Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

Page 21/216 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >

  • PPTP VPN + Ubuntu

    - by StalkerNOVA
    I have problems with connection to DD-WRT router with PPTP server installed. Win7 has no problems with connection to it. But in Ubuntu I'm getting all the time: Dec 28 21:52:14 IT-nb pppd[4209]: Plugin /usr/lib/pppd/2.4.5//nm-pptp-pppd-plugin.so loaded. Dec 28 21:52:14 IT-nb pppd[4209]: pppd 2.4.5 started by root, uid 0 Dec 28 21:52:14 IT-nb pppd[4209]: Using interface ppp0 Dec 28 21:52:14 IT-nb pppd[4209]: Connect: ppp0 <--> /dev/pts/2 Dec 28 21:52:18 IT-nb pppd[4209]: Connection terminated. Dec 28 21:52:18 IT-nb pppd[4209]: Exit.

    Read the article

  • PPTP VPN connection with dd-wrt terminates

    - by StalkerNOVA
    I have problems with connection to DD-WRT router with PPTP server installed. Win7 has no problems with connection to it. But in Ubuntu I'm getting all the time: Dec 28 21:52:14 IT-nb pppd[4209]: Plugin /usr/lib/pppd/2.4.5//nm-pptp-pppd-plugin.so loaded. Dec 28 21:52:14 IT-nb pppd[4209]: pppd 2.4.5 started by root, uid 0 Dec 28 21:52:14 IT-nb pppd[4209]: Using interface ppp0 Dec 28 21:52:14 IT-nb pppd[4209]: Connect: ppp0 <--> /dev/pts/2 Dec 28 21:52:18 IT-nb pppd[4209]: Connection terminated. Dec 28 21:52:18 IT-nb pppd[4209]: Exit.

    Read the article

  • Can't ping other machines at Linux VPN PPTP server's local lan from outside

    - by Marco Sanchez
    Before anything else, hello guys, this is the first time I ask for something here so I hope someone can give me a hand, please look at the following network diagram: --------------------------------------------------------------- VPN Server Webserver (SuSE SLES11) | | | ------- VPN LAN -------- | Router with Unique IP (With Port Forwarding rules set and VPN through enabled) | PPTP connection over Internet | Workstation (PC or Laptop with Windows) --------------------------------------------------------------- So the idea is for the workstation to connect to the PPTP Server and then be able to access a Web Application on the Webserver, right now I have the PPTP server configured and the VPN works, I can connect to the SLES11 server with no problems from the workstation and I can ping it and everything works fine but if I try to ping the Webserver from the workstation, I can't reach it, I'm making a mistake somewhere but I don't see where, please note that I'm not a network expert and thus I'd greatly appreciate some specific guidance. Here is some info related to the IPs --------------------------------------------------------------- *** SLES11 VPN Server has 2 Network cards: -- eth0 (Internal Network) IP: 192.168.210.5 MASK: 255.55.255.0 -- eth1 (External Network) IP: 192.168.1.105 MASK: 255.55.255.0 *** Webserver has 1 network card -- eth0 (Internal Network) IP: 192.168.210.221 MASK: 255.55.255.0 *** Workstation -- IP info once connection has been established to the VPN PPP adapter Test VPN Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Test VPN Connection Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.210.110(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 189.209.208.181 (Defined as part of the PPTP Server options config script) 189.209.127.244 Primary WINS Server . . . . . . . : 192.168.210.220 (Defined as part of the PPTP Server options config script) NetBIOS over Tcpip. . . . . . . . : Enabled --------------------------------------------------------------- I also defined the following within IP tables: ------------------------------------------------------------- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i eth0 -p gre -j ACCEPT ------------------------------------------------------------- If you need any piece of information from the PPTP server scripts please let me know, the thing is that I can actually connect to the VPN server and access its services and everything but after that I can't reach any other computer on that LAN. Any help would be greatly appreciated and thanks in advance

    Read the article

  • My self-generated CA is nearing it's end-of-life; what are the best practices for CA-rollover?

    - by Alphager
    Some buddies and me banded together to rent a small server to use for email, web-hosting and jabber. Early on we decided to generate our own Certificate Authority(CA) and sign all our certificates with that CA. It worked great! However, the original CA-cert is nearing it's end-of-life (it expires in five months). Obviously, we will have to generate a new cert and install it on all our computers. Are there any best practices we should follow? We have to re-generate all certs and sign them with the new CA, right?

