Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

Page 25/216 | < Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32 | Next Page >

SQUID Transparent SSL proxy (no intercept)

- by user974896

I know how to have squid work as a transparent proxy. You put it into transparent mode then use your router or IPTABLES to forward port 80 to the squid port. I would like to do the same for SSL. Every guide I see mentions setting up keys on the squid server. I do not want squid to actually decrypt the SSL traffic then establish a connection with the server, rather I would like squid to simply forward the SSL traffic as is. The only thing I would like to do is be able to check the SSL request for any offending IPs and drop the packets if the destination is one of them.

Read the article
What is involved in upgrading from SSL 2.0 to SSL 3.0 in IIS 6?

- by Ryan

I am using a site security testing suite and it says SSL 2.0 has known vulnerabilities and I should change it to SSL 3.0. Will my current certificates still work once I switch to SSL 3.0? How do I make the switch? Is it only in IIS or could I need to change anything on my web application? Thanks

Read the article
How can I use HAproxy with SSL and get X-Forwarded-For headers AND tell PHP that SSL is in use?

- by Josh

I have the following setup: (internet) ---> [ pfSense Box ] /-> [ Apache / PHP server ] [running HAproxy] --+--> [ Apache / PHP server ] +--> [ Apache / PHP server ] \-> [ Apache / PHP server ] For HTTP requests this works great, requests are distributed to my Apache servers just fine. For SSL requests, I had HAproxy distributing the requests using TCP load balancing, and it worked however since HAproxy didn't act as a proxy, it didn't add the X-Forwarded-For HTTP header, and the Apache / PHP servers didn't know the client's real IP address. So, I added stunnel in front of HAproxy, reading that stunnel could add the X-Forwarded-For HTTP header. However, the package which I could install into pfSense does not add this header... also, this apparently kills my ability to use KeepAlive requests, which I would really like to keep. But the biggest issue which killed that idea was that stunnel converted the HTTPS requests into plain HTTP requests, so PHP didn't know that SSL was enabled and tried to redirect to the SSL site. How can I use HAproxy to load balance across a number of SSL servers, allowing those servers to both know the client's IP address and know that SSL is in use? And if possible, how can I do it on my pfSense server? Or should I drop all this and just use nginx?

Read the article
Adding multiple websites with different SSL certificates in IIS 7

- by Timka

I'm having troubles using SSL for 2 different websites on my IIS 7 server. Please see my setup below: website1: my.corporate.portal.com SSL certificate for website1: *.corporate.portal.com https/443 binded to my.corporate.portal.com website2: client.portal.com SSL certificate issued for: client.portal.com When I try to bind https in IIS7 with the client's certificate, I don't have an option to put host name(grayed out) and as soon as I select 'client.portal.com' cert, I'm getting the following error in IIS: At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate? If I click 'yes' my.corporate.portal.com website stops using the proper SSL cert. Could you suggest something?

Read the article
"Error 53" with local LAN machines after VPN session on server

- by tim11g

I have a Windows 2000 server with a Windows 7 client that occasionally gets "error 53" when accessing the server by name (net view \\server). It still works by IP address (net view \\192.168.0.1). The server's primary IP address (as shown in "routing and remote access" as "Gigabit Ethernet" is 192.168.0.1. There is also a secondary IP address shown as "Internal" which is 192.168.0.50 The server also supports VPN. When a VPN user connects, it gets an address in the range of 192.168.0.51 to .59. Normally (when there is no error), when the local LAN client runs "ping server", it resolves to 192.168.0.1. When the Error 53 problem happens, "ping server" resolves to 192.168.0.50. This problem seems to be related to when a user connects or has recently connected to the server VPN. Is there some connection between the VPN services on the server and the DNS services on the server that could cause a local LAN client to become confused about which IP address to use for the server? Or is there a misconfiguration in the VPN or DNS?

