This time on the show, bypass restrictive firewalls with a free and open source virtual private network server for windows and linux that will have you connecting back to the home or office with just a web browser!

Download HD Download MP4 Download XviD Download WMV

Thus far we’ve only spoken about implementing Virtual Private Networks using Point-To-Point Tunneling Protocol. While PPTP is a ok protocol for secure tunneling, at least in my experience it comes with a few gotchyas. Namely firewalls.

VPNs based on Secure Sockets Layer or SSL technologies are less encumbered by these restrictions. Certificates are already in the browsers and there is often no software to install. Secure, Easy, Versatile.

You can think of SSL VPNs as the Webmail of email. Rather than setting up a dedicated client like Outlook or Thunderbird to use POP3 or IMAP4 we’ll be using our web browser to access an https site.

SSL Explorer is a web based SSL VPN server. The technology was acquired by Barracuda Networks. Project named OpenVPN Application Layer Software (OpenVPN-ALS)

Windows Install

Can be sorta tricky so Lars Werner made an awesome installer using NSIS-Installer. Make sure you have the latest Java JRE.

Download, Run, Next, next, next, install, next,
Create certificate, Install Service, browse to https://server:28080 from client,
Login as admin and follow the certificate creation wizard.

System Configuration is basically the same on Linux or Windows.

Begin by setting up a LAMP and OpenSSH server. In this segment I used Ubuntu Server 8.04 32-bit.

Install Java JDK and configure paths.

sudo apt-get install sun-java6-bin and sun-java6-jdk
export JAVA_HOME=/usr/lib/jvm/java-6-sun
export PATH=$PATH:$JAVA_HOME/bin
java -version

Next install ant, which is kinda like make for Java.

sudo apt-get install ant

Then in /opt go ahead and download and install OpenVPN-ALS.

cd /opt
wget http://downloads.sourceforge.net/project/openvpn-als/adito/adito-0.9.1/adito-0.9.1-bin.tar.gz (note: at time of writing this was the latest version.)
sudo tar zxvf *.gz
cd adito-0.9.1/
ifconfig (remember this IP, you'll need it in a minute)
sudo ant install

From a browser go to http://:28080 and run the certificate wizard.

Once the wizard is complete the installer will finish. Now we’ll install OpenVPN-ALS as a service.

sudo ant install-service
sudo ant start

At this point we can stop and start the service using /etc/init.d/adito stop|start|restart.

You can now browse to the server’s IP on the port you configured in the setup wizard (default is 443 so simply prepend the IP by https://). Login with the super user account and you’ll be greeted by a management GUI. From here you can create accounts, groups, policies, and add resources. In this segment I configured an SSL Tunnel, a Network Place, and a Web Forward. For more details on configuration I advise consulting the SSL-Explorer Admin Guide (Zipped PDF). While the name has changed most of the functionality is the same. You may find additional documentation at the OpenVPN ALS forums.

Category:

Episodes, Season 6

Leave a Reply

Your email address will not be published. Required fields are marked *

*

43 Comments

  • Pman860507 4 years ago

    been waiting on this for a few weeks now. good work great show. when i get home today im going to work on this…. after i mow.

  • K-radical 4 years ago

    Great show guys, so I’m trying this adito server at home and I’ve run into a problem. when I try to connect from a client with shared access to my hard drive how do I download files? If I right click on them I can save a link to the file but that’s not what I want to do. If I just click on the file I get this error


    500 - Internal Server Error
    The server has encountered an unexpected condition and cannot complete this request. Contact your administrator or check the logs for more information,

  • Ravinheart 4 years ago

    Great show … I have been running SSL Explorer for awhile now … it works great … what was the client you used to connect with at the end there ???

  • @Ravinheart, Oops forgot to link it in the show notes. Thanks for pointing that out.

    http://zhoupenghust.web.officelive.com/project.aspx

    Cheers!

  • Allan 4 years ago

    I loved this show. And the reason… Darren is on his own and can focus on an interesting topic. When all three of you are on camera, the goofiness ensues and wastes a lot of time.