    Read the article

  • Making sub domain the new main domains for ssl

    - by Dean Legg
    What would be your best advise for changing your main domain to a sub domain? Are site used to be example.co.uk but has now changed to https://secure.example.co.uk/. Any example.co.uk url's re-direct to the new secure domain. Effectively the example.co.uk is now just there to redirect any links and is no longer part of the sites url structure. I have added a new domain to Google Webmaster https://secure.example.co.uk/ and added the site map. Waiting for it to be indexed. Is there anything else you would advise and will this take away a lot of the juice from all the links I developed for example.co.uk? Guessing this is not best practise as I have struggled to find any information online based on this subject.

    Read the article

  • Laptop connectd to 2 VPNs (1st for Internet over WiFi, 2nd to access shared folders on another network) is failing to route traffic over 2nd VPN

    - by Triynko
    I set up a VPN on Windows Server 2008 through its routing and remote access services. I connected to the VPN, and configured the client to allow for split tunneling (Internet traffic goes to my default gateway, and traffic directed to the VPN server goes through the VPN gateway). I had to adjust the routing table, adding an entry to ensure traffic to my VPN server goes through the tunnel by running the command "route add [VPN.IP] mask 255.255.255.255 [VPN.GATEWAY.IP] IF [VPN_INTERFACE_#]". Adding the correct route makes everything work flawlessly on all my machines, except for one. The problematic machine is a laptop that's not directly connected to a network. It connects to WiFi, and then connects to a VPN to obtain internet access. Finally, it connects to the target VPN server for file sharing. The "route add" trick doesn't work for that laptop, I'm assuming because it's connected to two VPNs, and I'm getting the routing wrong. Can anyone familiar with routing explain what routes I may need to add?

    Read the article

  • Can OpenVPN be set up so the server doesn't have interface that is part of the VPN?

    - by BCS
    I'm looking to set up a VPN (OpenVPN is my first choice but I'm not stuck with it) in such a way that the server that hosts the VPN is not visible from within the VPN. That is; any packet that a client sends via the VPN interface will get delivered to another client's VPN interface or get dropped. In the other direction, the server shouldn't have a VPN interface at all and normal network operations shouldn't be able to send packets on the network. Can this be done? All the docs I have found have assumed that clients will connect via DHCP (this requiring that the server connect at least to that extent) but I can't think of any reason that a VPN couldn't use static IP's or that the DHCP server couldn't be implemented inside the VPN (see edit) server without setting up a VPN interface on the server. Edit: Based on the link on bridged mode from Phil Hollenback's answer it seems that OpenVPN does in fact have the "internal DHCP server" that I'm thinking of.

    Read the article

  • How can I connect to a mail server using SMTP over SSL using Python?

    - by jakecar
    Hello, So I have been having a hard time sending email from my school's email address. It is SSL and I could only find this code online by Matt Butcher that works with SSL: import smtplib, socket version = "1.00" all = ['SMTPSSLException', 'SMTP_SSL'] SSMTP_PORT = 465 class SMTPSSLException(smtplib.SMTPException): """Base class for exceptions resulting from SSL negotiation.""" class SMTP_SSL (smtplib.SMTP): """This class provides SSL access to an SMTP server. SMTP over SSL typical listens on port 465. Unlike StartTLS, SMTP over SSL makes an SSL connection before doing a helo/ehlo. All transactions, then, are done over an encrypted channel. This class is a simple subclass of the smtplib.SMTP class that comes with Python. It overrides the connect() method to use an SSL socket, and it overrides the starttles() function to throw an error (you can't do starttls within an SSL session). """ certfile = None keyfile = None def __init__(self, host='', port=0, local_hostname=None, keyfile=None, certfile=None): """Initialize a new SSL SMTP object. If specified, `host' is the name of the remote host to which this object will connect. If specified, `port' specifies the port (on `host') to which this object will connect. `local_hostname' is the name of the localhost. By default, the value of socket.getfqdn() is used. An SMTPConnectError is raised if the SMTP host does not respond correctly. An SMTPSSLError is raised if SSL negotiation fails. Warning: This object uses socket.ssl(), which does not do client-side verification of the server's cert. """ self.certfile = certfile self.keyfile = keyfile smtplib.SMTP.__init__(self, host, port, local_hostname) def connect(self, host='localhost', port=0): """Connect to an SMTP server using SSL. `host' is localhost by default. Port will be set to 465 (the default SSL SMTP port) if no port is specified. If the host name ends with a colon (`:') followed by a number, that suffix will be stripped off and the number interpreted as the port number to use. This will override the `port' parameter. Note: This method is automatically invoked by __init__, if a host is specified during instantiation. """ # MB: Most of this (Except for the socket connection code) is from # the SMTP.connect() method. I changed only the bare minimum for the # sake of compatibility. if not port and (host.find(':') == host.rfind(':')): i = host.rfind(':') if i >= 0: host, port = host[:i], host[i+1:] try: port = int(port) except ValueError: raise socket.error, "nonnumeric port" if not port: port = SSMTP_PORT if self.debuglevel > 0: print>>stderr, 'connect:', (host, port) msg = "getaddrinfo returns an empty list" self.sock = None for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res try: self.sock = socket.socket(af, socktype, proto) if self.debuglevel > 0: print>>stderr, 'connect:', (host, port) self.sock.connect(sa) # MB: Make the SSL connection. sslobj = socket.ssl(self.sock, self.keyfile, self.certfile) except socket.error, msg: if self.debuglevel > 0: print>>stderr, 'connect fail:', (host, port) if self.sock: self.sock.close() self.sock = None continue break if not self.sock: raise socket.error, msg # MB: Now set up fake socket and fake file classes. # Thanks to the design of smtplib, this is all we need to do # to get SSL working with all other methods. self.sock = smtplib.SSLFakeSocket(self.sock, sslobj) self.file = smtplib.SSLFakeFile(sslobj); (code, msg) = self.getreply() if self.debuglevel > 0: print>>stderr, "connect:", msg return (code, msg) def setkeyfile(self, keyfile): """Set the absolute path to a file containing a private key. This method will only be effective if it is called before connect(). This key will be used to make the SSL connection.""" self.keyfile = keyfile def setcertfile(self, certfile): """Set the absolute path to a file containing a x.509 certificate. This method will only be effective if it is called before connect(). This certificate will be used to make the SSL connection.""" self.certfile = certfile def starttls(): """Raises an exception. You cannot do StartTLS inside of an ssl session. Calling starttls() will return an SMTPSSLException""" raise SMTPSSLException, "Cannot perform StartTLS within SSL session." And then my code: import ssmtplib conn = ssmtplib.SMTP_SSL('HOST') conn.login('USERNAME','PW') conn.ehlo() conn.sendmail('FROM_EMAIL', 'TO_EMAIL', "MESSAGE") conn.close() And got this error: /Users/Jake/Desktop/Beth's Program/ssmtplib.py:116: DeprecationWarning: socket.ssl() is deprecated. Use ssl.wrap_socket() instead. sslobj = socket.ssl(self.sock, self.keyfile, self.certfile) Traceback (most recent call last): File "emailer.py", line 5, in conn = ssmtplib.SMTP_SSL('HOST') File "/Users/Jake/Desktop/Beth's Program/ssmtplib.py", line 79, in init smtplib.SMTP.init(self, host, port, local_hostname) File "/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/smtplib.py", line 239, in init (code, msg) = self.connect(host, port) File "/Users/Jake/Desktop/Beth's Program/ssmtplib.py", line 131, in connect self.sock = smtplib.SSLFakeSocket(self.sock, sslobj) AttributeError: 'module' object has no attribute 'SSLFakeSocket' Thank you!

    Read the article

  • Combine lighttpd configs for IPv4 and IPv6

    - by mrothe
    My lighttpd.conf includes the following lines: $SERVER["socket"] == "188.40.236.66:443" { ssl.engine = "enable" ssl.ca-file = "/etc/lighttpd/ssl/startcom.ca.pem" ssl.pemfile = "/etc/lighttpd/ssl/www.unixforces.net.pem" } $SERVER["socket"] == "[2a01:4f8:100:30a5:0:bc28:ec43:2]:443" { ssl.engine = "enable" ssl.ca-file = "/etc/lighttpd/ssl/startcom.ca.pem" ssl.pemfile = "/etc/lighttpd/ssl/www.unixforces.net.pem" } Is it possible to combine these two blocks into one? $SERVER["socket"] only allows for == and not =~.