Read the article
VPN into multiple LAN Subnets

- by Rain

I need to figure out a way to allow access to two LAN subnets on a SonicWall NSA 220 through the built-in SonicWall GlobalVPN server. I've Googled and tried everything I can think of, but nothing has worked. The SonicWall NSA management web interface is also very unorganized; I'm probably missing something simple/obvious. There are two networks, called Network A and Network B for simplicity, with two different subnets. A SonicWall NSA 220 is the router/firewall/DHCP Server for Network A, which is plugged into the X2 port. Some other router is the router/firewall/DHCP server for Network B. Both of these networks need to be managed through a VPN connection. I setup the X3 interface on the SonicWall to have a static IP in the Network B subnet and plugged it in. Network A and Network B should not be able to access each other, which appears the be the default configuration. I then configured and enabled VPN. The SonicWall currently has the X1 interface setup with a subnet of 192.168.1.0/24 with a DHCP Server enabled, although it is not plugged in. When I VPN into the SonicWall, I get an IP address supplied by the DHCP Server on the X1 interface and I can access Network A remotely although I do not have access to Network B. How can I allow access to both Network A and Network B to VPN clients although keep devices on Network B from accessing Network A and vice-versa. Is there some way to create a VPN-only subnet (something like 10.100.0.0/24) on the SonicWall that can access Network A and Network B without changing the current network configuration or allowing devices on both netorks "see" each other? How would I go about setting this up? Diagram of the network: (Hopefully this kind of helps) WAN1 WAN2 | | [ SonicWall NSA 220 ]-(X3)-----------------[ Router 2 ] | | (X2) 192.168.2.0/24 10.1.1.0/24 Any help would be greatly appriciated!

Read the article
route http and ssh traffic normally, everything else via vpn tunnel

- by Normadize

I've read quite a bit and am close, I feel, and I'm pulling my hair out ... please help! I have an OpenVPN cliend whose server sets local routes and also changes the default gw (I know I can prevent that with --route-nopull). I'd like to have all outgoing http and ssh traffic via the local gw, and everything else via the vpn. Local IP is 192.168.1.6/24, gw 192.168.1.1. OpenVPN local IP is 10.102.1.6/32, gw 192.168.1.5 OpenVPN server is at {OPENVPN_SERVER_IP} Here's the route table after openvpn connection: # ip route show table main 0.0.0.0/1 via 10.102.1.5 dev tun0 default via 192.168.1.1 dev eth0 proto static 10.102.1.1 via 10.102.1.5 dev tun0 10.102.1.5 dev tun0 proto kernel scope link src 10.102.1.6 {OPENVPN_SERVER_IP} via 192.168.1.1 dev eth0 128.0.0.0/1 via 10.102.1.5 dev tun0 169.254.0.0/16 dev eth0 scope link metric 1000 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.6 metric 1 This makes all packets go via to the VPN tunnel except those destined for 192.168.1.0/24. Doing wget -qO- http://echoip.org shows the vpn server's address, as expected, the packets have 10.102.1.6 as source address (the vpn local ip), and are routed via tun0 ... as reported by tcpdump -i tun0 (tcpdump -i eth0 sees none of this traffic). What I tried was: create a 2nd routing table holding the 192.168.1.6/24 routing info (copied from the main table above) add an iptables -t mangle -I PREROUTING rule to mark packets destined for port 80 add an ip rule to match on the mangled packet and point it to the 2nd routing table add an ip rule for to 192.168.1.6 and from 192.168.1.6 to point to the 2nd routing table (though this is superfluous) changed the ipv4 filter validation to none in net.ipv4.conf.tun0.rp_filter=0 and net.ipv4.conf.eth0.rp_filter=0 I also tried an iptables mangle output rule, iptables nat prerouting rule. It still fails and I'm not sure what I'm missing: iptables mangle prerouting: packet still goes via vpn iptables mangle output: packet times out Is it not the case that to achieve what I want, then when doing wget http://echoip.org I should change the packet's source address to 192.168.1.6 before routing it off? But if I do that, the response from the http server would be routed back to 192.168.1.6 and wget would not see it as it is still bound to tun0 (the vpn interface)? Can a kind soul please help? What commands would you execute after the openvpn connects to achieve what I want? Looking forward to hair regrowth ...

