![]() ![]() ![]() ![]() I have tried several methods attempting to force the PC to never use SHA1 in negotiations, including: When the error starts, though, Windows offers 3072-bit RSA PKCS1 with SHA1 to the server, which is rejected as insecure and disabled server-side. The connection is always set to use SHA256 for the hash using PowerShell, and the Windows certificate store reports the same as the signature hash algorithm for the root certificate. According to the server logs this is because, for unknown reasons, Windows begins ignoring the VPN connection configuration or becomes unable to use the proper algorithm to verify the RSA root certificate in the certificate store which serves as the authentication for this VPN. However, eventually it will always start failing to connect after the computer has been updated. Upon a new Windows 11 Pro installation from bootable media made with the Microsoft tool, the VPN works properly. It is an IKEv2-only VPN with the native Windows client. I have been dealing with VPN errors that persist across new OS installs and so seem to have to do with Windows 11 updates the PC is receiving. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |