Episode 607 – Build a free SSL VPN on Linux or Windows
This time on the show, bypass restrictive firewalls with a free and open source virtual private network server for windows and linux that will have you connecting back to the home or office with just a web browser!
Download HD Download MP4 Download XviD Download WMV
Thus far we’ve only spoken about implementing Virtual Private Networks using Point-To-Point Tunneling Protocol. While PPTP is a ok protocol for secure tunneling, at least in my experience it comes with a few gotchyas. Namely firewalls.
VPNs based on Secure Sockets Layer or SSL technologies are less encumbered by these restrictions. Certificates are already in the browsers and there is often no software to install. Secure, Easy, Versatile.
You can think of SSL VPNs as the Webmail of email. Rather than setting up a dedicated client like Outlook or Thunderbird to use POP3 or IMAP4 we’ll be using our web browser to access an https site.
SSL Explorer is a web based SSL VPN server. The technology was acquired by Barracuda Networks. Project named
Windows Install
Can be sorta tricky so Lars Werner made an awesome installer using NSIS-Installer. Make sure you have the latest Java JRE.
Download, Run, Next, next, next, install, next,
Create certificate, Install Service, browse to https://server:28080 from client,
Login as admin and follow the certificate creation wizard.
System Configuration is basically the same on Linux or Windows.
Begin by setting up a LAMP and OpenSSH server. In this segment I used Ubuntu Server 8.04 32-bit.
Install Java JDK and configure paths.
sudo apt-get install sun-java6-bin and sun-java6-jdk export JAVA_HOME=/usr/lib/jvm/java-6-sun export PATH=$PATH:$JAVA_HOME/bin java -version
Next install ant, which is kinda like make for Java.
sudo apt-get install ant
Then in /opt go ahead and download and install OpenVPN-ALS.
cd /opt wget http://downloads.sourceforge.net/project/openvpn-als/adito/adito-0.9.1/adito-0.9.1-bin.tar.gz (note: at time of writing this was the latest version.) sudo tar zxvf *.gz cd adito-0.9.1/ ifconfig (remember this IP, you'll need it in a minute) sudo ant install
From a browser go to http://
Once the wizard is complete the installer will finish. Now we’ll install OpenVPN-ALS as a service.
sudo ant install-service sudo ant start
At this point we can stop and start the service using /etc/init.d/adito stop|start|restart.
You can now browse to the server’s IP on the port you configured in the setup wizard (default is 443 so simply prepend the IP by https://). Login with the super user account and you’ll be greeted by a management GUI. From here you can create accounts, groups, policies, and add resources. In this segment I configured an SSL Tunnel, a Network Place, and a Web Forward. For more details on configuration I advise consulting the SSL-Explorer Admin Guide (Zipped PDF). While the name has changed most of the functionality is the same. You may find additional documentation at the OpenVPN ALS forums.
[...] This post was mentioned on Twitter by David Keymel and Jimmi. Jimmi said: RT @Hak5: Episode 607 – Build a free SSL VPN on Linux or Windows http://tinyurl.com/yll87pd [...]
been waiting on this for a few weeks now. good work great show. when i get home today im going to work on this…. after i mow.
[...] via Hak5 – Technolust since 2005 » Episode 607 – Build a free SSL VPN on Linux or Windows. [...]
Great show guys, so I’m trying this adito server at home and I’ve run into a problem. when I try to connect from a client with shared access to my hard drive how do I download files? If I right click on them I can save a link to the file but that’s not what I want to do. If I just click on the file I get this error
500 - Internal Server Error
The server has encountered an unexpected condition and cannot complete this request. Contact your administrator or check the logs for more information,
Great show … I have been running SSL Explorer for awhile now … it works great … what was the client you used to connect with at the end there ???
@Ravinheart, Oops forgot to link it in the show notes. Thanks for pointing that out.
http://zhoupenghust.web.officelive.com/project.aspx
Cheers!
I loved this show. And the reason… Darren is on his own and can focus on an interesting topic. When all three of you are on camera, the goofiness ensues and wastes a lot of time.
Why not offer another show that just has one presenter who actually talks in depth about a topic, rather than being easily distracted.
In any instance, very entertaining.
P.S. Dump the 750 Nighthawk and get a Suzuki Bandit 1200. I had the 750 and found it underpowered. A low cost used Bandit 1200 has more testosterone than Arnold in his Terminator days. Very scary power.
Greetings,
Great show Darren. What brand of exhaust do you have on your bike?
I have installed Adito and it works quite nicely. What I want to know is this.
Is it possible to connect through VPN and use the windows RDP application to connect to a machine on the remote network? I have tried the java applications that come with adito and find them quite wanting in features and stability. If this is possible could you please point me in the right direction?
Thanks,
AC
For some reason or another, reinstalling the whole deal fixed my download issue. I was using WAMP 2.0 to share files on my home LAN and getting caped off download speeds from windows clients. With this method things are working much more smoothly.
Thanks guys
Once again, awesome show Darren. I’m looking to change up our VPN setup at work and this will do the trick nicely.
@Anonymous Coward:
I was thinking the same thing. I’m going to try setting up the tunnel much like Darren did to putty into the router. Hopefully, they can activate the tunnel and then use their local RDP client to get to the server. I’ll test tomorrow is i get time, otherwise i can try next week and let you know.
Thanks,
DB
Wallpaper @22:13 – “Hey! It’s a wallpaper from…. ep.504″
just thought I would throw that in 
Lol, That’s the wallpaper I made
I need to make some more when I get some sparish time.
Great episode very detailed was able to get a ubuntu VM setup quickly and within 15-30 minutes VPN was functional. One scenario I wish was better explained is how to run a reverse-proxy, with multiple VPN servers from a dynamic IP. For my home use I have multiple servers setup behind a dyndns domain, and would like to be able to hit each individually using something like: server1.example.com goes to adito SSL VPN, server2.example.com goes to OpenVPN-AS server, also keeping it relatively secure.
Hi,
First of all, great episode and great tool!
But are you with adito VPN able to do as pptp, where you get a IP in the remote network you are connecting to, and being able to access everything in that very subnet?
Best Regards,
Tekkaa
Great episode! I have been trying to decipher how to put together an open source alternative to Windows Home Server and this episode was exactly what I have been looking for. Thanks!!
Aww, an episode without that cute, bubbly, adorable cohost there makes me sad
EDIT: Just noticed Shannon isn’t in this episode either.
Regarding setting up a tunnel for remote desktop, it works just fine.
The only thing you need to bear in mind is that the source port cannot be set to the RDP port (default 3389), as the RD client will think you’re trying to connect to the computer you’re running it on and will tell you to stop being daft.
In my test, I set the options below for an SSL tunnel:
Source Interface: 127.0.0.1
Source Port: 1234 (can be anything you like pretty much, barring 3389)
Destination Host:
Destination Port: 3389
Then I just fired up RD client and pointed it to 127.0.0.1:1234
Destination Host:
Should not be blank in my post above, you can use either the LAN ip address, or the hostname of the computer you’re trying to connect to.
Sorry for any confusion.
One question… How hard would it be to roll in a backup solution like Bacula on the same server? Just trying to get something as similar as possible to whole Windows Home Server from the FOSS community.
I watched your segment and was very impressed by the thorough research you had done on this awesome service.
Leaving me only to wonder how else could this be utilized from a restricted network connection.
Due to bandwidth limitations some admins feel it necessary to restrict websites such as youtube. This link should provide enough insight as to how pairing a http server with a php engine.
http://weelakeo.com/2009/07/14/use-the-youtube-api-with-php-2/
It seems you would not be limited to just youtube if you were to be able to inspect the php files from many other useful sites.
Again, Darren thanks for providing this segment.
V/R
Tim Gomez
Great Show. My install went well and I can connect and download the client. Now what? Is there a wiki or something on how to configure it. Documentation leaves a lot to be desired and I have not had much luck in searching Google. Anyone got link to wiki of a pdf?
Thanks
hi, great tutorial! I have got the ssl vpn up and running fine, I can connect from other computers in my network. I realise this is a rather stupid question but how can i connect to my computer at home from my campus then? https://192.168.0.1 obviously isn’t going to work…
thanks!!
I know my external ip but am just not sure how to sort it all out. Anyone help or point me in the right direction?
I like the program very much. but after a restart it gave a errow 1067. Anybody have any clue to what cause that.
Toronto, ontatio??? haha
thanks for properly representing canada
j0sh112: A port forwarding rule should do the trick from your router to the host within the network providing the service.
Integrating this with my synology cs407e has been interesting
[...] Read the original post: Hak5 – Technolust since 2005 » Episode 607 – Build a free SSL VPN … [...]
I think this is a fantastic piece of software. Really easy to set up and very user friendly. Nice episode!
this was a great show!! I just have to find some time to set this all up and knowing me ill have problems with something.
@ j0sh112
You need to set up a port forwarding rule on your home router to point port: 443 to 192.168.0.1. Then to connect from your campus enter: https://
I have successfully set up a RDP tunnel to my only PC at home – works nicely. My question is… If i add another PC to my home network am i able to set up another RDP tunnel to it?
EG:
Tunnel 1
Source Interface: 127.0.0.1
Source Port: 33890
Destination Host: PC 1
Destination Port: 3389
Tunnel 2
Source Interface: 127.0.0.1
Source Port: 33891
Destination Host: PC 2
Destination Port: 3389
Sorry j0sh112 was supposed read https://external Ip
[...] How to install Adito : http://www.hak5.org/episodes/episode-607#more-1413 [...]
great show, thx.
Does anybody know, how to allow an ajax based website (like ampache) behind the adito replacement proxy?
I see in my browser, that the ajax request from ampache is rejected.
Does any know how to get the network place setup up for windows share using passwords???
Great show and great tool
Though it seems I can’t use it from my company to my home computer because https sites with invalid certificates are filterd out!
hey guys – great episode – love the app – super easy with lars’ install port – question for you though:
I see only 128-bit ssl certs available – without purchasing a signed cert, what do you guys recommend for building a higher cipher bit ssl cert?
thanks
750?? does it come in mens??
Hey guys,
I’ve been running into a problem. When I try to download a file from company’s shared drive created in Network Place by clicking onto the file, I got this error.
500 – Internal Server Error
The server has encountered an unexpected condition and cannot complete this request. Contact your administrator or check the logs for more information
I tried reinstalling my adito but the problem still stays. Does anyone has a solution to this issue?
I was wondering, is there any changes I need to make in my Firefox connection settings so that it can use the SSL tunnel? Or does the Adito agent take care of that. (No proxy changes) If I do need to make some changes where do I go SOCKS, HTTP, etc? Thanks to anyone that can help.