Sunday rolls around, the weather’s still bad so there’ll be no gardening for me today, time to play with my computers and see if I can work this out.
I’ve decided to use an old 2GHZ P4 server with 1.25GB ram as a vmware server host and attempt the SSL appliance as a virtual machine as I can use the host to run other appliances as well down the track.
Step 1: Install OS onto host. I decided to use SME Server 7.3 (www.contribs.org) as the host OS. This is a pre-built small business server-type distribution that does everything one would need, has excellent community support, and I know there’s a whitepaper on installing VMWare server 1.07 onto it. And I already had the ISO downloaded and CD at hand.
Step 2: 20min later, install VMWare 1.07 Server onto the host. Following this page’s procedure, installing was a breeze; (http://wiki.contribs.org/Vmware#Installation_2)
The section on Remote Access can be skipped.
This step requires a VMWare serial number which is available for free from www.vmware.com when you register for a download of their free products. While registering for a serial number download the VMWare management console as it’s needed to install the appliance later. (Anyone that needs a serial for 1.07 let me know as I registered for ten serials and won't be using more than three)
Step 3: Build a VM for the appliance to run on. I decided to give Ubuntu 8.04.1 Server a go – haven’t used this distro as a server before but I do like the desktop edition so thought I’d see how it goes (also Ubunto is mentioned on the SSL appliance’s installation instructions). Downloaded the iso from http://www.ubuntu.com/getubuntu/download selecting ihug as the mirror – this came down really fast! 400kbps average. Not bad for Lyttelton.
Using the VMWare console on my PC connected to the host and ran the new virtual machine wizard. Gave the VM 256mb RAM, 3GB disk, no floppy, and a CDrom. To install really fast, copy the ISO up to the SME Server host (I used winscp and copied it directly to the host’s virtual machine folder /var/lib/vmware/Virtual Machines) and map the cdrom device directly to the ISO file.
Start the VM and walk through the install. The only package options to select when installing the Ubuntu Server were LAMP and OpenSSH. The installation takes about ten minutes. When the install’s finished stop the VM and remove the virtual CDrom. It’s no longer required. Then start the VM and continue.
Step 4: Prepare the VM for installing the SSL VPN frontend. After finding out the DHCP IP that the VM has picked up by logging in as your user and running ifconfig then setting a root password (sudo passwd), the first thing I do to a Linux machine is install Webmin from http://www.webmin.com/. This utility gives you a much easier web page method to administer your Linux machine than fiddling around on the commandline. Granted, the cli gives you the feeling of power (and you can see the progress of apt-get) but Webmin makes everything easy.
Download the webmin .deb file, scp it up to the VM, log in to the VM as your user and sudo su to get a root commandline. The run apt-get install /path/to/webmin_1.440_all.deb to install.
Once webmin’s installed management can be done from https://yourserver:10000
The SSL frontend I’ve chosen to go with is Adito. Adito is the community fork of SSL Explorer. This give you the ability of making network shares, webpages, ssh/vnc ports available to the roadwarrior outside the network via their browser tunneling SSL & java.
Download Adito from http://sourceforge.net/project/showfiles.php?group_id=228294
Installation instructions available on http://adito.wiki.sourceforge.net/installing_and_running_the_adito_server
Step 5: Change the IP of your VM to what you want really want it to be. I used webmin to change the IP to the final destination and checked the routing & DNS etc. Use the boot tab’s settings to change it, then reboot to pick up the new IP. (Since the appliance is a virtual machine, rebooting is *very* quick.)
Step 6: SSH/console log into the VM, login as root or sudo su to root and install java. This tripped me up as I attempted to install java from webmin, but as Sun’s java needs you to read & accept their terms the webmin installer couldn’t handle it.
