Results 1 to 6 of 6
  1. #1
    Untangler
    Join Date
    Sep 2008
    Posts
    82

    Default What cipher to offer for win 10 clients?

    I am currently running v15.0 but back in October last year I upgraded to v15.1 which caused the Win 10 clients to be unable to connect with a "Policy mismatch" error which apparently was caused by Debian no longer offering the MODP_1024 which is what Windows 10 was requesting.

    Untangle support pointed me to the following article which matched what I was seeing in the IPsec logs.
    https://jrklein.com/2019/12/02/debia...ws-10-clients/

    According to Untangle Support the issue was resolved in v16 with. I have setup a test Untangle and can see that there und IPsec VPN - > VPN Config that there is now the option to manually set the cipher and I can see that this give me the option to change from the default of "14 (modp2048)" to "2 (modp1024)". See attached screenshot.

    What I don't know is what are the other values are the other values beyond "DH Key Group" that the Win 10 clients would be requesting such as "Encryption", "Hash" and "Lifetime" so that I can match this request with the manual choices I need to make.

    2021-01-22 09_24_03-Photos.png

    Thanks

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,728

    Default

    Windows and Java updates in the UT OS caused MD5 to be no longer accepted since it is not secure anymore. Use SHA-256.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,876

    Default

    Quote Originally Posted by jcoffin View Post
    MD5 ... is not secure anymore.
    It hasn't been secure for at least 15 years now, if it even ever was
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,228

    Default

    But as we've seen, warnings get ignored and things progress when someone says NO, you shall not be stupid anymore.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,876

    Default

    Quote Originally Posted by sky-knight View Post
    things progress when someone says NO
    Speaking of, how's everybody's Flash situation?
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.2 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,228

    Default

    Quote Originally Posted by jcoehoorn View Post
    Speaking of, how's everybody's Flash situation?
    Flash was removed from all of my supported platforms via powershell script last November. So I suppose I don't care?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2