Security

Hi all,

 

Got a new Windows 10 build I’m sorting out. I’ve put the latest VIA software on it for our VPN solution. 

connects fine and seems to work ok; however, sometimes when it looses connection it then wants to confirm want certificate to use. 

So we use user certificate for authentication onto our solution with a 7210 controller and Clearpass. 

worse still, when it asks you to confirm the cert, it then freezes and makes you re download the whole profile again. 

anyone else seen this? Is it something to do with our laptop build or is there a bug in latest VIA?

 

to confirm; this happens on the odd occasion where the connection has been lost and the only way to fix is to download the profile again and start from the beginning. 

thanks 

I’ve narrowed this down to a certificate criteria issue in the profile. 

now I’ve added a certificate criteria option in the VIA settings that look for a particular field in the certificate. However when we test it, it still shows us all our certificates instead of narrowing it down to the criteria I’ve entered

 

anybody else seen this?

Bit more info for this

 

We can see from the laptop logs, that the value we enter in the cert criteria field is being seen. But it’s like the value is being ignored. 

The field to filter on is certicateIssuer=“name here”

 

did it in quotation marks as it has spaces in there. 

Also, when the VIA client loads on the LAN ... it says untrusted network and launches a VPN connection internally on our network.  I can see the HTTPs / 443 connection is getting to our controller internally; but it still thinks the network is untrusted. Any ideas why?

Hello,

Did you ever find a solution to the certificate criteria not working?  I am also trying to use certicateIssuer="name", but it doesn't seem to use it.  I can see it being set correctly in the client logs, like you. 

Thank you,

------------------------------
Jeremy Lasher
------------------------------

Original Message:
Sent: Mar 07, 2020 12:55 PM
From: James Redford
Subject: Strange VIA client issue

Bit more info for this

 

We can see from the laptop logs, that the value we enter in the cert criteria field is being seen. But it's like the value is being ignored. 

The field to filter on is certicateIssuer="name here"

 

did it in quotation marks as it has spaces in there. 

Also, when the VIA client loads on the LAN ... it says untrusted network and launches a VPN connection internally on our network.  I can see the HTTPs / 443 connection is getting to our controller internally; but it still thinks the network is untrusted. Any ideas why?