Episode 607 – Build a free SSL VPN on Linux or Windows
This time on the show, bypass restrictive firewalls with a free and open source virtual private network server for windows and linux that will have you connecting back to the home or office with just a web browser!
Thus far we’ve only spoken about implementing Virtual Private Networks using Point-To-Point Tunneling Protocol. While PPTP is a ok protocol for secure tunneling, at least in my experience it comes with a few gotchyas. Namely firewalls.
VPNs based on Secure Sockets Layer or SSL technologies are less encumbered by these restrictions. Certificates are already in the browsers and there is often no software to install. Secure, Easy, Versatile.
You can think of SSL VPNs as the Webmail of email. Rather than setting up a dedicated client like Outlook or Thunderbird to use POP3 or IMAP4 we’ll be using our web browser to access an https site.
SSL Explorer is a web based SSL VPN server. The technology was acquired by Barracuda Networks. Project named
Download, Run, Next, next, next, install, next,
Create certificate, Install Service, browse to https://server:28080 from client,
Login as admin and follow the certificate creation wizard.
System Configuration is basically the same on Linux or Windows.
Begin by setting up a LAMP and OpenSSH server. In this segment I used Ubuntu Server 8.04 32-bit.
Install Java JDK and configure paths.
sudo apt-get install sun-java6-bin and sun-java6-jdk export JAVA_HOME=/usr/lib/jvm/java-6-sun export PATH=$PATH:$JAVA_HOME/bin java -version
Next install ant, which is kinda like make for Java.
sudo apt-get install ant
Then in /opt go ahead and download and install OpenVPN-ALS.
cd /opt wget http://downloads.sourceforge.net/project/openvpn-als/adito/adito-0.9.1/adito-0.9.1-bin.tar.gz (note: at time of writing this was the latest version.) sudo tar zxvf *.gz cd adito-0.9.1/ ifconfig (remember this IP, you'll need it in a minute) sudo ant install
From a browser go to http://
Once the wizard is complete the installer will finish. Now we’ll install OpenVPN-ALS as a service.
sudo ant install-service sudo ant start
At this point we can stop and start the service using /etc/init.d/adito stop|start|restart.
You can now browse to the server’s IP on the port you configured in the setup wizard (default is 443 so simply prepend the IP by https://). Login with the super user account and you’ll be greeted by a management GUI. From here you can create accounts, groups, policies, and add resources. In this segment I configured an SSL Tunnel, a Network Place, and a Web Forward. For more details on configuration I advise consulting the SSL-Explorer Admin Guide (Zipped PDF). While the name has changed most of the functionality is the same. You may find additional documentation at the OpenVPN ALS forums.