Read the article
Connect iPad to windows 7 VPN

- by Linuz

My iPad keeps spitting out the error: "A connection could not be established to the PPP server." I am trying to connect it to a VPN I set up with Windows 7 as an incoming connection. On the iPad, I went into the VPN settings, added a new PPTP VPN with the following information Server: Windows 7 Computer's IP RSA SecurID: OFF Account: Account Username Password: Account Password Encryption Level: Auto Send All Traffic: ON Proxy: Off Now I know that it is making some connection to the Windows 7 Computer because whenever I intentionally put in the wrong VPN password on the iPad, it makes me put in the correct one before trying to connect again. All the ports are forwarded on my router for PPTP, and my Windows 7 Firewall is even off to try to get this to work. Any help would be greatly appreciated, thanks.

Read the article
how to force split tunnel routing on mac -> cisco vpn

- by user23601

Any one know how to hack the routing table (on a mac) to defeat the forcing of VPN routing for every thing over a cisco VPN? pretty much what I want to do is have only 10.121.* and 10.122.* addresses over the VPN and everything else straight to the internet.

Read the article
Separating my VPN connection from my internet access

- by Christi

Background: Home PC is Windows XP and using Cisco VPN client; home internet connection is fast (20MB) office VPN router is Cisco RV110W; work internet connection is slow (1.5MB) With VPN connected, my home PC internet surfing is very slow. I looked this up in Google and found talk about splitting, tunneling, routing tables, etc., but I'm not sure what/how to do it. Basically, I would like a persistent VPN connection with the office resources, and at the same time, utilize my home high speed internet connection to access the internet. Can someone help me the steps as how-to?

Read the article
VPN Connection Causes Internal LAN Connection Loss with Server

- by sleepisfortheweak

I've tried configuring basic PPTP VPN at my small business using a number of different tutorials. As far as I can tell, the actual VPN connection worked fine, but upon connecting a client, the Server 'disappears' from the internal LAN. The RRAS service must be stopped before the connection is restored. My Setup: The network is simply a DSL Gateway/Router to the outside functioning as NAT/Firewall/DHCP. The server is a Win Server 2008 machine at fixed IP 192.168.1.200. The server has 1 NIC, so I used the 'custom' option when configuring RRAS. The RRAS settings should be default except that I've disabled ports for connection types I'm not using and reduced PPTP ports to 10. I've also created an address pool and disabled DHCP packet forwarding. The server only functions as a File Share and now a VPN Server. Local LAN computers all have mapped network shares to the server authenticated based on Local User/Group setup on the server. The Problem: The moment a client connects through VPN, the server 'disappears' from the local network. All mapped drives disconnect and there is no response to a ping 192.168.1.200. Even if the client disconnects, the server does not re-appear at that address until the RRAS service is stopped. I've Tried: Using an Address Pool inside and outside the local subnet. Using DCHP Relay Checking Inbound/Outbound filters (none enabled) The fact that nothing I've tried has had any effect, and that I can connect and successfully obtain an IP tells me that it's something more fundamental I'm missing. My gut tells me that it's something to do with the second IP address added by the VPN client somehow taking over the interface or traffic from the local LAN accidently getting routed to the VPN client instead of handled at the server once RRAS has become 'active' when a client connects. Hopefully this may be obvious to someone with real IT experience. I've been doing this a while and almost never been stumped. I'm starting to think it might actually be something tricky since my setup is pretty basic yet refuses to work. I'll be happy to include more info if this doesn't ring any bells right away for anyone. Thanks

Read the article
VPN/Proxy server to bypass work proxy

- by Trevor

Here is my dilema, I am at work and can not set up a VPN connection to my VPN account in the USA. So what I would like to do is somehow have my "IE" at work connect to my home network and route any internet requests through my home PC to my VPN account, so I can access my USA Contents? So what I was thinking and I am not sure if this will work, but set up a proxy server at home on my home computer, that then routes all requests to my VPN Tunnel to the USA. Have my work computer use my home computer as the proxy and viola I have unrestricted internet access? Does that sound feasable? Thanks.

Read the article
Compiling PHP with cURL and SSL support on Redhat EC5

- by Kevin Sedgley

I don't even know where to begin to be honest. Trying to use an external API that requires SSL connections, I discover that SSL in needed on cURL, but this (apparently) requires PHP to be reinstalled and compiled with cURL / SSL support. Not really experienced with compiling PHP, and I'm not sure if our server even has make or build, the only luck I've had is with rpm's before. This really isn't in my job description. Any help most most welcome!

Read the article
Hardware VPN suddenly slow, even after replacement. Free software VPN speed is fast [closed]

- by Andrew

In our company we have two remote users, one in Northern California and one in Texas, that connect via VPN. We have a hardware SSL VPN unit, and suddenly this week they experienced massive slowdown, to the point of speedtesting at 0.5 mbps when it is normally 7-10mbps. We replaced the hardware sslvpn but that did not solve the problem. If I have them connect using a free VPN tool like TeamViewer, their speeds are back to normal. Does anyone have any idea why this could happen? We have not made any infrastructure changes so this was very out of the blue and I'm confused as to why even replacing the hardware vpn didn't fix it, if using free software works just fine.

Read the article
CPanel has two entries for site, need to use SSL one

- by beingalex

I have a website that is meant to be using SSL, however there are two entries in Cpanel's httpd.conf which seem to be causing an issue. When I visit just www.website.com I require it to go to https://www.website.com. However I have to write the https:// directly for the site to work. The secure site also has a different IP. I am not meant to edit the httpd.conf directly either and am unsure as to how to change the following directives: <VirtualHost 1.1.1.1:80> ServerName website.com ServerAlias www.website.com DocumentRoot /home/websitec/public_html ServerAdmin [email protected] ## User websitec # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup websitec websitec </IfModule> <IfModule !mod_disable_suexec.c> <IfModule !mod_ruid2.c> SuexecUserGroup websitec websitec </IfModule> </IfModule> <IfModule mod_ruid2.c> RUidGid websitec websitec </IfModule> CustomLog /usr/local/apache/domlogs/website.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." CustomLog /usr/local/apache/domlogs/website.com combined ScriptAlias /cgi-bin/ /home/websitec/public_html/cgi-bin/ </VirtualHost> <VirtualHost 2.2.2.2:443> ServerName website.com ServerAlias www.website.com DocumentRoot /home/websitec/public_html ServerAdmin [email protected] UseCanonicalName Off CustomLog /usr/local/apache/domlogs/website.com combined CustomLog /usr/local/apache/domlogs/website.com-bytes_log "%{%s}t %I .\n%{%s}t %O ." ## User websitec # Needed for Cpanel::ApacheConf <IfModule mod_suphp.c> suPHP_UserGroup websitec websitec </IfModule> <IfModule !mod_disable_suexec.c> <IfModule !mod_ruid2.c> SuexecUserGroup websitec websitec </IfModule> </IfModule> <IfModule mod_ruid2.c> RUidGid websitec websitec </IfModule> ScriptAlias /cgi-bin/ /home/websitec/public_html/cgi-bin/ SSLEngine on SSLCertificateFile /etc/ssl/certs/www.website.com.crt SSLCertificateKeyFile /etc/ssl/private/www.website.com.key SSLCACertificateFile /etc/ssl/certs/www.website.com.cabundle CustomLog /usr/local/apache/domlogs/website.com-ssl_log combined SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown <Directory "/home/websitec/public_html/cgi-bin"> SSLOptions +StdEnvVars </Directory> # To customize this VirtualHost use an include file at the following location # Include "/usr/local/apache/conf/userdata/ssl/2/websitec/website.com/*.conf" </VirtualHost> As you can see there is obviously the unsecure directive before the secure one. And this is probably the issue, however if I try to change the IP for the site in WHM I get an error saying that the IP (2.2.2.2) is already in use. Which it is I guess. Any help is appreciated.

Read the article
VPN pre-shared key problems

- by Owl

I have two vpns set up on a Symantec Gateway Security 320. VPN 1 goes to a Symantec Firewall/VPN 100 to another clinic of ours and every hour they lose connectivity and the error log on the Firewall/VPN100 shows an invalid pre-shared key error, although, both devices show the same pre-shared key entered. VPN 2 goes to our software vendor to use an additional part of our program. I am unable to ping the remote address and so is the other company, but my VPN status shows it is connected. They have told me the pre-shared key seemed to be automatically trying to resubmit itself as if it were incorrect, about every hour even though it is correct. They also told me port80 traffic was closed but I show the HTTP service using 80 redirected to 80 in my firewall settings. Please help.

Read the article
Bizarre client IP switch-up on VPN

- by B. VB.

Let A.B.C.D be the public IP of my VPN server. Let W.X.Y.Z be the IP of the client before it connects to the VPN. My VPN server's IP address on the LAN in 10.8.0.1, and the client is 10.8.0.6. I also run a webserver on the same machine hosting the VPN. On it is a simple webpage that performs the exact same thing as whatismyip.org (i.e., simply prints the IP of the requester) Let me illustrate the scenario for you. In a Chrome window I have three tabs, what I have in parenthesis is the URL: Tab 1 (http://whatismyip.org): A.B.C.D This is what I expect to see. It's the public IP of the VPN server. Tab 2 (http://10.8.0.1): 10.8.0.6 ok, looks expected. They are behind the same LAN now. Tab 3 (http://A.B.C.D) W.X.Y.Z WTF?? Basically, if I access the webserver while tunneled, in shows the IP address of my machine PRIOR to tunelling! Remember, tab2 and tab3 are the same webpage. Why does Tab3 not show the client IP as it's own IP (i.e., show A.B.C.D)??? I hope this question is clear, thanks in advance!

Read the article
Multiple Apps - One SSL

- by Optix App Development

I'm trying to configure a domain and SSL to run multiple Facebook apps through the SSL. What I need advice on is routing the apps through the SSL without actually hosting them on that server. Ideally they would be hosted on the client's server. Any advice on how to do this? UPDATE Following the advice from the replies I have setup a domain which houses my Facebook apps under one SSL. So far this is working well. Thanks guys. :)

Read the article
Start a VPN session using a Terminal script

- by craibuc

I use an OSX Terminal session to start a VPN connection. The command that I execute at the prompt is: /etc/netlock/cvc -c :: This works as expected. I would like to save this to a script file that I can simply double-click to start. I created a file, 'vpn.command', added the command (list above), save it, and given execute permission: chmod +x vpn.command When I double-click the file, Terminal opens a BASH shell, executes the command, then exits. Upon closer inspection, the command is now '/etc/netlock/cvc -c ::; exit;' Why is the extra '; exit;' appended to my command? BTW, is there a way to execute another command, /etc/netlock/cvc -d, when the Terminal session is being closed so I can close the VPN automatically?

Read the article
Multiple SSL certificates on Apache using multiple public IPs - not working

- by St. Even

I need configure multiple SSL certificates on a single Apache server. I already know that I need multiple external IP addresses as I cannot use SNI (only running Apache 2.2.3 on this server). I assumed that I had everything configured correctly, unfortunately things are not working as they should (or maybe I should say, as I expected them to work)... In my httpd.conf I have: NameVirtualHost *:80 NameVirtualHost *:443 Lets say my public IP is 12.0.0.1 and my private IP is 192.168.0.1. When I use the public IP in my vhost my default website is being shown instead the one defined in my vhost, e.g.: <VirtualHost 12.0.0.1:443> ServerAdmin [email protected] ServerName blablabla.site.com DocumentRoot /data/sites/blablabla.site.com ErrorLog /data/sites/blablabla.site.com-error.log #CustomLog /data/sites/blablabla.site.com-access.log common SSLEngine On SSLCertificateFile /etc/httpd/conf/ssl/blablabla.site.com.crt SSLCertificateKeyFile /etc/httpd/conf/ssl/blablabla.site.com.key SSLCertificateChainFile /etc/httpd/conf/ssl/blablabla.site.com.ca-bundle <Location /> SSLRequireSSL On SSLVerifyDepth 1 SSLOptions +StdEnvVars +StrictRequire </Location> </VirtualHost> When I use the private IP in my vhost everything works as it should (the website defined in my vhost is being shown), e.g.: <VirtualHost 192.168.0.1:443> ...same as above... </VirtualHost> My server is listening on all interfaces: [root@grbictwebp02 httpd]# netstat -tulpn | grep :443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5585/httpd What am I doing wrong? If I cannot get this to work I cannot continue to add the second SSL certificate on the other public IP... If more information is required just let me know!

Read the article
VPN connection over apache mod_proxy

- by This is it

Hi We have several virtual machines which are connected in a private virtual network connection. Internet access for these machines is provided via dedicated virtual machine which has apache proxy server on it (they all use this machine as proxy). The problem now is that from several machines we need to connect to external VPN Server, but it seems that VPN connections don't work over apache proxy. Any suggestions on how to enable VPN connection over apache proxy (or some other proxy)? Some other solution? Thanks

Read the article
Sharing VPN access between two computers on the LAN

- by Axelle Ziegler

I have VPN access to several machines in my office from my home machine. I'd like to be able to access those machines from another computer on my LAN, without setuping a second VPN access. Both computers are Windows 7 machines. Is there a way for my "main" computer to share its VPN access to another machine on the LAN? How would one setup this share? I don't think "simple" Internet connection sharing fits my needs because: My LAN already has its own DHCP/Router to access the Internet, and I'd like to keep it this way I can't access the Internet through my VPN connection

Read the article
Reverse Proxy Server SSL?

- by valveLondon

Context We currently have an Apache web server in the DMZ set up as a reverse proxy and load balancer for two machines running Windows Server 2008 (IIS) inside. The Apache server has a genuine SSL certificate and serves up both http and https, however, the balancer members in the load balancing section are set to: BalancerMember {https://server1} and {https://server2}. The IIS web servers have self-signed certificates in order to respond to the https requests. My question: Do we need to forward any requests from Apache (in the DMZ) to the inside using SSL? e.g can the reverse proxy forward the requests using HTTP? and if so, why would I choose to forward them with SSL? (how secure is the http line between the dmz and the inside); In other words, can I totally disable SSL on my inside web servers?

Read the article
iPhone VPN to iTunes Home Sharing [migrated]

- by Philip Crumpton

my goal is to set up a VPN on a Windows machine that contains my iTunes library then connect to that VPN with my iPhone and be able to utilize Home Sharing remotely. I have read that this can easily be set up if the iTunes library is on a Mac (Network Beacon and YazSoft ShareTool are two products I quickly found). I can't find anyone who has had success on a Windows machine, though. In my thinking, there are two options (aside from buying a Mac): 1.) Existing utility that takes care of this for me (like the Mac-only options listed above) and is compatible with iPhone (Hamachi is NOT compatible with iPhone VPN) 2.) Manually configure a VPN to allow Bonjour multicast (can't find any information on this) FYI my router is a Linksys WRT54GL running Tomato 1.28

Read the article
Error 800 while connecting to VPN

- by Aamir

I am trying to connect to my office network through VPN. It used to work fine earlier but now as soon as I hit connect, I get Error 800: Error 800: Unable to establish VPN Connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection. I am using Windows XP and I am able to ping the VPN server successfully. I have Symantec Endpoint Protection installed (if it matters). I have tried disabling it as well but nothing changes.

Read the article

< Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32 | Next Page >