Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - hugolrb

Pages: [1]
1
Portuguese / Re: Ajuda com artigo cientifico para pós graduação
« on: November 17, 2016, 03:11:49 pm »
Alguem poderia me ajudar?

2
Portuguese / Ajuda com artigo cientifico para pós graduação
« on: November 14, 2016, 06:39:41 pm »
Saudações pessoal

Estou criando um artigo científico para uma pós graduação em segurança em redes de computadores e meu artigo vou analisar a ferramenta de gerenciamento de usuários e senhas.
Vou usar o Zentyal e conforme pedido pela banca tenho que ter como referencias livros, artigos, documentos, sites etc.
Nesse artigo quero mostrar o quanto seguro, robusto, facil e descomplicado é usar o zentyal e o quanto ele pode substituir o tao falado Active Directory da Ruindows.

Aceito ajuda de todos.

3
Installation and Upgrades / Re: Error check VPN certificate
« on: December 29, 2014, 03:43:53 pm »
I checked and it's all right. Problem still persists :'( :'( :'( :'( :'(

4
Installation and Upgrades / Error check VPN certificate
« on: November 25, 2014, 02:24:30 pm »
Staff.
I have a vpn matrix and branch running. A few days over here it does not connect. I think the error is in the server certificate verification. The following log branch server.

Tue Nov 25 10:51:54 2014 TLS Error: TLS handshake failed
Tue Nov 25 10:51:54 2014 SIGUSR1 [soft, tls-error] received, process restarting
Tue Nov 25 10:51:54 2014 Restart pause, 2 second (s)
Tue Nov 25 10:51:56 2014 WARNING: No server certificate verification method Has Been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 25 10:51:56 2014 Socket Buffers: R = [212992-> 131072] S = [212992-> 131072]
Tue Nov 25 10:51:56 2014 UDPv4 local link: [undef]
Tue Nov 25 10:51:56 2014 UDPv4 link remote: [AF_INET] 187.5.123.199:1194
Tue Nov 25 10:52:08 2014 event_wait: Interrupted system call (code = 4)
Tue Nov 25 10:52:08 2014 SIGTERM received, sending exit notification to peer
Tue Nov 25 10:52:12 2014 SIGTERM [soft, exit-with-notification] received, process exiting

Below the branch server configuration.


# Zentyal client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.      #
# Client name EDEIA
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# virtual device
dev tun0
# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote xxx.xxx.xxx.xxx 1194
# Allow remote peer to change its IP address and/or port number
float
# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# group and user for the OpenVPN
# daemon's privileges after initialization.
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# Write the PID file for compatibility with Ubuntu init.d script
writepid /var/run/openvpn.EDEIA.pid
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca "/etc/openvpn/EDEIA.d/caCertificate"
cert "/etc/openvpn/EDEIA.d/certificate"
key "/etc/openvpn/EDEIA.d/certificateKey"
# This file should be kept secret
# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
http://openvpn.net/howto.html#mitm
#
#To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
#dh /etc/openvpn/dh1024.pem
dh /etc/openvpn/ebox-dh1024.pem
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.  Use one
# or the other (but not both).
log-append  /var/log/openvpn/EDEIA.log
status /var/log/openvpn/status-EDEIA.log
# Set log file verbosity.
verb 3
# Explicitly notify disconnections
explicit-exit-notify 3
# Silence repeating messages
;mute 20

I think my mistake is on the line below.
; ns-cert-type server
I can not get the comment of the line. When manually shot it back when I restart the VPN service.

The following configuration vpn server in the Matrix:

# EBox OpenVPN 2.0 config file for  server MATRIZ
# Which local IP address should OpenVPN
# listen on? (optional)
multihome
# Which TCP/UDP port should OpenVPN listen on?
port 1194
# TCP or UDP server?
proto udp
# virtual device
dev tun0
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).
ca '/var/lib/zentyal/CA/cacert.pem'
cert '/var/lib/zentyal/CA/certs/E5A97C642D978936.pem'
key '/var/lib/zentyal/CA/private/vpn-MATRIZ.pem'
 # This file should be kept secret
# check peer certificate against certificate revokation list
crl-verify /var/lib/zentyal/CA/crl/latest.pem
# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
#dh /etc/openvpn/dh1024.pem
dh /etc/openvpn/ebox-dh1024.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
server 192.168.160.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file.
ifconfig-pool-persist '/etc/openvpn/MATRIZ.d/MATRIZ-ipp.txt'
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN
;push "redirect-gateway"
# Uncomment this directive to allow different
# clients to be able to "see" each other.
client-to-client
# The keepalive directive causes ping-like
# messages to be sent back and forth over
keepalive 10 120
# client certificate common name authentication
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# group and user for the OpenVPN
# daemon's privileges after initialization.
user nobody
group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Write the PID file for compatibility with Ubuntu init.d script
writepid /var/run/openvpn.MATRIZ.pid
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status '/var/log/openvpn/status-MATRIZ.log'
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.  Use one
# or the other (but not both).
log-append  '/var/log/openvpn/MATRIZ.log'
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
client-config-dir /etc/openvpn/MATRIZ.d/client-config.d
push "route 10.0.0.0 255.0.0.0"


Pages: [1]