    Read the article

  • Connecting Linux to WatchGuard Firebox SSL (OpenVPN client)

    Recently, I got a new project assignment that requires to connect permanently to the customer's network through VPN. They are using a so-called SSL VPN. As I am using OpenVPN since more than 5 years within my company's network I was quite curious about their solution and how it would actually be different from OpenVPN. Well, short version: It is a disguised version of OpenVPN. Unfortunately, the company only offers a client for Windows and Mac OS which shouldn't bother any Linux user after all. OpenVPN is part of every recent distribution and can be activated in a couple of minutes - both client as well as server (if necessary). WatchGuard Firebox SSL - About dialog Borrowing some files from a Windows client installation Initially, I didn't know about the product, so therefore I went through the installation on Windows 8. No obstacles (and no restart despite installation of TAP device drivers!) here and the secured VPN channel was up and running in less than 2 minutes or so. Much appreciated from both parties - customer and me. Of course, this whole client package and my long year approved and stable installation ignited my interest to have a closer look at the WatchGuard client. Compared to the original OpenVPN client (okay, I have to admit this is years ago) this commercial product is smarter in terms of file locations during installation. You'll be able to access the configuration and key files below your roaming application data folder. To get there, simply enter '%AppData%\WatchGuard\Mobile VPN' in your Windows/File Explorer and confirm with Enter/Return. This will display the following files: Application folder below user profile with configuration and certificate files From there we are going to borrow four files, namely: ca.crt client.crt client.ovpn client.pem and transfer them to the Linux system. You might also be able to isolate those four files from a Mac OS client. Frankly, I'm just too lazy to run the WatchGuard client installation on a Mac mini only to find the folder location, and I'm going to describe why a little bit further down this article. I know that you can do that! Feedback in the comment section is appreciated. Configuration of OpenVPN (console) Depending on your distribution the following steps might be a little different but in general you should be able to get the important information from it. I'm going to describe the steps in Ubuntu 13.04 (Raring Ringtail). As usual, there are two possibilities to achieve your goal: console and UI. Let's what it is necessary to be done. First of all, you should ensure that you have OpenVPN installed on your system. Open your favourite terminal application and run the following statement: $ sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome Just to be on the safe side. The four above mentioned files from your Windows machine could be copied anywhere but either you place them below your own user directory or you put them (as root) below the default directory: /etc/openvpn At this stage you would be able to do a test run already. Just in case, run the following command and check the output (it's the similar information you would get from the 'View Logs...' context menu entry in Windows: $ sudo openvpn --config client.ovpn Pay attention to the correct path to your configuration and certificate files. OpenVPN will ask you to enter your Auth Username and Auth Password in order to establish the VPN connection, same as the Windows client. Remote server and user authentication to establish the VPN Please complete the test run and see whether all went well. You can disconnect pressing Ctrl+C. Simplifying your life - authentication file In my case, I actually set up the OpenVPN client on my gateway/router. This establishes a VPN channel between my network and my client's network and allows me to switch machines easily without having the necessity to install the WatchGuard client on each and every machine. That's also very handy for my various virtualised Windows machines. Anyway, as the client configuration, key and certificate files are located on a headless system somewhere under the roof, it is mandatory to have an automatic connection to the remote site. For that you should first change the file extension '.ovpn' to '.conf' which is the default extension on Linux systems for OpenVPN, and then open the client configuration file in order to extend an existing line. $ sudo mv client.ovpn client.conf $ sudo nano client.conf You should have a similar content to this one here: dev tunclientproto tcp-clientca ca.crtcert client.crtkey client.pemtls-remote "/O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server"remote-cert-eku "TLS Web Server Authentication"remote 1.2.3.4 443persist-keypersist-tunverb 3mute 20keepalive 10 60cipher AES-256-CBCauth SHA1float 1reneg-sec 3660nobindmute-replay-warningsauth-user-pass auth.txt Note: I changed the IP address of the remote directive above (which should be obvious, right?). Anyway, the required change is marked in red and we have to create a new authentication file 'auth.txt'. You can give the directive 'auth-user-pass' any file name you'd like to. Due to my existing OpenVPN infrastructure my setup differs completely from the above written content but for sake of simplicity I just keep it 'as-is'. Okay, let's create this file 'auth.txt' $ sudo nano auth.txt and just put two lines of information in it - username on the first, and password on the second line, like so: myvpnusernameverysecretpassword Store the file, change permissions, and call openvpn with your configuration file again: $ sudo chmod 0600 auth.txt $ sudo openvpn --config client.conf This should now work without being prompted to enter username and password. In case that you placed your files below the system-wide location /etc/openvpn you can operate your VPNs also via service command like so: $ sudo service openvpn start client $ sudo service openvpn stop client Using Network Manager For newer Linux users or the ones with 'console-phobia' I'm going to describe now how to use Network Manager to setup the OpenVPN client. For this move your mouse to the systray area and click on Network Connections => VPN Connections => Configure VPNs... which opens your Network Connections dialog. Alternatively, use the HUD and enter 'Network Connections'. Network connections overview in Ubuntu Click on 'Add' button. On the next dialog select 'Import a saved VPN configuration...' from the dropdown list and click on 'Create...' Choose connection type to import VPN configuration Now you navigate to your folder where you put the client files from the Windows system and you open the 'client.ovpn' file. Next, on the tab 'VPN' proceed with the following steps (directives from the configuration file are referred): General Check the IP address of Gateway ('remote' - we used 1.2.3.4 in this setup) Authentication Change Type to 'Password with Certificates (TLS)' ('auth-pass-user') Enter User name to access your client keys (Auth Name: myvpnusername) Enter Password (Auth Password: verysecretpassword) and choose your password handling Browse for your User Certificate ('cert' - should be pre-selected with client.crt) Browse for your CA Certificate ('ca' - should be filled as ca.crt) Specify your Private Key ('key' - here: client.pem) Then click on the 'Advanced...' button and check the following values: Use custom gateway port: 443 (second value of 'remote' directive) Check the selected value of Cipher ('cipher') Check HMAC Authentication ('auth') Enter the Subject Match: /O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server ('tls-remote') Finally, you have to confirm and close all dialogs. You should be able to establish your OpenVPN-WatchGuard connection via Network Manager. For that, click on the 'VPN Connections => client' entry on your Network Manager in the systray. It is advised that you keep an eye on the syslog to see whether there are any problematic issues that would require some additional attention. Advanced topic: routing As stated above, I'm running the 'WatchGuard client for Linux' on my head-less server, and since then I'm actually establishing a secure communication channel between two networks. In order to enable your network clients to get access to machines on the remote side there are two possibilities to enable that: Proper routing on both sides of the connection which enables both-direction access, or Network masquerading on the 'client side' of the connection Following, I'm going to describe the second option a little bit more in detail. The Linux system that I'm using is already configured as a gateway to the internet. I won't explain the necessary steps to do that, and will only focus on the additional tweaks I had to do. You can find tons of very good instructions and tutorials on 'How to setup a Linux gateway/router' - just use Google. OK, back to the actual modifications. First, we need to have some information about the network topology and IP address range used on the 'other' side. We can get this very easily from /var/log/syslog after we established the OpenVPN channel, like so: $ sudo tail -n20 /var/log/syslog Or if your system is quite busy with logging, like so: $ sudo less /var/log/syslog | grep ovpn The output should contain PUSH received message similar to the following one: Jul 23 23:13:28 ios1 ovpn-client[789]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route 192.168.1.0 255.255.255.0,dhcp-option DOMAIN ,route-gateway 192.168.6.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.6.2 255.255.255.0' The interesting part for us is the route command which I highlighted already in the sample PUSH_REPLY. Depending on your remote server there might be multiple networks defined (172.16.x.x and/or 10.x.x.x). Important: The IP address range on both sides of the connection has to be different, otherwise you will have to shuffle IPs or increase your the netmask. {loadposition content_adsense} After the VPN connection is established, we have to extend the rules for iptables in order to route and masquerade IP packets properly. I created a shell script to take care of those steps: #!/bin/sh -eIPTABLES=/sbin/iptablesDEV_LAN=eth0DEV_VPNS=tun+VPN=192.168.1.0/24 $IPTABLES -A FORWARD -i $DEV_LAN -o $DEV_VPNS -d $VPN -j ACCEPT$IPTABLES -A FORWARD -i $DEV_VPNS -o $DEV_LAN -s $VPN -j ACCEPT$IPTABLES -t nat -A POSTROUTING -o $DEV_VPNS -d $VPN -j MASQUERADE I'm using the wildcard interface 'tun+' because I have multiple client configurations for OpenVPN on my server. In your case, it might be sufficient to specify device 'tun0' only. Simplifying your life - automatic connect on boot Now, that the client connection works flawless, configuration of routing and iptables is okay, we might consider to add another 'laziness' factor into our setup. Due to kernel updates or other circumstances it might be necessary to reboot your system. Wouldn't it be nice that the VPN connections are established during the boot procedure? Yes, of course it would be. To achieve this, we have to configure OpenVPN to automatically start our VPNs via init script. Let's have a look at the responsible 'default' file and adjust the settings accordingly. $ sudo nano /etc/default/openvpn Which should have a similar content to this: # This is the configuration file for /etc/init.d/openvpn## Start only these VPNs automatically via init script.# Allowed values are "all", "none" or space separated list of# names of the VPNs. If empty, "all" is assumed.# The VPN name refers to the VPN configutation file name.# i.e. "home" would be /etc/openvpn/home.conf#AUTOSTART="all"#AUTOSTART="none"#AUTOSTART="home office"## ... more information which remains unmodified ... With the OpenVPN client configuration as described above you would either set AUTOSTART to "all" or to "client" to enable automatic start of your VPN(s) during boot. You should also take care that your iptables commands are executed after the link has been established, too. You can easily test this configuration without reboot, like so: $ sudo service openvpn restart Enjoy stable VPN connections between your Linux system(s) and a WatchGuard Firebox SSL remote server. Cheers, JoKi

