From Maiden-34 in Smoothwall On-Premise Appliance, you can use Enhanced VPN Security to apply these settings:
- use data-ciphers AES-256-GCM and use data-ciphers-fallback AES-256-GCM: Uses a more recent encryption algorithm.
- use auth SHA256: Changes the hashing algorithm to SHA256.
- disable comp-lzo: Turns off compression to prevent known attacks.
- Server and client Use tls-crypt: Uses fully encrypted TLS Authentication.
- Client uses fingerprinting of the server certificate in client configs: Prevents Man-in-the-Middle (MITM) attacks by allowing the client to connect only to servers with a specific certificate fingerprint, without requiring the server certificate.
These settings are optional but recommended for improved VPN security.
Turn on Enhanced VPN Security
- Go to Network > VPN > Global.
- In the SSL VPN settings section, select the Enhanced VPN Security checkbox.
- Select Save.
- In the banner at the top of the page, select Restart.
All previously exported client archives are now invalid. Download and install a new SSL VPN archive to client devices .