SSL-Explorer - Clientless VPN via SSL

Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to install a piece of software on the local client, which in most cases increase complexity for the end user. IPSec also operates on the kernel level, often by creating a virtual network card (NIC) on the local client computer. Giving remote users access to internal network resources via a IPSec tunnel might also be a security risk, especially when you don't have control over the client computer. NAT traversal might often also be an issue, as well as other firewall issues in remote locations where you have no influence on the setup (Hotels, Airports and so on). Contrary to IPSec VPN, SSL based VPN uses standard Web-based protocols. By running the connection over SSL, you limit the access through TCP port 443—the port encrypted Web pages use. In most cases port 443 (HTTPS) is open and allowed through the firewall, thus making it much easier to guarantee end users connectivity. SSL VPN doesn't have the NAT problems that IPSec and PPTP sometimes encounter. There is a plethora of SSL VPN solutions available from vendors like Juniper, Citrix, Watchguard, Aventail and others. All of these are appliance boxes, which plugin to your network and provide access. Why not virtualize the appliance? I wanted to try out a SSL VPN solution, but buying dedicated hardware for testing purposes doesn't really fit my budget. At first, I tried looking for a pre-built solution on the VMWare VMTN Virtual Appliances Directory, but all I could find was a trial version of Portwise. While that looks good, I continued looking and stumbled across SSL-Explorer Community Edition. I wonder why no-one has made a prebuilt VMWare Virtual Appliance for it? Seems like something 3sp.com should look into doing. Since there was no prebuilt VM for it, I had to make one. VMWare Server was installed, so all I had to do was to download Debian Sarge, minimal (netinstall), and finish off the installation. To be able to get a new version of Apache ANT and Java (Both required by SSL-Explorer) the Debian install was changed from Stable to Testing and both requirements was installed. After a 3 minute compile of the package, the software was up and running and I could start testing it. The final setup was done via the browser, and in a couple of minutes it was up an running.
SSL-Explorer Logon Screen

SSL-Explorer Applications
For details on how to install, check the Getting Started Guide (PDF), which is pretty comprehensive. So far, it's working perfectly as a VMWare Appliance. I run it on my XP desktop, with the VMWare NIC running in Bridged mode. Setting up RDP back to the desktop computer was a snap, and I now have full remote access to my own desktop computer via SSL. It's grrreat! All administration is done via a very intuitive web interface, and you can set up role based access rules based on policies you define. SSL-Explorer also offers a lot of other features, read about them here. Actually, it's working so perfectly that I'll probably move the virtual machine over to the new ESX servers when thats set up and start providing our users with SSL based VPN instead of the traditional IPSec tunnels. I haven't tried the Active Directory integration yet though, but I doubt it will cause that much trouble. After all, the rest of this application looks rock solid. I really wish 3sp.com will set up a prebuilt VM though, it would make testing their application that much quicker and easier for everyone. More screenshots here

Posted by Christian Mohn aka h0bbel

Post metadata


Published June 28, 2006 13:37
27 comments

Tagged with , , , , , , , and


27 Responses to SSL-Explorer - Clientless VPN via SSL:

  • VirtuaMag.net
    January 1, 1970 1:00am

    : bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an… SSL-Explorer - Clientless VPN via SSL 28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests

  • Martin's personal blog
    July 6, 2006 6:49am

    SSL-Explorer - Clientless VPN via SSL…

    Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to install a piece of software on the local client, which in most cases increase complexity for the end …

  • Chris
    July 14, 2006 10:55am

    After a 3 minute compile?? After 5 hours of Installing one preqs after another I was up and running too. How is it possible that it is actually easier to install this on Linux than it is to install on Windows? Why is there no precompiled executable install like the previous version? Bahhh this was not acceptable. Free or not this is just wayyy to frustrating for your average geek. why cant this be packaged as a nice lil .exe file for windows users or atleast include all of the setup files. This was a terrible experience. PS I blew this shit away since it only installed on a test server and decided to use the old version to install quickly on my “production” server.

  • h0bbel
    July 14, 2006 12:09pm

    I didn’t try it on Windows, I did it inside a small debian based VM I had set up. Worked out perfectly and compiled in, probably less than, 3 minutes.

  • Sanchez
    July 17, 2006 7:55pm

    I’ve been running the previous version very successfully but have been having a heck of a time getting it to compile in Windows.. cant gat ANT working.. but it’s a great product..

  • Sanchez
    July 17, 2006 7:55pm

    I’ve been running the previous version very successfully but have been having a heck of a time getting it to compile in Windows.. cant gat ANT working.. but it’s a great product..

  • h0bbel
    July 17, 2006 9:42pm

    As I said earlier, I’ve never set it up on windows.

  • Lickeh
    July 18, 2006 5:36pm

    I set this up on Windows 2003 Server and it couldnt have been simpler.

    Donwload ANT, place it in a folder, set the path variables.
    Download JDK, install it, set the path variables.
    Unpack the sslexplorer zip package to a folder, run cmd, type ant install and 30 seconds later it brings up the configuration browser and away you go.

    The only problem I do have at the moment is getting the applications configration wizard to load as I am geting a Java error, the rest seems fine.

    Nicely integrated with Active Directory, only took a few seconds.

    Very nice piece of software.

  • h0bbel
    July 18, 2006 8:43pm

    Excellent, pretty much the same experience I had on linux. You do need to have the prerequisites installed of course.

  • Lickeh
    July 19, 2006 10:14am

    Solved the application issue, the server I was using didnt have access to the web, once I gave it access (as i am running it internally for testing atm) it gave me a list of applications to install then I was able to create putty and Windows remote desktop client connections to the servers.

    I thoroughly recommend all organisations look at this product, we have been evaluating numerous bought sollutions running into thousands of pounds, and this does the same stuff, and in some cases more then those being offered.

  • h0bbel
    July 19, 2006 10:18am

    Nice! I do agree, SSL-Explorer offers a lot of the same things commercial SSL VPN solutions do. I’ll probably test it in an enterprise environment over the summer.

  • Sanchez
    July 20, 2006 9:37pm

    DId get it to work right and setup usernames/pw’s and then all of a sudden the website doesnt load, just a blank page after the CERT warning. I’ve tried deleting/re-downloading it.. loading the page locally etc.. same result.. It looks like a problem with the web server.. but I dont know JETTY.. any ideas?

  • Lickeh
    July 21, 2006 3:02pm

    do you have anything else running on the box such as IIS or Apache?

  • Sanchez
    July 21, 2006 6:00pm

    yeah.. I’m running IIS on it.. but not https- port 443. SSL-Explorer was working fine and while updating users it just stopped showing the page.. even after I”ve deleted it and put it back.. I got 16.1 working though now…

  • Henri
    August 1, 2006 1:45pm

    Ok, so now we have a prebuilt VMWare Apliance?
    From you?

    That would be really nice ….. ;O)

  • h0bbel
    August 1, 2006 6:49pm

    Well, my “Appliance” is not that generic, nor is the base debian install small enough to distribute. I hope someone who really knows how to build VMware appliances will pick this up though.

  • Lutin_Blanc
    August 3, 2006 5:15pm

    Hello thanks for your experience, but i have a question i install a debian do you have a tuto or links for this distribution ??

    Thanks

  • h0bbel
    August 4, 2006 2:04am

    The debian base install I used, is linked to in the main article. Other than that, I just followed SSL-Explorers documentation.

  • VMTN Blog
    August 4, 2006 6:35pm

    podcast from Leo Laporte and Steve Gibson. (Not very much material on what we currently think of as virtualization, but I’m waiting on part 2.) Virtual appliances rock: one, two, three part 1, three part 2, four P2V for VMware: tools, experiences, articles Installation of VMware VirtualCenter 2.0. (Lots of screenshots) Two articles from Alessandro Perilli on SearchServerVirtualization: The Kutz Q&A on security and futurescapes

  • Richard Pernavas
    August 18, 2006 12:46pm

    Hey h0bbel,

    Thanks for the article! We appreciate this sort of thing.

