Old customer infrastructure based on #Proxmox 5 and an ancient #Dell server running an outdated #pfSense.
They asked me to update everything because the ERP provider (a small software house) accessing via #VPN claims the pfSense version is too old. I agree and decide to upgrade Proxmox.

On the old Dell, I install #OpenBSD and, in agreement with the ERP provider, a #Wireguard VPN.

After a few days, they 'recall' me because, for their internal compliance and following their '#security manual,' they need to enter the password manually every time they connect, and Wireguard doesn't support user/password concept.

They ask for the possibility to change the PSK with each access to ensure that the one in their configuration files is not the current one - an absurd operation. I don't have a maintenance contract and can't take this responsibility, as it doesn't make sense. Clearly, they agreed on Wireguard without even knowing what it was.
To avoid issues, I ask them what to install instead. They suggest #OpenVPN might be acceptable. I proceed accordingly. They contact me again: 'The version of OpenVPN is not suitable, and OpenBSD is not certified according to our security procedures.' I ask them to tell me what is certified. They respond: '#Debian 7, #Wheezy - and the version of OpenVPN from Debian 7.'
I politely point out that Debian 7 reached its End of Life in 2016, and even the extended LTS has been unsupported for 3 years. They don't care, they must abide by their manual - it's safe for them.

The customer asks me to accommodate them anyway, but I reflect on the fact that when they inevitably get compromised, it will be my fault for installing something so outdated today.

I declined the job - limiting myself to updating Proxmox.

I'm not sure if I'm more offended by the bureaucracy of certain 'internal manuals' or by the closed-mindedness of certain colleagues who can't stand up against such dynamics.

#ITSecurity #InfrastructureUpgrade #ClientIssues #IT #SyaAdmin

I finally got to listening to this weeks #dhunplugged. #Wheezy #getsus

Oh Good Gawd... GNOME... 2015ish #Debian #wheezy 2015...

No, I do not like trying to get around in that mess.

#screenshotsunday

Debian fête ses 24 ans ! Eh oui déja, c'est une des plus anciennes distributions avec Slackware ! https://bits.debian.org/images/debian24.png #debian #happybirthday #buster #stretch #jessie #wheezy #gnu #linux

Bonjours à tous les francophones, je viens de créer un compte sur Mastodon pour les utilisateurs de Debian, je posterai l'actu de temps en temps concernant cette distrib, n'hésitez pas a me suivre si vous êtes intéressés. 😉 #debian #squeeze #wheezy #jessie #stretch #buster #bullseye