want to use https; otherwise redirect. How do I do this? I tried reading the docs, but just couldn't find what I needed. I am using Apache on Ubuntu Linux.

    Read the article

  • Using nginx as a reverse proxy for tomcat results in new jsessionids for every ssl request

    - by user439407
    I am using nginx as a reverse proxy for a tomcat setup, and everything works fine for the MOST part, the only issue I am having is that every request to an http address results in a new JSESSION ID being created(this doesn't happen in http), here is the relevant part of the NGINX configuration: location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_redirect off; proxy_connect_timeout 240; proxy_send_timeout 240; proxy_read_timeout 240; proxy_pass http://localhost:8080; } Any idea why I am constantly genning new jsessionids?

    Read the article

  • Create True VLAN over RAS

    - by Bigbohne
    Hi, I was wondering if it's possible. I want to create a virtual network over RAS using Windows Server 2003. The Client should be able to connect to the server using L2TP and should get an IP Adress from a private Range (lets say 192.168.1.100 - 192.168.1.200 and a subnetmask of 255.255.255.0). Now each client connected to the server should be able to ping another connected client. e.g. 192.168.1.123 <- 192.168.1.145 via RAS via the server. Is this possible? And ... how ? best regards, andre

    Read the article

  • Really remove non-permanent certificate exception in firefox

    - by user1719315
    I visited japan.indymedia.org and firefox gave me the "Invalid certificate" screen. I added an exception, but did not click "Store this exception permanently." But now firefox still happily visits the same site without giving any warnings, even after a restart of the browser. I tried going to the Options-Advanced-Encryption-View Certificates-Servers to remove the certificate but I did not find it there. How to remove this exception and make firefox give me the warning when visiting the site?

    Read the article

  • Apache Key: Which is it using?

    - by quindraco
    I'm running an Apache server on Ubuntu. When I restart it, it asks me for a pass phrase; here's what the dialog looks like: Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server 127.0.0.1:443 (RSA) Enter pass phrase: I've already worked out how to remove the pass phrase from the key file in question, but I can't find any information anywhere on how to determine which key file Apache is complaining about in the above dialog. I have dozens of key files on the server in question, although I don't know which ones are in active use (all I did is 'locate .pem' and ignore the false positives). Does anyone know how to track down which pem file I need to remove the passphrase from?

    Read the article

  • How do you permanently disable the 'This Connection is Untrusted' page on Firefox

    - by TheIronChef9
    I'm going insane. Can someone please help me to COMPLETELY DISABLE the 'This Connection is Untrusted' page on Firefox. Facts: I am running Firefox 23.0 on an Ubuntu machine (downloaded and installed ubuntu today) It is a work computer and I have to use my employer's proxy While visiting Webpages/webapps like Gmail or Google brings up the 'This Connection is Untrusted' page and I have to go through the whole tedious task of selecting 'I understand the Risks' and add Exceptions, etc. etc. The fact is, I don't care about the risks. I would rather this computer melt into the ground than have to see that page ever again. I want to dance naked in untrusted pages and not give a damn about the consequences. I just never want to see that page again. Ever. For some sites (eg. wikipedia), the css doesn't load and I end up seeing them in plain text. As a result these sites are completely useless. Wasted hours trying to solve this for stackoverflow.com. These issues happen on the Firefox on my Windows XP machine as well (also using the same proxy). I don't want to export/import certificates or create exceptions for every site that shows this bloody page. I just want this page gone. I don't want Firefox to tell me what's safe and what's not. Also, my system time and date are correct. I've also tried the lies on this page too with no good results. Edit: I've also tried the whole going into the Advance-Certificates-validation setup page and unchecked 'Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates' checkbox. Nothing happened even after restarting firefox or rebooting. I need help. Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 108 109 110 111 112 113 114 115 116 117 118 119  | Next Page >