From Maiden-34 in Smoothwall On-Premise Appliance, you can use Enhanced VPN Security to apply these settings:
- use data-ciphers AES-256-GCM and use data-ciphers-fallback AES-256-GCM: Uses a more recent encryption algorithm.
- use auth SHA256: Changes the hashing algorithm to SHA256.
- disable comp-lzo: Turns off compression to prevent known attacks.
- Server and client Use tls-crypt: Uses fully encrypted TLS Authentication.
- Client uses fingerprinting of the server certificate in client configs: Prevents Man-in-the-Middle (MITM) attacks by allowing the client to connect only to servers with a specific certificate fingerprint, without requiring the server certificate.
Note
These settings are optional but recommended for improved VPN security.
Turn on Enhanced VPN Security
Note
Turning on this option removes the Legacy VPN security warning.
- Go to Network > VPN > Global.
- In the SSL VPN settings section, select the Enhanced VPN Security checkbox.
- Select Save.
- In the banner at the top of the page, select Restart.
Important
All previously exported client archives are now invalid. Download and install a new SSL VPN archive to client devices.