Avocent DSR4030 KVM JNLP
-
Hi,
I have a Avocent DSR4030 and this used to work on my Cisco Router but I may have something configured wrong in my pfense router. I want to remote Java Network Launch Protocol (JNLP) to view remote desktop over my LAN. I have attached my snort alerts. It says the viewing computer has too many pipelines. I turned off snort. That didn't work. I added LAN firewall rules to allow all actions. That also didn't work.
I even tried to modify my jdk http://community.emerson.com/networkpower/support/avocent/f/105/t/5165 which says
"
This permanent fix works:Found this solution for a different brand KVM and it worked for Autoviews. Edit the Java.security file found \Program Files (x86)\Java\jre1.8.0_65\lib\security
Looks like java new default is rejects key sizes less than 768. remove this setting and you can get into the KVM's.
Remark out the first line (already #), replace with second line.
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768
jdk.tls.disabledAlgorithms=SSLv3, RC4
"This also didn't fix it. If you have any ideas lets me know.
The following is an edit JNLP generated by my KVM
<jnlp spec="1.0+" codebase="http://192.168EDITED/webstart2"><information><title>Video Session Viewer</title>
<vendor>Avocent</vendor>
<description>Video Session Viewer</description>
<description kind="short">Video Viewer</description></information><security><all-permissions></all-permissions></security>
<resources><j2se version="1.5+"><jar href="avctVideo.jar"><jar href="avctVM.jar"><nativelib href="avctWin32Lib.jar"><nativelib href="avmWin32Lib.jar"><nativelib href="avctLinuxLib.jar"><nativelib href="avmLinuxLib.jar"><nativelib href="avctSolarisLib.jar"><nativelib href="avmSolarisLib.jar"><nativelib href="avctMacOSXLib.jar"><nativelib href="avmMacOSXLib.jar"><nativelib href="jpcscdll.jar"><nativelib href="jpcscso.jar"></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></jar></jar></j2se></resources>
<application-desc main-class="com.avocent.video.Stingray"><argument>title="Avocent DSR4030 - EDITED4-5"</argument>
<argument>devicetype=avsp</argument>
<argument>path=a:192.168EDITED,p:14,c:0,e:1,s:"Video Viewer - EDITED4-5",l:30</argument>
<argument>oem=Avocent</argument>
<argument>user=Admin</argument>
<argument>password= EDITED</argument></application-desc></jnlp>
 -
In general it was suggested to white list (snort stuff)
https://forum.pfsense.org/index.php?topic=36228.msg186815#msg186815
suppress gen_id 122, sig_id 3
suppress gen_id 122, sig_id 23I just turned off snort
I found that I had to change one additional setting in addition to jdk.tls.disabledAlgorithms.
#jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.certpath.disabledAlgorithms=MD2#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
jdk.tls.disabledAlgorithms=SSLv3, RC4This is for jre1.8.0_73.
Edit the Java.security file found \Program Files (x86)\Java\jre1.8.0_65\lib\security
and restart