![]() ![]() You should now see the name of the profile listed. I already contacted Zach to share this problem and hoping it can be fixed but if someone has an idea to fix this it would be awesome. The Pritunl client is a no-frills, user-friendly tool for connecting to the server. Using the “AES-CBC Cipher Algorithm” in openvpn connect client options, it actually prints “Outgoing Data Channel: Cipher ‘AES-128-CBC’” and internet traffic is fine. Server logs for different clients (XX. is the IP adress of my server) As it possible to see, only the pritunl client can create a AES-128-GCM encryption since “Outgoing Data Channel: Cipher ‘AES-128-GCM’ initialized” and “Incoming Data Channel: Cipher ‘AES-128-GCM’ initialized” are shown in the server log. I have added three log file of the server when connecting with pritunl client (works), nmplasma (on the same device, not working) and openvpn on android (not working). Manually changing config files did not solve the problem, so for now I am stuck using AES-CBC which is not an optimal encryption scheme. This misconfiguration can be solved while using other clients such as openvpn connect when activating “AES-CBC Cipher Algorithm” in the options with AES-128-GCM on the server side. Since pritunl clients have profile sync support but other clients don’t, I thought this was the source of the problem. The same problem was found with the hash. Even if the server was configured with AES-128-GCM, the client file was still created with AES-128-CBC. Looking at these problems, I found that client config files were not actualized when server settings were changed. ![]() The connection was working but I did not have any internet traffic available with non-pritunl clients (on Android, Linux and Windows), while everything was working fine on the same devices with pritunl clients on Linux and Windows. I had encryption compatibility problems with clients other than pritunl client. To sum it up: I recommend getting knowledge with that company's internal security policies to get the whole picture.I already contacted Zach by email but I repost this here because it can maybe help someone (or someone could help me). In big companies, such risks are mitigated with additional security controls. If employees of that company can connect to the Internet without any restrictions (web sites' allow-list) the risk of introducing malware into company LANs is very high while using such outdated browsers. ![]() Why not using other VPN solutions: maybe the cost of implementation (including trainings, auditing, etc) is too high, and the company has mitigated risks in some other ways (for example with strict Internet traffic filtering, allow-lists, Intrusion Detection Systems, etc.)? Maybe there are regulatory limitations, such as FIPS requirement for a VPN solution, which can't be met with popular VPN solutions? Maybe their VPN gateway is running an obsolete version of VPN server? Maybe, for the users' UX they're using Java Applet based VPN clients? New browsers don't allow running Java Applets (NPAPI in Firefox was abandoned in 2018). The answer lies probably in some kind of security policies in that company. So, ending Firebird attachments using SQL is the only option left for me - if such option exists at all? Database shutdown is out of the question - DB is in production mode. Being open-source, its a common option for companies looking for OpenVPN compatibility but with greater scale and cloud compatibility. I have contacted the VPN administrator to cancel VPN sessions, but it takes time. Pritunl is a distributed VPN server that allows enterprises to to connect their datacenters and multiple cloud environments with site-to-site links and remote user access. Is there way how can I (using SYSDBA connection) end those other Firebird attachments from my current Firebird session? So - VPN sometimes retains sessions and those VPN sessions keeps the Firebird attachments in existences. When I am connectiong once more to the VPN and database I can see in the mon$attachments that the previous connection/attachment is still existing and its unresolved transactions are causing deadlock errors (that belong to the previous attachment - this can be verified exactly by the transaction number that is reported in the error message of deadlock error). Sometimes I just forget disconnect from database and I cancel/disonnect VPN session only. I am using VPN (Endpoint Security, Check Point) to establish connection to the Firebird 2.1 database from IBExpert on my computer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |