Page 1 of 1
certificate name
Posted: Fri Sep 23, 2016 7:44 pm
by ghfatw
Certificate names with Vpn and softether in them aren't a great idea for a Vpn trying to evade censors. How does one get rid of these? This is not about turning off ddns - that is another unhelpful beacon.
I get these certificates going out on handshakes even when I have turned off the ddns.
Re: certificate name
Posted: Sat Sep 24, 2016 9:54 am
by ghfatw
To fix the certificate name one either does it with the Server Manager application or with the command line. It is important that if DDNS is disabled it does not disable the name on the certificate. There should I think be a checklist for people running SoftEther services in environments that they don't want detection
- disable DDNS
- ensure certificate does not have name VPN or softether in it
- review server keep alive ping (which by default points to softether)
- consider changing ports from standard numbers and disable standard openvpn/l2tp/IPsec port numbers for sure
- consider use of SNORT rules such as for GFW rules
- consider use of fail2ban for persistent probes of a server