Can anyone who is a security expert recommend the most secure option for choosing what type of "cipher" to use with our OpenVPN setup?
(I bolded the one I think might be best? Let me know what you think. We are currently using "BF-CBC", but I want to be sure it's not breakable...) ...
Recently i have upgraded my system to Plesk 12 and im loving it. After upgrading i started checking and fixing all my SSL shortcommings. I think i've come from a far end upgrading it.
One of the fixes was the poodle fix, wich recommended to upgrade cipher suites. When analysing my cipher suites at ssllabs testing suite i get the following errors:
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK128
RC4Yes WEAK
I cannot find a way to remove the weak RC4 protocol and the other three weaknesses.
We are currently running ColdFusion 9 on an Apache server. After running a Webinspect scan for one of our web applications, a weak cipher vulnerability was flagged as critical. Their recommended change to the httpd.conf file is listed below. We made the change and restarted our server but the same vulnerability came up again. How to eliminate the weak cipher vulnerability?
SSLCipherSuite ALL:!aNull:!ADH:!eNull:!LOW:!EXP:!NULL:RC4+RSA:+HIGH:+MEDIUM
Yesterday we upgraded two of our servers to the latest Plesk 12.
The 1st server is an CentOS/CLoudlinux 6.x server and the 2nd an CentOS 5.x server.
Both of them were running Plesk 11.5 before the upgrade.
After the upgrade, we have the same issue in both servers which is that the START/TLS, SSL protocols at Courier imaps or pop3s do not work, and mail clients (outlook, thunderbird) return that the password is wrong when they connect over a secure connection.
In both of them, at the /var/log/maillog, we are getting the same messages, as the following one:
--------------------------------------------------------------------------
courier-imaps: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
--------------------------------------------------------------------------
As the issue is in both server, we believe thath it there is a bug in the new version or the update script.
We have already checked all configurations which seem ok, tried to... reboot the machines, mailchk repair, but nothing seems to work.
I am just trying to understand RSA encryption.
Just say I have three parties Alice, Bob and Eve.
All parties have access to Bob's Public Key.
Alice is going to send Bob an encrypted message of either "1" or "0" (without quotes)
Eve manages to intercept Alice's message.
If Eve encrypts "1" and "0" using Bob's Public Key, will one of them be the same as Alice's encrypted message?
I have a client that is in need of a easy to use and transparent as possible method of sending encrypted email to many external clients.
They have currently been using verisign digital ID's and have not been satisfied with the amount of work necessary to send and receive encrypted email.
I would welcome any and all installable or 3rd party service recommendations on how to handle this. The would prefer that their cleints receiving the email have to do the least amount of work, in order to receive their emails.
Are there solutions to sync folders between local and remote servers with file encryption capabilities. I mean:
<source server, unencrypted> <----sync-----> <remote server, encrypted>
I need sync similar to rsync, secured data transfer and encrypted storage on a remote server, so even root won't be able to access the data.
As I understand it, PGP Desktop is not compatible with server os's. Also, TrueCrypt and BestCrypt containers have i/o overhead. What else is left? Environment is 2008 Server with high i/o throughput requirements..
View 10 Replies View RelatedI believe there is a gap in my understanding of VPS with regards to just how much control you really have over the system. VPS gives you "root access" which typically means top-level access... but in reality, the true super user is a boot-up console user. Few VPS providers that I've investigated offer console access to your VPS while booting.
What, than, can be done about system upgrades or using advanced features like root filesystem encryption? Say, for instance, that my provider offers openSUSE 10.1 and I want 10.2. I would be loath to do such a thing if I can't reboot and watch things as it goes. What if the upgrade failed and you need to drop to a single-user mode to fix it?
Or maybe my real misunderstanding here is that you can't upgrade a system in a VPS if the provider doesn't offer the upgrade?
And what if I want my entire system (other than a boot partition) to be encrypted. This would include an encrypted root and swap. This also requires a password at bootup well before any services (like sshd) start.
Again, maybe the real answer is that I can't do that at all anyway and so it doesn't matter.