    Read the article

  • Raw FTP SSL with C#

    - by Chuck
    Hi, I'm trying to understand how SSL works. In my wish to make a small FTP client which supports SSL I've run into some problems: TcpClient FtpConnection = new TcpClient(FtpServer, FtpPort); NetworkStream FtpStream = FtpConnection.GetStream(); StreamReader FtpReader = new StreamReader(FtpStream); FtpWriter = new StreamWriter(IrcStream); send_cmd("AUTH SSL"); send_cmd is just a FtpWriter.WriteLine(text); FtpWriter.Flush(); function. My "problem" is this: First I need to make a (non-ssl) connection to the FTP, then tell it to do a ssl connection (AUTH SSL), and I would guess I then need to make a new connection - something like: TcpClient client = new TcpClient(FtpServer, FtpPort); SslStream sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); try { sslStream.AuthenticateAsClient("foobar"); } catch (AuthenticationException e) { MessageBox.Show("Authentication failed - closing the connection."); client.Close(); return; } Taken from msdn. I keep dying on handshake failed due to unexpected packet format (which I've tried googling, but all say it's because the author has connected to a wrong port), which I take as: The connection is not ssl until AUTH SSL is send to it. So my question is, how would i go about making this a "hybrid" connection so I can make an SSL connection to the server? Any help is greatly appreciated!

    Read the article

  • IIS6: Web Site presenting the wrong SSL certificate

    - by pcampbell
    Consider an IIS6 installation with multiple Web Sites. Each is intended to be a different subdomain with its own cert (not a wildcard cert). Each has their host-header specified properly. foo.example.com - port 443. Require SSL w/128 bit. Working properly! It presents its SSL cert properly to the browser. Configured for a specific IP address. bar.example.com - port 443. Require SSL w/128 bit. Configured for all unassigned addresses. When inspecting the IIS property page, it fully shows the cert for bar.example.com on the View Certificate button. This is a NEW web site that is having cert problems. It's presenting the cert for foo.example.com. Ouch! Question: can you have more than one subdomains both running on separate websites with SSL certs on the same port (443)? How would you configure 2 web sites on the same range of 'all unassigned' for the same port (443) ? Update: ignoring the cert error, when browsing to https://bar, the content served is from https://foo site. When NOT using SSL, browsing to http://bar serves the correct content from bar. Just one address is assigned to this DMZ server.

    Read the article

  • SSL handshake failed SVN Checkout

    - by Webnet
    I'm using https://IP:PORT/svn/web/repository to checkout remotely from our network here at the office and I'm getting the error... SSL handshake failed: SSL error: unknown protocol My concern is that I've verified that SSL is running and listening on the port I'm specifying. Now.... the port I've specified is forwarded through the office router to the SVN server. Any ideas on what could be going wrong?