    Why not offer another show that just has one presenter who actually talks in depth about a topic, rather than being easily distracted.

    In any instance, very entertaining.

    P.S. Dump the 750 Nighthawk and get a Suzuki Bandit 1200. I had the 750 and found it underpowered. A low cost used Bandit 1200 has more testosterone than Arnold in his Terminator days. Very scary power.

  • Anonymous Coward 4 years ago

    Greetings,

    Great show Darren. What brand of exhaust do you have on your bike?

    I have installed Adito and it works quite nicely. What I want to know is this.

    Is it possible to connect through VPN and use the windows RDP application to connect to a machine on the remote network? I have tried the java applications that come with adito and find them quite wanting in features and stability. If this is possible could you please point me in the right direction?

    Thanks,
    AC

  • K-radical 4 years ago

    For some reason or another, reinstalling the whole deal fixed my download issue. I was using WAMP 2.0 to share files on my home LAN and getting caped off download speeds from windows clients. With this method things are working much more smoothly.

    Thanks guys :)

  • Derek 4 years ago

    Once again, awesome show Darren. I’m looking to change up our VPN setup at work and this will do the trick nicely.

    @Anonymous Coward:

    I was thinking the same thing. I’m going to try setting up the tunnel much like Darren did to putty into the router. Hopefully, they can activate the tunnel and then use their local RDP client to get to the server. I’ll test tomorrow is i get time, otherwise i can try next week and let you know.

    Thanks,

    DB

  • hexskrew 4 years ago

    Wallpaper @22:13 – “Hey! It’s a wallpaper from…. ep.504″
    Lol, That’s the wallpaper I made :D just thought I would throw that in :P

    I need to make some more when I get some sparish time.

  • wakesk8 4 years ago

    Great episode very detailed was able to get a ubuntu VM setup quickly and within 15-30 minutes VPN was functional. One scenario I wish was better explained is how to run a reverse-proxy, with multiple VPN servers from a dynamic IP. For my home use I have multiple servers setup behind a dyndns domain, and would like to be able to hit each individually using something like: server1.example.com goes to adito SSL VPN, server2.example.com goes to OpenVPN-AS server, also keeping it relatively secure.

  • teekaa 4 years ago

    Hi,

    First of all, great episode and great tool!

    But are you with adito VPN able to do as pptp, where you get a IP in the remote network you are connecting to, and being able to access everything in that very subnet?

    Best Regards,
    Tekkaa

  • Great episode! I have been trying to decipher how to put together an open source alternative to Windows Home Server and this episode was exactly what I have been looking for. Thanks!!

  • Aww, an episode without that cute, bubbly, adorable cohost there makes me sad :(

    EDIT: Just noticed Shannon isn’t in this episode either.

  • Geoff 4 years ago

    Regarding setting up a tunnel for remote desktop, it works just fine.

    The only thing you need to bear in mind is that the source port cannot be set to the RDP port (default 3389), as the RD client will think you’re trying to connect to the computer you’re running it on and will tell you to stop being daft.

    In my test, I set the options below for an SSL tunnel:
    Source Interface: 127.0.0.1
    Source Port: 1234 (can be anything you like pretty much, barring 3389)
    Destination Host:
    Destination Port: 3389

    Then I just fired up RD client and pointed it to 127.0.0.1:1234

  • Geoff 4 years ago

    Destination Host:
    Should not be blank in my post above, you can use either the LAN ip address, or the hostname of the computer you’re trying to connect to.

    Sorry for any confusion.

  • One question… How hard would it be to roll in a backup solution like Bacula on the same server? Just trying to get something as similar as possible to whole Windows Home Server from the FOSS community.

  • I watched your segment and was very impressed by the thorough research you had done on this awesome service.
    Leaving me only to wonder how else could this be utilized from a restricted network connection.

    Due to bandwidth limitations some admins feel it necessary to restrict websites such as youtube. This link should provide enough insight as to how pairing a http server with a php engine.

    http://weelakeo.com/2009/07/14/use-the-youtube-api-with-php-2/

    It seems you would not be limited to just youtube if you were to be able to inspect the php files from many other useful sites.