I'm contemplating creating a website that could store extremely sensitivity information. It's more than likely that a MySQL database would house this information.
My question is. Does anybody have any experience when it comes to encrypting an entire server disk?
I've searched online with disappointing results.
What's the go with seeding the PRNG on windows as there isn't dev/random or dev/urandom? Should I use CryptoAPI or just use a file with random contents and change it often, or just leave the PRNG to "almost" randomise itself?
View 1 Replies View RelatedI have installed OpenVPN on my VPS and I don't know how can i login on that and create client and configuration.
Support from Datacenter have installed on my VPS.
this is my details:
OpenVPN 2.0 x86_64-unknown-linux [SSL] [LZO] [EPOLL] built on Dec 27 2007
Developed by James Yonan
Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> ,
How can i login on OpenVPN? i'm very beginner.
Can you Please tell me , how can i access to OpenVPN and Create Account?
I have Cpanel/WHM on my VPS.
need some one to install OpenVPN ....
View 5 Replies View Relatedi try running on centos 5.2 : yum install -y openvpn
-bash-3.1# yum install -y openvpn
Loading "installonlyn" plugin
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Nothing to do
i want install openvpn by yum
Currently trying to get OpenVPN to work on my CentOS VPS, however not getting very far with it. I have followed the guide here: [url]
No problems with the guide, everything worked well! However when i goto start the openVPN service it fails with the following output in the log:
Sep 4 18:01:07 alpha openvpn[3137]: OpenVPN 2.0.9 i386-redhat-linux [SSL] [LZO] [EPOLL] built on Sep 4 2008
Sep 4 18:01:07 alpha openvpn[3137]: Diffie-Hellman initialized with 1024 bit key
Sep 4 18:01:07 alpha openvpn[3137]: TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 4 18:01:07 alpha openvpn[3137]: Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Sep 4 18:01:07 alpha openvpn[3137]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Sep 4 18:01:07 alpha openvpn[3137]: Cannot allocate TUN/TAP dev dynamically
Sep 4 18:01:07 alpha openvpn[3137]: Exiting
I then heard that i need to check the tun adapter, so ran the command "openvpn --dev tun0" which gave this output:
Thu Sep 4 18:24:57 2008 OpenVPN 2.0.9 i386-redhat-linux [SSL] [LZO] [EPOLL] built on Sep 4 2008
Thu Sep 4 18:24:57 2008 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Sep 4 18:24:57 2008 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
Thu Sep 4 18:24:57 2008 Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Thu Sep 4 18:24:57 2008 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Thu Sep 4 18:24:57 2008 Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)
Thu Sep 4 18:24:57 2008 Exiting
===============================================================
Here's what I'm trying to do:
Use OpenVPN running on a virtual server (Debian) to allow clients to access the Web. I am purchasing additional IP addresses from the host and want to assign one per client.
I'm pretty sure that OpenVPN will do this based upon what sites like AnonymousChannel and FindNot do.
how come I can't route all traffic through openvpn.
1. I was able to ping my client and server ip no problem. So the tunnel connection is fine.
The problem is i can't route internet traffic through openvpn.
I was able to ping from tun0 interface after i add below command
iptables -t nat -A PREROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
root@host188 [/etc/openvpn/config]# ping -I tun0 4.2.2.2
PING 4.2.2.2 (4.2.2.2) from 10.8.0.1 tun0: 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=55 time=8.94 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=55 time=8.65 ms
64 bytes from 4.2.2.2: icmp_seq=3 ttl=55 time=8.90 ms
However, my client can't ping 4.2.2.2 from vpn tunnel and I use tcpdump I saw the traffic coming.
I am planning to install a VPN software, probably OpenVPN over my VPS at RackForce. However, I am not much a VPN professional so that I would need some tutorials on it.
View 4 Replies View RelatedWhen I create a new subscription in Plesk 11.5 for Windows, i'm shown the following message:
Internal error: Wrong encryption key size
MessageWrong encryption key size
File aps_php.php
Line237
TypeException
I have plesk12 set up but when i set a mail (dovecot) password, it gets stored in plain text (which I can verify by running /usr/local/psa/admin/sbin/mail_auth_view ). I would like to change this default setting to be encrypted.
View 4 Replies View RelatedSomeone knows how I can limit the bandwidth every user gets? E.g. user1 gets 1mbit, user2 3mbit etc.
View 4 Replies View RelatedIf I wanted to install OpenVPN to create a personal VPN (low bandwith/CPU) what kind of minimum specs should I be looking into?
I contacted Panix.com to enquiry about their $10/month shell account I asked them about getting OpenVPN installed and they replied something like they do not allow it in the shell because it needs a server with a higher spec, which is odd to me.
we installed openvz on openvz(hypervm)
but serveral port are closed
for example port : 11033
11055
11171
11011
11022
11044
22277
how may open this port?
i`m manager full server( full root)
I have spent the last few days setting up a low-end VPS server as a VPN host, using OpenVPN on CentOS 5.
I've got everything set up, but one last (and most critical) component is still not working correctly.
Basically what I need, is that once users are on the VPN, they should be able to browse the internet through the VPN under that server's IP address rather than their own dynamic address. I was told that this VPN set up was the way to do it. However, right now when I connect into my VPN I can browse that specific server, but cannot access any other websites at all.
If it would help to see my config files, please let me know and I'll post.
I'm really itching to have this up and running,
I have a customer who wants to have *all* their computer internet activity routed through a server in our datacenter.
They want MSN, email, ftp, browser, ping from the command line, and even DNS lookups that initiate from any software running on the computer...
... they want everything to be routed through the datacenter server.
None of it should go through the ISP. Not even DNS lookups.
I'm thinking that a VPN setup is the way to do this. (ie: Run openVPN on the server and use openVPN client on the remote computers.)
So the idea is that as long as they are connected to the VPN server in our datacenter, which creates an encrypted "tunnel", then all traffic will be routed through the datacenter VPN server. The ISP will not be able to see anything at all, except the connection to the VPN server.
In the /var/log/messages snippet posted below, I see this (see below snippet)
Is this bad? Are the highlighted parts bad? Do they show an incorrect or inefficient configuration? I tried to find out what it means, but google isn't being too helpful in this instance.
(The VPN is used only as an "internet gateway" for about 5 users who need to browse the internet from within a foreign country.)
Here is the logfile snippet from /var/log/messages. (I changed he vpn username and client IP for privacy.)
Quote:
Nov 20 09:28:07 vpn openvpn[13712]: MULTI: multi_create_instance called
Nov 20 09:28:07 vpn openvpn[13712]: Re-using SSL/TLS context
Nov 20 09:28:07 vpn openvpn[13712]: LZO compression initialized
Nov 20 09:28:07 vpn openvpn[13712]: Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov 20 09:28:07 vpn openvpn[13712]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 20 09:28:07 vpn openvpn[13712]: Local Options hash (VER=V4): 'b695cb4a'
Nov 20 09:28:07 vpn openvpn[13712]: Expected Remote Options hash (VER=V4): 'bc07730e'
Nov 20 09:28:07 vpn openvpn[13712]: TCP connection established with 91.186.11.226:52093
Nov 20 09:28:07 vpn openvpn[13712]: TCPv4_SERVER link local: [undef]
Nov 20 09:28:07 vpn openvpn[13712]: TCPv4_SERVER link remote: 91.186.11.226:52093
Nov 20 09:28:07 vpn openvpn[13712]: user1/1.1.1.1:3861 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Nov 20 09:28:18 vpn last message repeated 31 times
Nov 20 09:28:21 vpn openvpn[13712]: 91.186.11.226:52093 Connection reset, restarting [-1]
Nov 20 09:28:21 vpn openvpn[13712]: 91.186.11.226:52093 SIGUSR1[soft,connection-reset] received, client-instance restarting
Nov 20 09:28:21 vpn openvpn[13712]: TCP/UDP: Closing socket
Nov 20 09:28:26 vpn openvpn[13712]: user1/1.1.1.1:3861 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Nov 20 09:28:57 vpn last message repeated 38 times
Nov 20 09:29:03 vpn last message repeated 9 times
Nov 20 09:29:07 vpn openvpn[13712]: MULTI: multi_create_instance called
Nov 20 09:29:07 vpn openvpn[13712]: Re-using SSL/TLS context
Nov 20 09:29:07 vpn openvpn[13712]: LZO compression initialized
Nov 20 09:29:07 vpn openvpn[13712]: Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov 20 09:29:07 vpn openvpn[13712]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 20 09:29:07 vpn openvpn[13712]: Local Options hash (VER=V4): 'b695cb4a'
Nov 20 09:29:07 vpn openvpn[13712]: Expected Remote Options hash (VER=V4): 'bc07730e'
Nov 20 09:29:07 vpn openvpn[13712]: TCP connection established with 91.186.11.226:52687
Nov 20 09:29:07 vpn openvpn[13712]: TCPv4_SERVER link local: [undef]
Nov 20 09:29:07 vpn openvpn[13712]: TCPv4_SERVER link remote: 91.186.11.226:52687
Nov 20 09:29:08 vpn openvpn[13712]: user1/1.1.1.1:3861 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Nov 20 09:29:21 vpn last message repeated 16 times
Nov 20 09:29:21 vpn openvpn[13712]: 91.186.11.226:52687 Connection reset, restarting [-1]
Nov 20 09:29:21 vpn openvpn[13712]: 91.186.11.226:52687 SIGUSR1[soft,connection-reset] received, client-instance restarting
Nov 20 09:29:21 vpn openvpn[13712]: TCP/UDP: Closing socket
Nov 20 09:29:21 vpn openvpn[13712]: user1/1.1.1.1:3861 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Nov 20 09:29:34 vpn last message repeated 144 times
Nov 20 09:30:06 vpn openvpn[13712]: MULTI: multi_create_instance called
Nov 20 09:30:06 vpn openvpn[13712]: Re-using SSL/TLS context
Nov 20 09:30:06 vpn openvpn[13712]: LZO compression initialized
Nov 20 09:30:06 vpn openvpn[13712]: Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Nov 20 09:30:06 vpn openvpn[13712]: Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 20 09:30:06 vpn openvpn[13712]: Local Options hash (VER=V4): 'b695cb4a'
Nov 20 09:30:06 vpn openvpn[13712]: Expected Remote Options hash (VER=V4): 'bc07730e'
Nov 20 09:30:06 vpn openvpn[13712]: TCP connection established with 91.186.11.226:53285
Nov 20 09:30:06 vpn openvpn[13712]: TCPv4_SERVER link local: [undef]
Nov 20 09:30:06 vpn openvpn[13712]: TCPv4_SERVER link remote: 91.186.11.226:53285
Nov 20 09:30:21 vpn openvpn[13712]: 91.186.11.226:53285 Connection reset, restarting [-1]
Nov 20 09:30:21 vpn openvpn[13712]: 91.186.11.226:53285 SIGUSR1[soft,connection-reset] received, client-instance restarting
Nov 20 09:30:21 vpn openvpn[13712]: TCP/UDP: Closing socket
It goes on like this, with this pattern repeating every 20 seconds or so. Is this normal?
Recently i have bought an Centos 5 vpsserver. I have installed openvpn with this code in Putty: # yum install openvpn.
Now i want to copy easy-rsa to /etc/openvpn.
I used this code:
# cp -R /usr/share/openvpn/easy-rsa /etc/openvpn
Unfortunuatly this error appears:
cp: missing destination file operand after '/usr/share/openvpn/easy-rsa'
Does anyone know the solution for this problem?
I have installed openvpn in my vps.
OS:Centos
CP:Virtuozzo
Now the main problem is that I was never able to login to admin after installation/configuration i.e
[url]
This is admin url,
I have contact the openvpn but they have not yet supported much they say I have to enter root password. But I dont know what are default login for that.
One more thing I guess root is the username and should I need to enter my Virtuozzo password or what?