    Read the article

  • SSL handshake failed

    - by Webnet
    I'm using https://IP:PORT/svn/web/repository to checkout remotely from our network here at the office and I'm getting the error... SSL handshake failed: SSL error: unknown protocol My concern is that I've verified that SSL is running and listening on the port I'm specifying. Now.... the port I've specified is forwarded through the office router to the SVN server. Any ideas on what could be going wrong?

    Read the article

  • HAProxy not passing SSL traffic in TCP mode (unknown protocol)

    - by David
    Hi, I've got a HAProxy LB solution setup and working correctly. All HTTP traffic on port 80 is being passed through succesfully. I'm now trying to get SSL traffic to work (in TCP mode and on just one server for now) however I keep getting the following error when testing via openssl: 26396:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:588: However, when I try the same test (openssl s_client -connect) on the web servers IP address and hostname, everything seems to look OK. I can setup a hosts record locally and confirm that the browsers are picking up the SSL certificate succesfully for the domain. I guess this has led me to the conclusion that there is a problem at the HAProxy setup I have, so would really appreciate some advice here. frontend https-c-in bind 178.79.xxx.xxx:443 mode tcp default_backend c-https backend c-https balance source option ssl-hello-chk option httpclose server c-web-01 192.168.xxx.xxx:443 check inter 2000 rise 2 fall 5

    Read the article

  • SSL, Nginx, X509_check_private_key:key values mismatch error

    - by Dmitry T
    I have nginx server with the SSL. I'm trying to submit ssl sertificate. After I restart nginx I'm getting error: SSL_CTX_use_PrivateKey_file(".../example.com.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) I found some solution here: http://nginx.org/en/docs/http/configuring_https_servers.html#chains but i'm not using of any bundles, Any ideas on what is the issue ? Thank you in advance, Dmitry

    Read the article

  • Debian Apache2 and SSL

    - by Topher Fangio
    Hello all, I recently took over a server that is using Apache2 with SSL. I have setup a new server to which I am migrating all of the old websites so that we can more easily scale (it's a cloud server) and so that I can set everything up correctly (or at least with some sort of convention). I have read quite a few articles on setting up Apache2 and SSL with virtual hosts, but I'm a bit confused because all of the examples show three files and I only seem to have two. To compound the problem, they are all named differently (do the file extensions actually make a difference?). The examples show something to this effect: <VirtualHost X.X.X.X:443> ServerAlias something.mydomain.com ServerAdmin [email protected] DocumentRoot /var/www/project/client/site SSLEngine on SSLCertificateFile /etc/ssl/certs/mydomain-cert.pem SSLCertificateKeyFile /etc/ssl/private/mydomain-key.pem SSLCertificateChainFile /etc/ssl/certs/mydomain-ca.crt </VirtualHost> However, the files I have are: _.mydomain.com.crt gd_bundle.crt It is a wildcard certificate that we purchased through GoDaddy I believe. I believe that the first file is the actual certificate file and the gd_bundle.crt is the chain file, but that leaves me without a key file. There is also a random mydomain.csr file lying around on the old server, but it wasn't one of the files bundled with the download from GoDaddy, so I'm not really sure as to what it is. Any help in figuring out what I need to do would be greatly appreciated. I am software developer, so I know my way around computers, but I have only dabbled in server setup/maintenance. Much Thanks!

    Read the article

  • VPN with wrong subnet mask

    - by Philipp Schmid
    I followed these instructions on www.hottonetworking.com to set up VPN on a clean install of Windows Server 2008 SP2 (not R2 yet). When I then establish a VPN connection to that machine from a client machine (running Windows 7 RC), everything succeeds (it seems since I get a 'Connected' state in the network sharing center window), but I end up with a subnet mask (according to ipconfig /all) of 255.255.255.255 instead of 255.255.255.0. The net effect is that I don't have local network or internet capability. What additional configuration steps do I have to do to get VPN with the proper subnet mask working? Update: Using the steps outlined in the Technet article mentioned by Mr. Nimble, I was able to get internet connection. Apparently the subnet mask is not an issue as my coworker was able to connect using his VPN connection and ping the server machine by name as well.

    Read the article

  • Can connect through Watchguard mobile VPN, but can't ping or access network drives

    - by johnnyb10
    We're having any issue in which some of our employess can no longer connect to our network drives when out of the office. We use Watchguard Mobile VPN (we have a Watchguard Firebox firewall) and the users are able to connect. That is, their status in the the VPN client says "Connected" and they have the correct IP address listed as the VPN Endpoint. The problem is, when they try to map drives, or even ping the IP address of a server on our network, it fails. Last week, we temporarily switched one of our Comcast modems to our backup DSL modem because the Comcast was accidentally shut off by Comcast, and the problem seemed to start around then. We've since switched back and the problem persists, so that doesn't seem to have been it (which makes sense). But we also made other changes at the time that might have thrown something off, although we feel like we've checked them all. Plus, some people can successfully connect to network drives through the VPN. Can someone please suggest some steps to help troubleshoot? We've checked the policies on our Watchguard box, and they seem fine. We've looked at the settings on the Mobile VPN client, but nothing seems like a probable cause. Thanks.

    Read the article

  • Jetty - Virtualhosting - SSL Certificates

    - by Walter White
    Hi all, I want to have different SSL certificates for different domains that I am hosting in a single Jetty instance. I do not want to front my Jetty application server with Apache. I am running Jetty 6.1.22. So far, I have only seen configurations with a single SSL certificate, and the configuration for SSL happens within server which leads me to believe that Jetty was designed to support a single SSL certificate. Please let me know if I can use Jetty with more than 1 certificate. I am considering migrating to JBoss Application Server 6.0 since it is closer to a real application server. Is this something that can be done there, and is it a supported feature? Walter

    Read the article

  • Fortinet SSL VPN Client Setup Without GUI on Linux (centos)

    - by Calua
    How can I install and setup a fortinet SSL VPN client on a VPS that's running on Centos? I have problem to do it because all guide I have are all using GUI which is not installed on the VPS to save resource. (example: http://dbssolutions.freshdesk.com/solution/categories/1513/folders/3047/articles/1791-how-to-install-the-linux-fortinet-ssl-vpn-client) I already have the linux version for the vpn client but not sure how to install and configure it only using the terminal.

    Read the article

  • Last (I think and hope) problems configuring SSL certificate with Apache and VirtualHosts

    - by user65567
    Finally I set apache2 to get a single certificate for all subdomains. [...] # Go ahead and accept connections for these vhosts # from non-SNI clients SSLStrictSNIVHostCheck off # Apache setup which will listen for and accept SSL connections on port 443. Listen 443 # Listen for virtual host requests on all IP addresses NameVirtualHost *:443 # Because this virtual host is defined first, it will # be used as the default if the hostname is not received # in the SSL handshake, e.g. if the browser doesn't support # SNI. <VirtualHost *:443> ServerName domain.localhost DocumentRoot "/Users/<my_user_name>/Sites/domain/public" <Directory "/Users/<my_user_name>/Sites/domain/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on ... </VirtualHost> <VirtualHost *:443> ServerName subdomain1.domain.localhost DocumentRoot "/Users/<my_user_name>/Sites/subdomain1/public" <Directory "/Users/<my_user_name>/Sites/subdomain1/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on ... </VirtualHost> <VirtualHost *:443> ServerName subdomain2.domain.localhost DocumentRoot "/Users/<my_user_name>/Sites/subdomain2/public" <Directory "/Users/<my_user_name>/Sites/subdomain2/public"> Order allow,deny Allow from all </Directory> # SSL Configuration SSLEngine on ... </VirtualHost> So, for example, I can correctly access https://subdomain1.domain.localhost https://subdomain2.domain.localhost ... Now, anyway, I have problems on accessing http://subdomain1.domain.localhost http://subdomain2.domain.localhost ... Since I use a Mac Os, on accessing the "http: version", I get a default page "Your website." (instead of a error). Why does it happen?

    Read the article

  • Watchguard box VPN Access X700

    - by Paulio001
    We have a watchguard X700 box that we are trying to get VPN access through. We have had a play with the ports and tried to open the VPN access but still have no joy. Do we need to purchase a special licence to get VPN open on this box?

    Read the article

  • Using Cisco VPN in Windows 7 XP Mode?

    - by Shane
    I previously asked a question about whether it was possible to use Cisco VPN client on Windows 7 64-bit (see below). Now that I have it set up, it doesn't work when I try to connect off the local network. I realize that there must be some networking/routing that I need to do since it's running on a virtual machine. How does one go about using the Cisco VPN client from XP mode in Windows 7? Related: Cisco VPN Client on Windows 7 64-bit?

    Read the article

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >