Installing VPN connection and wifi drivers on RHEL5
- by Hulk
In RHEL5,
1.How to establish a VPN connection,The details i get to connect the VPN are ipaddreess ,username/password
2.How to install wifi drivers on RHEL5
Thanks..
Search Results
Search found 5390 results on 216 pages for 'ssl vpn'.
Page 82/216 | < Previous Page | 78 79 80 81 82 83 84 85 86 87 88 89 | Next Page >
-
-
Trouble connecting to vsftpd on ubuntu server
- by littleK
I have installed Ubuntu Server 10.10 and I am using it to host a domain that I have. I am trying to set up FTP for the server, but I am running into some problems. I have successfully installed vsFTPd and I have opened up ports 20, 21 on my firewall. In my vsFTPd configuration, I have enabled SSL. Every time I try to connect to my server via FTP, I receive a "Connection Refused" error. I have had a little more success with SSL disabled, however the connection process will time out after the LIST command (but it does accept my authentication). Here is my vsFTPd configuration, the SSL stuff is at the bottom: # Example config file /etc/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # # Run standalone? vsftpd can run either from an inetd or as a standalone # daemon started from an initscript. listen=YES # # Run standalone with IPv6? # Like the listen parameter, except vsftpd will listen on an IPv6 socket # instead of an IPv4 one. This parameter and the listen parameter are mutually # exclusive. #listen_ipv6=YES # # Allow anonymous FTP? (Disabled by default) anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) #local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # If enabled, vsftpd will display directory listings with the time # in your local time zone. The default is to display GMT. The # times returned by the MDTM FTP command are also affected by this # option. use_localtime=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/vsftpd.log # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. #xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd.banned_emails # # You may restrict local users to their home directories. See the FAQ for # the possible risks in this before using chroot_local_user or # chroot_list_enable below. #chroot_local_user=YES # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). #chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # Debian customization # # Some of vsftpd's settings don't fit the Debian filesystem layout by # default. These settings are more Debian-friendly. # # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd/empty # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. rsa_cert_file=/etc/ssl/private/vsftpd.pem # SSL ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES Thanks!Read the article
-
Force windows 7 to use specific network adapter per program.
- by AhmetC
Hello, I am using hamachi vpn. I want to setup windows 7 to use hamachi vpn network adapter for specific softwares in my system. And other softwares must use regular network adapters. Is that possible in windows 7? Is there kind of filter system? Thanks in advance.Read the article
-
Windows Web Server 2008 as VPN server?
- by xraminx
I have bought "Windows Web Server 2008". I am trying to setup incoming VPN connection but don't find the option for it. Is this version of Windows capable of accepting incoming VPN connections?Read the article
-
How can I forward all web traffic from my Cisco ASA 5100 to a checkpoint firewall?
- by Scott Clements
Hi, I currently have two Cisco ASA 5100 routers setup with a site-to-site VPN at different physical locations. They are successfully configured so that all traffic at our remote site is forwarded over this VPN tunnel to our router here, which is fine, however I need the web traffic that comes here to then be forwarded onto our Check Point firewall router. Can someone please tell me how I can configure this?? Many Thanks, ScottRead the article
-
Could not evaluate: certificate verify failed while using ssl proxy
- by Onitlikesonic
One of our machines was recently put behind an SSL proxy and since then I can't connect to puppet with "Could not evaluate: certificate verify failed." I have checked that the dates match, regenerated the certificates but to no avail. Debugging the verification with "openssl s_client -showcerts -connect puppetmaster:puppetmasterport" shows "Verify return code: 0 (ok)" Initially the Proxy SSL Certificate was not recognized with a "Verify return code: 20 (unable to get local issuer certificate)" problem which was then fixed with the answer in the question: Adding root certificate to CentOS 5Read the article
-
How to update cURL CA bundle on RedHat?
- by Andrew
I am running into issues where the CA bundle that has been bundled with my version of cURL is outdated. curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html Reading through the documentation didn't help me because I didn't understand what I needed to do or how to do it. I am running RedHat and need to update the CA bundle. What do I need to do to update my CA bundle on RedHat?Read the article
-
Programmatically assigning an existing ssl cert to a website in iis6 via powershell or vbscript
- by dagda1
Hi, I have the following powershell script that creates a new website in IIS6: https://github.com/dagda1/iis6/blob/master/create-site.ps1 Does anyone know how I can assign an existing ssl cert to the website? I know I can set the port number using adsutil.vbs like this: cscript adsutil.vbs set w3svc/xxx/securebindings ":443:somewhere.com" But I am drawing a big blank when it comes to assigning an existing ssl certificate. Thanks PaulRead the article
-
Programmatically assigning an existing ssl cert to a website in iis6 via powershell or vbscript
- by dagda1
Hi, I have the following powershell script that creates a new website in IIS6: https://github.com/dagda1/iis6/blob/master/create-site.ps1 Does anyone know how I can assign an existing ssl cert to the website? I know I can set the port number using adsutil.vbs like this: cscript adsutil.vbs set w3svc/xxx/securebindings ":443:somewhere.com" But I am drawing a big blank when it comes to assigning an existing ssl certificate. Thanks PaulRead the article
-
CMAK Custom Action to run synchronous executable
- by Charles Gargent
I am using the Connection Manager Administration Kit (CMAK) to create vpn connections for my users, if it is possible how do I create a custom action that launches an executable that runs synchronously? In the help file it says Only DLLs run synchronously, meaning that Connection Manager starts the action and then waits for the function to return before continuing Is there any way around this? I have seen something similar called VPN-Q which from the screen shots appear to do just that.Read the article
-
Force windows 7 to use spesific network adapter per program.
- by AhmetC
Hello, I am using hamachi vpn. I want to setup windows 7 to use hamachi vpn network adapter for spesific softwares in my system. And other softwares must use regular network adapters. Is that possible in windows 7? Is there kind of filter system? Thanks in advance.Read the article
-
What's the advantage of OpenVPN over SSTP?
- by Jose
If considering Windows only environment, what's the advantage of introducing OpenVPN as the company VPN service, instead of Windows built-in protocols? Especially the new SSTP protocol already overcome the one of the weakness of PPTP, which may not go over firewall/NAT. I'm wondering is there any reason not to use Windows integrated solution. The strength of the security can be an issue but I'm not sure how different they are (I know MS VPN was vulnerable but is it still?) Thanks.Read the article
-
Iptables rule creation error: No chain/target/match by that name
- by MikO
I'm trying to create my first VPN on a VPS with CentOS 6, following this tutorial. When I have to create an iptables rule to allow proper routing of VPN subnet, with this command: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE It throws this error: iptables: No chain/target/match by that name I was searching and I've found that this error is usually thrown when you misspell something, but as far as I understand, the rule is correct...Read the article
-
cURL connection error (60): SSL certificate pr0blem on Windows
- by Cheeso
When I try to use Curl on windows, to retrieve an https url, I get the dreaded "connection error (60)." The exact error message is: curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html How to resolve this? ps: I spelled the word "Problem" wrong in the title purposefully, because superuser refuses to accept the question with the correct spelling.Read the article
-
hMailserver: Secure SMTP SetUP - Trusted Cert Issue
- by Peter
I'm trying to configure hMailserver with a 3rd party SSL cert. I'v 1) Installed the SSL key & cert 2) Placed the hash named CA and intermediate in to the \externals\cs folder Now, the connection between the mail client and the server is secure and works. The issue is that mail clients outlook, apple mail, others issue an untrusted cert warning. I've followed several threads on the forums, but none seem to solve this problemRead the article
-
Cisco Routing through VPN
- by Superman
I am looking for a way to allow a client Win7 computer, which connects to our California office's Cisco ASA 5510 over an IPSec VPN connection to then be able to connect to a computer in our chicago office which is itself connected through another Cisco ASA router to california. It appears that we are unable to route client vpn connections between each other, and I cannot find any guidance on how to enable this. Let me know if this is possible / what needs to be done.Read the article
-
Checkpoint - Routing into the tunnel
- by Fake4d
I have a simple question for my checkpoint infrastructure. Do i have to route a net which i wanna access over a configured firewall VPN Tunnel. Explanation: I have two firewalls connected over a VPN which have several nets behind them. I need to access a new net at the other firewall and put them in their encryption Domain. Now here is the question: Do i have to route it in the operating system (SecurePlat)? Thanks!Read the article
-
What is "Disable class based route addition" good for?
- by JRoppert
In the advanced TCP/IP settings of a VPN connection, i found a checkbox labeled with "Disable class based route addition". The checkbox is only enabled as long as "Use default gateway on remote network" is switched off. What is "Disable class based route addition" good for? Detailed instructions to find the settings: Open Properties of VPN connection Go to Networking tab Open Properties of "Internet Protocol Version 4 (TCP/IPv4)" (and/or TCP/IPv6) Click "Advanced..." Button Change to "IP Settings" tab Here you can find the checkboxes mentioned aboveRead the article
-
Ubuntu + SSL ports + AVAST
- by jurajvt
I have an interesting problem with communication via standard SSL ports. Fresh installed Ubuntu 14.04 server + Postfix + Dovecot, SASL authentication provided by Dovecot, self-signed certificate generated trough the Dovecot script mkcert.sh. Redirected ports on ZyWALL USG 200. I can send and receive e-mails from outside with standard ports 25 and 110, but not over 587. I am connecting to my server from machine with Windows 8.1 + VMWare Player + Ubuntu 14.04 Desktop + ssh. On Windows host I have installed Avast! antivirus. When I am trying to telnet from virtual machine to server over 587, it refused connection. But when I turn on Avast! it let me in to message Connected to... Same with nmap. When Avast! is turned on it is show me all SSL ports. When I turned it off, only standard ports appeared. OpenSSL shows me CONNECTED(00000003). But outside virtual machine directly in Windows 8.1 using nmap with zenmap there are not opened SSL ports in both Avast! states. From other external linux machines are problems with touching SSL ports same - refused. I have turned on submission in master.cf and 587 port is correctly listening on 0.0.0.0 in process master.pid which belongs to Postfix. I can telnet, or nmap over port 587 to my domain directly from server. Other ports like 995, 993 are OK on localhost, too. It is true, that I can't send emails via 587 anyway (Avast! turned on/off), but I can see ports opened. It is possible, that I have simply bad certificate and Avast! has right one, so with turned it on I can see opened ports? EDIT: To be more clear, I can't see or using port 587 everywhere from outside (tried Thunderbird, telnet, openssl, nmap, putty, swaks; both from Linux or Windows machines) and that is my problem. It was only by chance that I saw opened ports when Avast! is turned on.Read the article
-
Forward traffic bound for a certain port over a different interface
- by Crankyadmin
Hi, My ISP throttles certain types of traffic. To get round this issue I thought about getting myself a VPN connection. Is it possible with the IPTABLES to forward all traffic outbound on port 119 (for example) to my vpn interface pptp0? ThanksRead the article
-
Connect to multiple VPNs?
- by Joe Lyga
I need a way to connect to multiple VPNs. It's to access camera systems and resources that are on different networks as a client. One VPN could be a company network, and another a city network. Is there a straightforward way to do this? I've experimented with setting up multiple virtual machines in virtualbox already, and I'd like to avoid having to have a full OS installation for every VPN I want to connect to.Read the article
-
How do I move the login stuff from Wordpress (login, register etc.) to its own subdomain [migrated]
- by surferconor425
Title says it all, hope this is possible as I want to start a network of sites for different stuff but want to use one account system with that subdomain using ssl with extended verification, thanks. EDIT: Ok, it has been closed because I am not being clear enough so I will narrow it down a bit more. I am wondering how to move all registration files and login files into a sub-domain instead of just the normal domain so I can put an SSL on it to make it more secure but leave the rest of the blog on the normal domain.Read the article
-
OpenVPN (HideMyAss) client on Ubuntu: Route only HTTP traffic
- by Andersmith
I want to use HideMyAss VPN (hidemyass.com) on Ubuntu Linux to route only HTTP (ports 80 & 443) traffic to the HideMyAss VPN server, and leave all the other traffic (MySQL, SSH, etc.) alone. I'm running Ubuntu on AWS EC2 instances. The problem is that when I try and run the default HMA script, I suddenly can't SSH into the Ubuntu instance anymore and have to reboot it from the AWS console. I suspect the Ubuntu instance will also have trouble connecting to the RDS MySQL database, but haven't confirmed it. HMA uses OpenVPN like this: sudo openvpn client.cfg The client configuration file (client.cfg) looks like this: ############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client auth-user-pass #management-query-passwords #management-hold # Disable management port for debugging port issues #management 127.0.0.1 13010 ping 5 ping-exit 30 # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. #;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto tcp ;proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. # All VPN Servers are added at the very end ;remote my-server-2 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. # We order the hosts according to number of connections. # So no need to randomize the list # remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ./keys/ca.crt cert ./keys/hmauser.crt key ./keys/hmauser.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ;ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. #comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 # Detect proxy auto matically #auto-proxy # Need this for Vista connection issue route-metric 1 # Get rid of the cached password warning #auth-nocache #show-net-up #dhcp-renew #dhcp-release #route-delay 0 120 # added to prevent MITM attack ns-cert-type server # # Remote servers added dynamically by the master server # DO NOT CHANGE below this line # remote-random remote 173.242.116.200 443 # 0 remote 38.121.77.74 443 # 0 # etc... remote 67.23.177.5 443 # 0 remote 46.19.136.130 443 # 0 remote 173.254.207.2 443 # 0 # ENDRead the article
-
How do you bypass TLS/SSL cetification validation in WCF for Exchange Web Services
- by Sevki
I wan't to bypass SSL and use regular http protocol to connect to a Exchange 2007 server however we dont want to invest in a real SSL cert and the one we use is needed for blackberry enterprise server. Is there a way to bypass this here is the exception Request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Service.Credentials = new WebCredentials(ShacxEwsUserName, ShacxEwsUserPassword, ShacxEwsUserDomain); Service.Url = new Uri(ShacxEwsServiceUrl); How do you make ExchangeService accept bad ssl.Read the article
-
OpenVPN Bridge LAN-to-LAN Configuration?
- by Shad Reese
I'm trying to configure an OpenVPN bridge LAN-to-LAN setup. Currently, I have the OpenVPN bridge Server/Client setup up running. On the server-side my br-lan interface has tap0, eth0, and wlan0 in the bridge group. On the client-side the br-lan interface has eth0 and wlan0 in the bridge group, the client tap0 is outside of the br-lan group. Currently the two bridge groups are connected via the wlanO interfaces (server-side is the Access Point - AP and the client-side is the wireless client). My goal is to connect the two bridge groups with a wireless VPN pipe. My network configuration: Server: br-lan: 10.4.96.50 Client: br-lan: 10.4.96.75 tap0: 10.4.96.100 <---- issued by the VPN server. Unfortunately, I'm stuck with using a bridge instead of a routed OpenVPN setup. My question is how (if possible) do I add the client tap0 interface to the client bridge group, as to ensure all traffic between the server/client bridge groups is using the VPN pipe? SERVER CONFIG FILE. config openvpn sample_server # Set to 1 to enable this instance: option enable 1 option port 1194 option proto udp option dev tap0 option key /etc/easy-rsa/keys/server.key option dh /etc/easy-rsa/keys/dh1024.pem option ifconfig_pool_persist /tmp/ipp.txt option server_bridge "10.4.96.50 255.255.255.0 10.4.96.100 10.4.96.200" list push "redirect-gateway local def1" list push "dhcp-option DNS 10.4.96.14" option duplicate_cn 1 option comp_lzo 1 option max_clients 100 option log /tmp/openvpn.log option verb 3 CLIENT CONFIG FILE: config 'openvpn' 'sample_client' option 'enable' '1' option 'client' '1' option 'dev' 'tap' option 'proto' 'udp' list 'remote' '10.4.96.50 1194' option 'status' /tmp/openvpn-status.log option 'log' /tmp/openvpn.log option 'ca' '/etc/easy-rsa/keys/ca.crt' option 'cert' '/etc/easy-rsa/keys/client.crt' option 'key' '/etc/easy-rsa/keys/client.key' option 'comp_lzo' '1' option 'verb' '5' Thanks in advance,Read the article
