Backtrack:  
 
showing posts tagged with 'vpn'
 
edited by on November 3rd 2016, at 15:41
An SSL certificate and private key can be stored in many formats. Sometimes, it may be necessary to convert from one format to another. One such case is where you have a private and public key (certificate) in PKCS12 (PFX-file) format, and need the individual certificate and private key in X509 format. You can use OpenSSL to perform the conversion.

A PFX-file generally contains both the private and public key (certificate) and is usually secured with a passphrase. If the PFX-file you want to convert is secured with a password, you will need this in order to perform the conversion. If you do not have the password, there's no way to reset this and the PFX-file will be unusable. When performin  ...
edited by on June 7th 2016, at 15:47

If you lost your group password from the Cisco IPSEC VPN but still have the PCF file, you can use this website to decrypt the encrypted password, located in the file. This is useful if you need to manually configure your VPN client (e.g. on a Mac, you cannot import a PCF file with the native VPN client).

https://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode

To get the encrypted password, open the PCF file with a text editor (such as Notepad), then look for the line starting with enc_GroupPwd=. Copy everything after the = (if you have wordwrap on, make sure you got the entire line), and paste it in the text box on the website, then click the Decode button.

edited by on June 24th 2015, at 11:10
The logging on a FortiGate firewall is very scarse, making it difficult to troubleshoot issues. This can especially be a problem when setting up a site-to-site IPSEC VPN tunnel. Although the web interface doesn't provide much information for troubleshooting and debugging, the console does when debugging is enabled.

On most (if not, all) FortiGate appliances, you can access the console through the web interface. It usually can be found on the Dashboard (> Status).



As it says, click on the console to activate it.

Enabling debugging for all IPSEC VPNs means we enable debug mode on "IKE". This is done by the following series of commands.

If any debugging is already in progress  ...
edited by on May 22nd 2015, at 09:21

Cisco AnyConnect VPN client may fail on Windows 7 for no apparent reason with the following error:

Error
Unable to establish VPN

A possible reason may be that Internet Connection Sharing has been enabled on one or more network interfaces (e.g. used for making a hotspot out of your laptop). Try disabling ICS, then try connecting again.

edited by on April 4th 2013, at 16:15
The Cisco VPN client v5.0 does not work out-of-the-box on Windows 7 and 8. Starting the VPN will result in an error:

Error
Reason 442: Failed to enable Virtual Adapter

This is because of a malfunctioning installer, creating an invalid connection to the Cisco VPN Adapter. To resolve, follow the steps below.

Open regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA.

Look for the DisplayName value and change it to remove all leading characters up to and including %;:For x86, the value change from something like @oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter to Cisco Systems VPN Adapter

For x64, the value would change from something like @oem8.inf,%CVirtA_D  ...
edited by on February 28th 2013, at 14:38

Add this line to the server config:

push "redirect-gateway def1"
edited by on February 8th 2013, at 14:03

Restarting OpenVPN on the CLI of a pfSense can be done using the following command:

echo "<?php include('openvpn.inc'); openvpn_resync_all();?>" | php -q

This issues a restart command as if you would via the web-interface.

edited by on June 23rd 2011, at 17:37
Since version 2.0, OpenVPN has the ability to use PKCS12-files as TLS/SSL keys for accessing an OpenVPN server. The advantage of this is that you only have one key file containing the private and public key of the client and the CA certificate.

Creating such a certificate storage file can be done very easily when you already have the individual files, using OpenSSL.

openssl pkcs12 -export -in my-vpn.crt -inkey my-vpn.key -certfile my-ca.crt -out my-vpn.p12

Run the command above, matching the file names to the ones you have. Optionally, you can type in a password to secure the PKCS12 file.

Next, adjust your OpenVPN config: remove all the lines to your certificate and key files and add a s  ...
 
showing posts tagged with 'vpn'
 
 
« March 2024»
SunMonTueWedThuFriSat
     12
3456789
10111213141516
17181920212223
24252627282930
31      
 
Links
 
Quote
« When a bird does poo poo in your eye, be happy elephants don't fly. »