SSL-Explorer - Clientless VPN via SSL
Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to install a piece of software on the local client, which in most cases increase complexity for the end user. IPSec also operates on the kernel level, often by creating a virtual network card (NIC) on the local client computer. Giving remote users access to internal network resources via a IPSec tunnel might also be a security risk, especially when you don't have control over the client computer. NAT traversal might often also be an issue, as well as other firewall issues in remote locations where you have no influence on the setup (Hotels, Airports and so on). Contrary to IPSec VPN, SSL based VPN uses standard Web-based protocols. By running the connection over SSL, you limit the access through TCP port 443—the port encrypted Web pages use. In most cases port 443 (HTTPS) is open and allowed through the firewall, thus making it much easier to guarantee end users connectivity. SSL VPN doesn't have the NAT problems that IPSec and PPTP sometimes encounter. There is a plethora of SSL VPN solutions available from vendors like Juniper, Citrix, Watchguard, Aventail and others. All of these are appliance boxes, which plugin to your network and provide access. Why not virtualize the appliance? I wanted to try out a SSL VPN solution, but buying dedicated hardware for testing purposes doesn't really fit my budget. At first, I tried looking for a pre-built solution on the VMWare VMTN Virtual Appliances Directory, but all I could find was a trial version of Portwise. While that looks good, I continued looking and stumbled across SSL-Explorer Community Edition. I wonder why no-one has made a prebuilt VMWare Virtual Appliance for it? Seems like something 3sp.com should look into doing. Since there was no prebuilt VM for it, I had to make one. VMWare Server was installed, so all I had to do was to download Debian Sarge, minimal (netinstall), and finish off the installation. To be able to get a new version of Apache ANT and Java (Both required by SSL-Explorer) the Debian install was changed from Stable to Testing and both requirements was installed. After a 3 minute compile of the package, the software was up and running and I could start testing it. The final setup was done via the browser, and in a couple of minutes it was up an running.
Post metadata
Published June 28, 2006 13:37
27 comments
Tagged with computing, firewall_issues, firewall issues, Fun, ipsec vpn, ssl explorer, virtual appliance, vmware server and vpn solutions
27 Responses to SSL-Explorer - Clientless VPN via SSL:
6 Pingbacks to SSL-Explorer - Clientless VPN via SSL:
-
January 1, 1970 1:00am: bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an… SSL-Explorer - Clientless VPN via SSL 28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests
-
August 4, 2006 6:35pmpodcast from Leo Laporte and Steve Gibson. (Not very much material on what we currently think of as virtualization, but I’m waiting on part 2.) Virtual appliances rock: one, two, three part 1, three part 2, four P2V for VMware: tools, experiences, articles Installation of VMware VirtualCenter 2.0. (Lots of screenshots) Two articles from Alessandro Perilli on SearchServerVirtualization: The Kutz Q&A on security and futurescapes
-
September 12, 2006 10:18am[…] In June I tested SSL-Explorer as an inexpensive “clientless” SSL VPN solution, and in August 3dsp announced the availability of a pre-built Virtual Appliance. […]
-
March 16, 2007 10:32amView this article on its blog
-
May 16, 2007 12:09pm[…] vpn virtualisierung tecresearch Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern SSL-Explorer - Clientless VPN via SSL - h0bbel ssl linux vpn Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern Veeam Reporter for […]
-
August 2, 2007 2:46pm: bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an…SSL-Explorer - Clientless VPN via SSL28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests
January 1, 1970 1:00am
: bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an… SSL-Explorer - Clientless VPN via SSL 28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests
July 6, 2006 6:49am
SSL-Explorer - Clientless VPN via SSL…
Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to install a piece of software on the local client, which in most cases increase complexity for the end …
July 14, 2006 10:55am
After a 3 minute compile?? After 5 hours of Installing one preqs after another I was up and running too. How is it possible that it is actually easier to install this on Linux than it is to install on Windows? Why is there no precompiled executable install like the previous version? Bahhh this was not acceptable. Free or not this is just wayyy to frustrating for your average geek. why cant this be packaged as a nice lil .exe file for windows users or atleast include all of the setup files. This was a terrible experience. PS I blew this shit away since it only installed on a test server and decided to use the old version to install quickly on my “production” server.
July 14, 2006 12:09pm
I didn’t try it on Windows, I did it inside a small debian based VM I had set up. Worked out perfectly and compiled in, probably less than, 3 minutes.
July 17, 2006 7:55pm
I’ve been running the previous version very successfully but have been having a heck of a time getting it to compile in Windows.. cant gat ANT working.. but it’s a great product..
July 17, 2006 7:55pm
I’ve been running the previous version very successfully but have been having a heck of a time getting it to compile in Windows.. cant gat ANT working.. but it’s a great product..
July 17, 2006 9:42pm
As I said earlier, I’ve never set it up on windows.
July 18, 2006 5:36pm
I set this up on Windows 2003 Server and it couldnt have been simpler.
Donwload ANT, place it in a folder, set the path variables.
Download JDK, install it, set the path variables.
Unpack the sslexplorer zip package to a folder, run cmd, type ant install and 30 seconds later it brings up the configuration browser and away you go.
The only problem I do have at the moment is getting the applications configration wizard to load as I am geting a Java error, the rest seems fine.
Nicely integrated with Active Directory, only took a few seconds.
Very nice piece of software.
July 18, 2006 8:43pm
Excellent, pretty much the same experience I had on linux. You do need to have the prerequisites installed of course.
July 19, 2006 10:14am
Solved the application issue, the server I was using didnt have access to the web, once I gave it access (as i am running it internally for testing atm) it gave me a list of applications to install then I was able to create putty and Windows remote desktop client connections to the servers.
I thoroughly recommend all organisations look at this product, we have been evaluating numerous bought sollutions running into thousands of pounds, and this does the same stuff, and in some cases more then those being offered.
July 19, 2006 10:18am
Nice! I do agree, SSL-Explorer offers a lot of the same things commercial SSL VPN solutions do. I’ll probably test it in an enterprise environment over the summer.
July 20, 2006 9:37pm
DId get it to work right and setup usernames/pw’s and then all of a sudden the website doesnt load, just a blank page after the CERT warning. I’ve tried deleting/re-downloading it.. loading the page locally etc.. same result.. It looks like a problem with the web server.. but I dont know JETTY.. any ideas?
July 21, 2006 3:02pm
do you have anything else running on the box such as IIS or Apache?
July 21, 2006 6:00pm
yeah.. I’m running IIS on it.. but not https- port 443. SSL-Explorer was working fine and while updating users it just stopped showing the page.. even after I”ve deleted it and put it back.. I got 16.1 working though now…
August 1, 2006 1:45pm
Ok, so now we have a prebuilt VMWare Apliance?
From you?
That would be really nice ….. ;O)
August 1, 2006 6:49pm
Well, my “Appliance” is not that generic, nor is the base debian install small enough to distribute. I hope someone who really knows how to build VMware appliances will pick this up though.
August 3, 2006 5:15pm
Hello thanks for your experience, but i have a question i install a debian do you have a tuto or links for this distribution ??
Thanks
August 4, 2006 2:04am
The debian base install I used, is linked to in the main article. Other than that, I just followed SSL-Explorers documentation.
August 4, 2006 6:35pm
podcast from Leo Laporte and Steve Gibson. (Not very much material on what we currently think of as virtualization, but I’m waiting on part 2.) Virtual appliances rock: one, two, three part 1, three part 2, four P2V for VMware: tools, experiences, articles Installation of VMware VirtualCenter 2.0. (Lots of screenshots) Two articles from Alessandro Perilli on SearchServerVirtualization: The Kutz Q&A on security and futurescapes
August 18, 2006 12:46pm
Hey h0bbel,
Thanks for the article! We appreciate this sort of thing.
We now have a VMWare build of our SSL-Explorer: Enterprise Edition available from our website.
http://3sp.com/showSslExplorer.do
Before anyone starts complaining about it being non-free - this version starts in Community Edition mode until you request a license from us for the Enterprise components.
If you DO chose to install an EE license (it is optional) - even after the license expires, the software won’t quit working, it just reverts back to the CE feature set.
So, if anyone wants an SSL-Explorer VM and doesn’t like the thought of compiling nasty source code then they might want to try out our VMWare appliance. It’s free after all!
Thanks,
Richard Pernavas
3SP Ltd
August 18, 2006 3:01pm
Excellent news, I’ll try that as soon as we have ESX 3.0 running at work.
August 18, 2006 3:16pm
SSL-Explorer Clientless VPN Appliance…
A while ago I tested SSL-Explorer inside a VMware session. While doing this I wondered why 3sp.com didn’t have a pre-built VMware Appliance available for testers. Now my request has been answered. In a comment on my original post, Richard Pernav…
September 12, 2006 10:18am
[…] In June I tested SSL-Explorer as an inexpensive “clientless” SSL VPN solution, and in August 3dsp announced the availability of a pre-built Virtual Appliance. […]
January 10, 2007 1:51am
On the sourceforge.net’s website you can download the newest .EXE Installer. It’s the simplest and quickest way of installing SSL-Explorer. There are also cool extensions like removing the branding on the logon page for more security. Enjoy!
March 16, 2007 10:32am
View this article on its blog
May 16, 2007 12:09pm
[…] vpn virtualisierung tecresearch Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern SSL-Explorer - Clientless VPN via SSL - h0bbel ssl linux vpn Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern Veeam Reporter for […]
August 2, 2007 2:46pm
: bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an…SSL-Explorer - Clientless VPN via SSL28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests