Avocent DSR4030 KVM JNLP

nihunter

Hi,

I have a Avocent DSR4030 and this used to work on my Cisco Router but I may have something configured wrong in my pfense router. I want to remote Java Network Launch Protocol (JNLP) to view remote desktop over my LAN. I have attached my snort alerts. It says the viewing computer has too many pipelines. I turned off snort. That didn't work. I added LAN firewall rules to allow all actions.  That also didn't work.

I even tried to modify my jdk http://community.emerson.com/networkpower/support/avocent/f/105/t/5165  which says

"
This permanent fix works:

Found this solution for a different brand KVM and it worked for Autoviews. Edit the Java.security file found \Program Files (x86)\Java\jre1.8.0_65\lib\security

Looks like java new default is rejects key sizes less than 768. remove this setting and you can get into the KVM's.

Remark out the first line (already #), replace with second line.

jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768

jdk.tls.disabledAlgorithms=SSLv3, RC4
"

This also didn't fix it. If you have any ideas lets me know.

The following is an edit JNLP generated by my KVM

<jnlp spec="1.0+" codebase="http://192.168EDITED/webstart2"><information><title>Video Session Viewer</title>
      <vendor>Avocent</vendor>
      <description>Video Session Viewer</description>
      <description kind="short">Video Viewer</description></information>

<security><all-permissions></all-permissions></security>

<resources><j2se version="1.5+"><jar href="avctVideo.jar"><jar href="avctVM.jar"><nativelib href="avctWin32Lib.jar"><nativelib href="avmWin32Lib.jar"><nativelib href="avctLinuxLib.jar"><nativelib href="avmLinuxLib.jar"><nativelib href="avctSolarisLib.jar"><nativelib href="avmSolarisLib.jar"><nativelib href="avctMacOSXLib.jar"><nativelib href="avmMacOSXLib.jar"><nativelib href="jpcscdll.jar"><nativelib href="jpcscso.jar"></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></nativelib></jar></jar></j2se></resources>

<application-desc main-class="com.avocent.video.Stingray"><argument>title="Avocent DSR4030 - EDITED4-5"</argument>
      <argument>devicetype=avsp</argument>
      <argument>path=a:192.168EDITED,p:14,c:0,e:1,s:"Video Viewer - EDITED4-5",l:30</argument>
      <argument>oem=Avocent</argument>
      <argument>user=Admin</argument>
      <argument>password= EDITED</argument></application-desc></jnlp>


nihunter

In general it was suggested to white list (snort stuff)

https://forum.pfsense.org/index.php?topic=36228.msg186815#msg186815

suppress gen_id 122, sig_id 3
suppress gen_id 122, sig_id 23

I just turned off snort

I found that I had to change one additional setting in addition to jdk.tls.disabledAlgorithms.

#jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.certpath.disabledAlgorithms=MD2

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
jdk.tls.disabledAlgorithms=SSLv3, RC4

This is for jre1.8.0_73.

Edit the Java.security file found \Program Files (x86)\Java\jre1.8.0_65\lib\security

and restart