    We now have a VMWare build of our SSL-Explorer: Enterprise Edition available from our website. 
    http://3sp.com/showSslExplorer.do

    Before anyone starts complaining about it being non-free - this version starts in Community Edition mode until you request a license from us for the Enterprise components.

    If you DO chose to install an EE license (it is optional) - even after the license expires, the software won’t quit working, it just reverts back to the CE feature set.

    So, if anyone wants an SSL-Explorer VM and doesn’t like the thought of compiling nasty source code then they might want to try out our VMWare appliance. It’s free after all!

    Thanks,

    Richard Pernavas
    3SP Ltd

  • h0bbel
    August 18, 2006 3:01pm

    Excellent news, I’ll try that as soon as we have ESX 3.0 running at work.

  • h0bbel
    August 18, 2006 3:16pm

    SSL-Explorer Clientless VPN Appliance…

    A while ago I tested SSL-Explorer inside a VMware session. While doing this I wondered why 3sp.com didn’t have a pre-built VMware Appliance available for testers. Now my request has been answered. In a comment on my original post, Richard Pernav…

  • Running the SSL-Explorer Appliance on VMware Infrastructure 3 - h0bbel
    September 12, 2006 10:18am

    […] In June I tested SSL-Explorer as an inexpensive “clientless” SSL VPN solution, and in August 3dsp announced the availability of a pre-built Virtual Appliance. […]

  • steven
    January 10, 2007 1:51am

    On the sourceforge.net’s website you can download the newest .EXE Installer. It’s the simplest and quickest way of installing SSL-Explorer. There are also cool extensions like removing the branding on the logon page for more security. Enjoy!

  • coComment - Site comments by h0bbel
    March 16, 2007 10:32am

    View this article on its blog

  • Favoriten | mister-wong.de | Social Bookmarking Tool
    May 16, 2007 12:09pm

    […] vpn virtualisierung tecresearch Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern SSL-Explorer - Clientless VPN via SSL - h0bbel ssl linux vpn Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern Veeam Reporter for […]

  • VirtuaMag.net
    August 2, 2007 2:46pm

    : bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an…SSL-Explorer - Clientless VPN via SSL28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests

6 Pingbacks to SSL-Explorer - Clientless VPN via SSL:

  • VirtuaMag.net
    January 1, 1970 1:00am

    : bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an… SSL-Explorer - Clientless VPN via SSL 28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests

  • VMTN Blog
    August 4, 2006 6:35pm

    podcast from Leo Laporte and Steve Gibson. (Not very much material on what we currently think of as virtualization, but I’m waiting on part 2.) Virtual appliances rock: one, two, three part 1, three part 2, four P2V for VMware: tools, experiences, articles Installation of VMware VirtualCenter 2.0. (Lots of screenshots) Two articles from Alessandro Perilli on SearchServerVirtualization: The Kutz Q&A on security and futurescapes

  • Running the SSL-Explorer Appliance on VMware Infrastructure 3 - h0bbel
    September 12, 2006 10:18am

    […] In June I tested SSL-Explorer as an inexpensive “clientless” SSL VPN solution, and in August 3dsp announced the availability of a pre-built Virtual Appliance. […]

  • coComment - Site comments by h0bbel
    March 16, 2007 10:32am

    View this article on its blog

  • Favoriten | mister-wong.de | Social Bookmarking Tool
    May 16, 2007 12:09pm

    […] vpn virtualisierung tecresearch Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern SSL-Explorer - Clientless VPN via SSL - h0bbel ssl linux vpn Hinzugefügt vor 2 Tagen von C0lP4nic, 1 Benutzer speichern Veeam Reporter for […]

  • VirtuaMag.net
    August 2, 2007 2:46pm

    : bonzo | freebsd | tech-diary |… LDAP-Driven RADIUS Appliance 28 juin 2006 Because one of our clients thinks that two Radius servers are not enough, I’m creating a couple of VMware appliances which will be hosting an…SSL-Explorer - Clientless VPN via SSL28 juin 2006 Traditional IPSec VPN solutions offer great access to internal network resources. One of the biggest problems with using IPSec VPN is that you need to… VMware Tools for FreeBSD Guests

Leave a Reply


Contact me

Lets talk!
Get in touch