    Again, Darren thanks for providing this segment.

    V/R

    Tim Gomez

  • gedster314 4 years ago

    Great Show. My install went well and I can connect and download the client. Now what? Is there a wiki or something on how to configure it. Documentation leaves a lot to be desired and I have not had much luck in searching Google. Anyone got link to wiki of a pdf?

    Thanks

  • j0sh112 4 years ago

    hi, great tutorial! I have got the ssl vpn up and running fine, I can connect from other computers in my network. I realise this is a rather stupid question but how can i connect to my computer at home from my campus then? https://192.168.0.1 obviously isn’t going to work…
    I know my external ip but am just not sure how to sort it all out. Anyone help or point me in the right direction? :) thanks!!

  • Jeremiah Brooks 4 years ago

    I like the program very much. but after a restart it gave a errow 1067. Anybody have any clue to what cause that.

  • dougbott 4 years ago

    Toronto, ontatio??? haha
    thanks for properly representing canada ;)

  • Tim Gomez 4 years ago

    j0sh112: A port forwarding rule should do the trick from your router to the host within the network providing the service.

    Integrating this with my synology cs407e has been interesting :)

  • I think this is a fantastic piece of software. Really easy to set up and very user friendly. Nice episode!

  • Geremy 4 years ago

    this was a great show!! I just have to find some time to set this all up and knowing me ill have problems with something.

  • Slats 4 years ago

    @ j0sh112

    You need to set up a port forwarding rule on your home router to point port: 443 to 192.168.0.1. Then to connect from your campus enter: https://

    I have successfully set up a RDP tunnel to my only PC at home – works nicely. My question is… If i add another PC to my home network am i able to set up another RDP tunnel to it?

    EG:
    Tunnel 1
    Source Interface: 127.0.0.1
    Source Port: 33890
    Destination Host: PC 1
    Destination Port: 3389

    Tunnel 2
    Source Interface: 127.0.0.1
    Source Port: 33891
    Destination Host: PC 2
    Destination Port: 3389

  • Slats 4 years ago

    Sorry j0sh112 was supposed read https://external Ip

  • great show, thx.

    Does anybody know, how to allow an ajax based website (like ampache) behind the adito replacement proxy?

    I see in my browser, that the ajax request from ampache is rejected.

  • Bryce 4 years ago

    Does any know how to get the network place setup up for windows share using passwords???

  • gorfou 4 years ago

    Great show and great tool

    Though it seems I can’t use it from my company to my home computer because https sites with invalid certificates are filterd out!

  • hey guys – great episode – love the app – super easy with lars’ install port – question for you though:

    I see only 128-bit ssl certs available – without purchasing a signed cert, what do you guys recommend for building a higher cipher bit ssl cert?

    thanks

  • 750?? does it come in mens??

  • Hey guys,

    I’ve been running into a problem. When I try to download a file from company’s shared drive created in Network Place by clicking onto the file, I got this error.

    500 – Internal Server Error
    The server has encountered an unexpected condition and cannot complete this request. Contact your administrator or check the logs for more information

    I tried reinstalling my adito but the problem still stays. Does anyone has a solution to this issue?

  • Doctor Dre 4 years ago

    I was wondering, is there any changes I need to make in my Firefox connection settings so that it can use the SSL tunnel? Or does the Adito agent take care of that. (No proxy changes) If I do need to make some changes where do I go SOCKS, HTTP, etc? Thanks to anyone that can help.

  • Great show thx.

    I got the audit installed and I am ablento get to it from outside but I am not able to route all traffic through the Adito server. Can someone please point me to how to accomplish this?

    Thanks,

  • Great show thx.

    I got the adito installed and I am able to get to it from outside but I am not able to route all traffic through the Adito server. Can someone please point me to how to accomplish this?

    Thanks,

  • One example could be the Kaspersky anti-virus that’s currently featured as one
    of the must-download software. There can be a new breed of download site where
    you are able to get not only movies for your
    Iphone but games and music too, and for free.

    When Vista Service Pack 1 was in the beta phase, Microsoft included
    a smaller software utility called ‘recdisc.