Version 4.0.5 EA bug fixes

Certificates - Security

Previously, if:

  • SN SSL VPN Client used a root authority certificate that was found in the Windows store,

  • The SN SSL VPN Client file used the certificate name indicated in the captive portal's certificate,

A certificate error message would appear in loop. This issue has been fixed.

Timeout of HTTPS requests

Previously, if:

  • The tunnel was established for the first time or the configuration was modified,

  • The user used a RADIUS authentication,

Then the timeout of HTTPS requests was too short to allow the user to authenticate using a third-party application (multifactor authentication). Now, there are three parameters for setting the timeout in the registry key HKLM\SYSTEM\CurrentControlSet\Services\StormshieldSSLVPNService\Parameters:

  • https_connect_timeout: defines the timeout for the connection to SNS. The default value is 30 seconds.

  • https_recvsend_timeout: defines the timeout for the emission and reception of an answer, including a RADIUS authentication. The default value is 30 seconds. This parameter must be added to the registry key to change the default value.

  • https_resolve_timeout: defines the timeout for a FQDN address resolution. The default value is 0 second. This parameter must be added to the registry key to change the default value.

If the value of a parameter is 0 second, then there is no timeout.

Address book

Saving after an import

The Save button, which used to be grayed out after importing an address book, is now available. This regression appeared in SN SSL VPN Client version 3.2.3.

Missing translation

The contents of the OTP column have been translated.

Wrong tab sequence

In the window allowing new entries to be added to the address book, the order in which fields are tabbed has been changed.

OTP authentication

Support reference 84809

Where:

  • SN SSL VPN Client is configured in automatic mode with multifactor authentication,

  • Changes relating to the SSL VPN have been made on the SNS side and the SSL VPN service has been restarted.

Previously, VPN tunnels would be shut down and SN SSL VPN Client would attempt to reconnect these tunnels without applying the changes to the configuration. This issue has been fixed and SN SSL VPN Client will now request two OTPs in such a situation.

For more information on automatic mode, refer to the section Specific characteristics of Stormshield SSL VPN clients in the technical note Configuring and using the SSL VPN on SNS firewalls.

Update

Following an update, now only the latest version of SN SSL VPN Client will be kept. Previously, the former version was also kept.

Logs

Previously, some characters in log error messages would not be correctly displayed. This issue has been fixed.