Apt-get install sun-java5-bin sun-java5-jdk
Apt-get install ant
Set the JAVA_HOME environment export to point to the version of sun’s java just installed as per installation instructions. (export JAVA_HOME=/usr/lib/jvm/java-1.5.0-sun)
Extract the tar.gz file of Adito into /opt
Change into /opt/adito-0.9.0/ and run ant install from cli
The installer for Adito will now run and do its thing. At the end of the install it’ll ask you to browse to https://yourserver:28080 to finish the install. Set up your VM’s IP as an available IP to listen to or it won’t work. This is why changing the IP before installing Adito is a good idea (I rebuilt once before working this out).
Once the installation wizard has been run, run ant install-service to set Adito up to auto-start on boot.
The final task is to run the ‘Configuring the certificate’ bit of the instructions. I’ve found that the agent works fine without running through the installation instructions after the cert bit.
At some point some additional stuff is required, can’t remember when but one of the above steps will ask for the installation of perl, openssl and a few other things. Apt-get install etc etc etc will install these then re-run the command that stopped.
Step 7: Log in to Adito and set stuff up. The default installation used https://youserver:8443 as the https port – I decided to keep this as I’ve already got something else on 443 – log in here, sign in as root with your root password and now resources to be published can be set up.
I’ve decided to publish my Azureus web interface, my MythTV web interface, SSH to my VM host, SSH to my Adito box, VNC to my Azureus box, VNC to my MythBackend and a fileshare off my fileserver. More to come!
Only failure so far has been attempting to install the vmware-tools into the Ubuntu VM – but I haven’t tried very hard as yet to complete it.
Sweet – now I can get Azureus to start downloading torrents for me from anywhere. And I can schedule MythTV to record stuff for me from anywhere as well.
Other related posts:
OKI B411n & how to reset the NIC
Have people never heard of ad blockers?
Comment by Fred Source, on 28-Oct-2008 05:42
ANother option is to simply install the open source home server from www.amahi.org Not only does it install a VPN (with dynamic DNS automatically configured) but it also delivers a fully fledged home server with network boot for backups, user authenticated filesharing, a media server, some collaborative apps, and a whole lot more!
Comment by w00t, on 28-Oct-2008 13:51
Did you consider running both systems as VMs using VMware ESXi rather than running VMware server under SME?
Comment by aj, on 20-Jan-2009 01:20
I'm having a bunch of issues with adito (WINDOWS) installation. -downloaded and installed JDK1.6 -downloaded amd "copied" to c:\ant\ ANT 1.7 -downloaded adito 0.9.1 and put in c:\adito -set environmental variables (ANT_HOME=c:\ant\bin; JAVA_HOME=c:\program files\java\jdk1.50; path=c:\ant\bin) -"copied" tools.jar from previous java setup to c:\ant\lib AND to c:\adito\lib -to go c:\adito and type (ant install) after all is said and done, it says the following BUILD FAILED C:\adito\build.xml:80: The following error occurred while executing this line: C:\adito\adito\build.xml:877: The following error occurred while executing this line: C:\adito\adito-commons-vfs\build.xml:149: Javadoc failed: java.io.IOException: Cannot run program "javadoc.exe": CreateP rocess error=2, The system cannot find the file specified Cannot reach my page on http://localhost/28080 OR http://localhost:8443 OR https://localhost I HAVE LOOKED EVERYWHERE AND BEEN WORKING ON THIS FOR LIKE 15 HOURS. DOES ANYONE KNOW HOW TO GET THIS WORKING ON WINDOWS XP SP2 DESKTOP ---PLEASE HELP
Comment by Lars Werner, on 18-Mar-2009 07:46
As for now you can use my installer: http://lars.werner.no/adito/ This should help alot of people with "less tweak action fingers" to get the installation right. Comments errors on page if needed
Comment by Tony T, on 28-Apr-2009 22:25
Lars - Your Windows installer works a treat. Good work!
Comment by Freddie, on 18-Sep-2010 02:55
Hello All, Can you please let me know if Adito SSL vpn works with IPAD or blackberry browser? Have you guys used it?
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.
Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.