Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: ber on December 11, 2018, 08:13:29 AM
-
Hi Ive got a Linux SME 9 on a site. Running as a server/gateway.
Recently I had to replace a workstation which has some medical appointment notification software installed.
After replacing the PC and reinstalling the software we had issues with the notification software. The software connects to a remote server issuing notifications to clients by SMS for upcoming appointments.
Essentially the software needs to connect to the offsite remote server to authenticate its license. the software cannot be installed because its not able to connect to the remote server.
Its not able to do so and the Vendor suspects the Linux SME server/Firewall.
They advised that the software runs on TLS security protocol version 1 and 1.2.
How do I confirm whether these protocols are supported by the server?
Are there logs to verify that the firewall is blocking any attempts by the software to connect to the remote server?
Can any shine any light to eliminate the issue with the server.
The software worked on previous PC without any problems and there has been no changes to the server since the PC was replaced.
I can advise that some years ago with the same issue and some smart guru was able to get the software going but am not certain exactly what he did or where he is??
kind Regards
-
Assuming you aren't using a proxy on SME then it shoukd make no difference what version of TLS it runs. It is just passing packets back and forth.
There's a possibility your firewall is blocking something.
Look.at /var/log/iptables
Do you have fail2ban installed?
Does the far end try and check your server somehow?
-
The transparent proxy is still enabled by default, since the template code reads
...
my $transproxy = $squid{Transparent} || "yes";
...
To disable the transparent proxy:
- Login to server-manager
- Select 'Proxy Settings" under Security
- Set "Http proxy status" to 'disabled'
- Click "Save"
Once the equipment is licensed, you can turn the proxy back on.
If the medical equipment needs the proxy disabled but you want the proxy enabled for normal web browsers, you'll need to look at https://wiki.contribs.org/Firewall#Bypass_Proxy
Be aware that the "Bypass_Proxy" section of the firewall page was written 10 years ago. The procedure should be safe, but may not work flawlessly...