@ -89,7 +89,7 @@ We have chosen to setup the server on "Site B", so we start with Trust configura
* Choose the just created authority in `Certificate authority`
* Add descriptive information for this CA (`Descriptive name`, whereabouts are copied from the CA)
* Set Type to `Server`
* Choose cryptographic settings, lifetime determines the validaty of the server certificate (you do need to track this yourself), it's allow to choose a longer period here
* Choose cryptographic settings, lifetime determines the validaty of the server certificate (you do need to track this yourself), it's allowed to choose a longer period here
* Set the `Common Name` to the fqdn of this machine.
* As the client (Site A) will also need a **Certificate**, we need to create a certificate, also using :menuselection:`System --> Trust --> Certificates`
@ -119,7 +119,7 @@ select `auth` as mode and click the gear button to generate one. Provide a descr
Prepare Site A
..........................................
* Copy the public part of the certificate authority to the firewall at Site a (use the download button and copy the contents into a new CA on this host)
* Copy the public part of the certificate authority to the firewall at Site A (use the download button and copy the contents into a new CA on this host)
* Copy the public and private part of the client certificate into a new one on Site A
* Copy the contents of the static key to a new entry and select the same type
* system: detect a on/off password shift when syncing user accounts
* firewall: when migrating aliases make sure that nesting does not fail
* plugins: os-OPNWAF now requires a descrption for virtual servers
* plugins: os-radsecproxy fixes for stale rc script / pidfile issues
Migration notes, known issues and limitations:
* The Unbound ACL now defaults to accept all traffic and no longer generates automatic entries. This was done to avoid connectivity issues on dynamic address setups -- especially with VPN interfaces. If this is undesirable you can set it to default to block instead and add your manual entries to pass.