Segments

" Wow."

" This time on the show bypassing restrictive firewalls for free and open source virtual private network servers for windows and Linux that'll have you connecting back to the home or office network with just a web browser. -- brought you by go to -- express. Squarespace. In the united states air force thanks air force for sponsoring this show."

" Welcome back up my name is Darren Kitchen and that's probably isn't what you were expecting to see. I'm actually flying solo today. And after last week's interview with that with writer. You know working on little blog -- comic figures it this a shot. It's fun Leo and show. So this so I'm going to be talking about -- he ends. Which are excellent or we need to get remote access but you're behind and you know school or whatever firewalls that prohibit. UP TP or -- traffic. So. They had to get through the banks I felt yeah now. 443. -- to be a good. Matt and which I think it's episode. Or that we. It's very cute so. They'll be back next week and from all the puts -- But. And have a math problem -- that it would record a couple of times and that we gotta work. With the help what do you Franklin. This powerful -- with -- is keep it soldering that we had details. So. Anyway. -- on -- it -- to get yourself. So let's take a look after a report from one of our office and authors."

" So thus far in our PP answers we've only been talking about PP TP or point point tunneling particle EP ends. And while keeping -- is -- insecure. Technology in my experience it does have a few catches. And namely it's traversing firewalls. And legislating from my experience you guys now I'm assisted in my day now this is fund your money hobby but. You know I gotta support a whole bunch users and while we do you use PP TP primarily we you have some please -- to clients sites that are may be secure government facilities and they have some problems. Actually getting a VPN tunnel back through those firewalls. So. In in that instance it's it just led me to talking about as to sell these -- and Mac could speak about this. In great detail he he also supports -- they'll -- again. But no one those pointed out from the gavel that we talked about few episodes ago on them with pointed out from the media a lot emails about. Is this has to sell explorer and I thought that maybe. We could you know talk about this in the evolution -- product and show you how to set it up both on windows and on Linux and she gets and BC usage. I know that's a -- explorer has a lot of people pointed out is actually. Well as is not pointed out SS Alex Horwitz in open source as a cell. BP and technology. That was then acquired by barracuda. And basically stop being maintained but there is a source fork over to the name. I. VPN. -- number of and he can from a prior VP and segment where we actually put together. And open DP and access server one of this product is being called open VPN AL ass or application layer software. And it's basically going to complement the suite of open he can technologies. Along with the access server and there are other network players stuff and it's not really gonna be rolled into it from what I understand reading you know the CEO of a and he can't comment when this. You know when the -- happened it's not really gonna merge into its not gonna. Be brought into the opens you can't access server product. But it is going complement it and it's really good to see them supporting goes -- In getting it to developers on hand because it is a very cool piece of software is merely is. Is well documented as it could be but it is so powerful so let's go ahead and you know if if not really Glock in this so far it I kind came up with a perfect analogy. What the differences between what we're doing before it went atomic particle or even IPSec if you will. And how we're going to be implementing an Asus -- can and the differences. That you know. In SS LB -- you're just using. Your web browser you using you know the certificates that are already built in your browser to go ahead and make it secure connection and you can kind of think of it as the difference between using today. Pop three or I'm up and a standalone client like outlook or thunderbird to connect through email and you know do that securely with. You know with the authentication in and the and the time -- the security whatnot encryption. Or. You could just use Gmail Yahoo! mail whatever and just do the HTTP -- and from any web browser gain access to those resources so. You know that's kind of the idea here is if you were able to see a at your workplace your school where ever get to an HT TPS site so if you can do want that the belonged sort of -- to online banking. Most likely you're going to be able to use -- SS LV PN because all the browser and the only thing required is Java and in some cases not even that. So let's go ahead and talk about how to set this up. On windows XP. So setting up an open he can -- server and windows can be kind of difficult honestly but it's not impossible and can be set up on you know your windows XP. Clients or a windows server 20032000. And whatever. It's actually didn't need a lot easier by Lars Warner actually put together -- SIS installer. Right here and it makes setting this up so much easier all the need to do is make sure that we actually have the Java run time environments and we're gonna go ahead and do this here. On one of our XP PMs. And I'm gonna walk you through it it's really dead simple that -- while one in Linux but. But seriously it's just -- next I agree next install. And once it starts the service we can actually connect to the web interface and go ahead and configure certificate. And this is going to be the same on basically Linux and windows. But eventually this happening here. So here we are and are ghetto browser of choice and will go ahead and create a new certificate. And come up with a pass phrase for that's certificate nothing fancy here. And we'll give it some information so this host -- locals will do for right now. I would get the options you use either active directory or built in authentication and if we were using the -- that actually have the option to do radius. A for the time being let's just focus on the built and and we'll configure our super user and I'm gonna be lame. And use admin as the super user -- is yeah. -- feel -- coming up with anything -- right now. We're gonna go ahead with the default but you'll notice here that airports four point three so if you've got an Internet -- service provider you elect a residential cable modem DSL something like that but actually -- 443 incoming. -- wanna make sure had a time. And change ports accordingly but we're just gonna go with the defaults to make things easy for clients that -- happening coal and whatever after the address. And scale it that's standard HT TPS address. No proxies -- here. And let's go ahead and finish it out and click finish. And down at that time we can exit the installer. And in just a few seconds here. It will actually tell this installation process that we have completed. And we will talk to install as a service. So we can actually use this just like we would any other windows service using service -- C. Which is great because now in control it with you know fire demon or gaming or whatever we've talked about. Ways to have fun with when -- services before in the past. There we go that's completed press any key. We click finish and it's all pretty much set up for us we just come into. A and their Rio can restart the service we can you know find all sorts information go to via the web interface. Now as far as can figure in the system that is nearly identical on Linux or windows so this is the point where we're going to stop with the windows install. And take a quick break and when we get back. We will go through the Linux install and then find out some information about basic usage and actually figuring this that would get and local resources remotely."

" You probably already know they go to assist expressed by some -- is the easiest way to provide instant remote support to clients anywhere in the world. Let's see it in action from my computer and launch go to Estes express and -- the support hero to the life. Click the link and click run and click yes to joint session and back on my computer I'm greeted by the screen taking control the computer mouse and keyboard. That's a -- in just one click I have a thorough PC diagnostics that I can troubleshoot that you see for. Or two clicks reboot their PC in safe mode without ever losing connection and let's face it. That beats the heck I'm driving or flying -- any day. Sign up for your free go to -- express trial go to assist dot com slash Hak5."

" So now let's go ahead and set it on a Linux server. I love we're going to be using but -- actually eight Leo where in this instance and it's the 32 bit edition. And to save some time I've already set up at the end here with it configured as an open SSH server and a lamp server. You know. The Linux and so does make that super simple whatever favorite that's true is I just hadn't yet much setup and let's go and and the rest. So here bash and it's really just a matter of getting a couple of blood tendencies namely we need Java. We need to get sun Java six and the GP case though. Just in the -- here and two apt get -- We need to make sure that we get the JDK. And not the -- up JR -- and justice has had left episodes ago bang bang. I'm always forget -- Through that is an important thing. Now once we've gone ahead and downloaded job and agreed to license and install that we do need to make sure that we set up the home correctly so for that will run export. And in our case it's user live GBM. I Java six on the that may differ depending on what you distribution has and I'm gonna go ahead and also put that in the -- with a slash span and it. Finally will go ahead and verify the version of Java that we are running by issuing Java attacked version. And we can see there that we are using. One point six. There's another dependency that we're going to need and that is amp amp -- is kind of like make up for Java so let's go ahead and get that real quick. So we have our dependence these let's go ahead and download a so we're gonna do that in slash opt. Panel -- and W get it over from a source port. Now all un -- it. Now before we go ahead and saw this we do need to know RIP address because that's how we are going to configure the certificates are real quick. -- I African pig on that 10100197. So keep that in mind. And run pseudo and it install. Now -- at this point we are instructed to go ahead and point our browser over to this -- On port 28080. And that's where we can go ahead and set up the certificate much like we did in the wind is version of this installs so let's go ahead. Over to our when disclaim here and launcher get a browser. And -- greeted by the anti -- installation wizard and much sleep we. Did India. When his version will fly right through this creating -- pass phrase. And setting up or certificate. And we'll go ahead and use the built ten. And set up a lane super user. And the rest are defaults. Now I exit the install and in just a few seconds this will complete installation here on the Linux side. And there we go now we do wanna make sure that this is installed as a service so run every time that the server is booted so for that we run pseudo aunt. Install. Service. And we'll start that and now we can actually start and stop this just like we would any other service pirating spots ETT -- in it but he slash. Now in this case it's a so now let's take a look at some basic usage and how we'll actually use this as a client. So now that we have our Linux server set up let's go ahead and actually configure and connect to it as a client and an analyst to know right off the bat that this is such. A large piece of software with so many intricacies that there's no way that we're gonna cover -- But I'll just go ahead -- basics here in the lead the rescue guys to explore. Now to go ahead and configure this would you just connect to like we said we can -- set it up on port 443 so in this case is just HTTP yes. The IP address and in our get a rather we are a presented with this warning about mr. -- server certificate because we are actually using it self signed certificate. Rather than actually doing had purchasing one from an authority. Let's go ahead and continue. And we set up our user men that they pretty lame password. And from here we can configure the users and the other resource that those users will that have access to you. So I can say we are using the built in authentication into this we're not using radius old anything like that so let's go ahead and create an account so under access controls will click counts and under actions on the right we'll click create -- account. And we're gonna make Bob. And that's his username and his full name is mother didn't love them and let's make him -- dot org. And we haven't actually set up any security groups but that's fine for the time being. Give them a password. We're not gonna force in the changes password. An area it set up Bob. Now let's actually let Bob have access to some resources so what kind of resources we need if you're connecting back here home or small office Lan remote -- Well no administrators would I want access to you. Some of you know. Services -- servers that will tunnel into administer fitness. The users I would character files and I care about getting to some website name got some accounting systems that are using. Apache tomcat. Are now so let's go ahead and give them access to those so under resource is here you'll see that we have. Just web -- and why do we only have. Mike how -- can't see the rest of the because my resolution is too small. He -- in a bump up the end here. While those Palin. Let's say to look at the resource is that we can give you our users. First off it's SSL tunnels. We've actually talked about -- tunneling long ago and act I believe in season for most recently. And this makes it super simple to go ahead and create there's -- on Iraq increase. Click create tunnel and we'll give it a name that's in this case it's actually -- routers we're gonna create NASA so tunnel over to our routers. And the interface for the person connecting is actually going to beat their local host. In this case it is port 222. And on this land that the connecting to its tent and a one. On port to to -- We're going to say that every one. Has access to that. And finish. And in just a minute when we connect over as the client you'll see how we can actually access that lets go ahead and set it to other resources. So on an exit this wizard. And choose the network place a basically a windows samba share so we're gonna go under network places under resources. And click create network place. And we're gonna call this read one. Yes who allowed it favorites. And the path to this. And this is a windows network share. The host will be ten to attend -- to a five. It passes are one. We don't in this instance does our home raid and we actually don't really worry about the authentication here so we'll leave that blank select next we're gonna choose everyone once again. -- but you can have access -- notes Bob. And finish. Exit that wizard. And we're also going to give Bob here access to -- Apache tomcat servers so let's see if I can actually pull that up here. Which one of view is running tomcat. May remember this from a few episodes back. Just need to get his IP here -- 137. Excellent. We're going to create a web forward to that. Now what that means is once Bob connects to the PP end here. He can actually connect to that Apache tomcat server that you know behind the firewall protected and encrypted with this SSL VPN. And there's a few different types of web forwarding that we can you hear the one that we're gonna focus on today is actually called. -- web replacement proxy and what that essentially does is makes the RSS he'll be cancer here actually handle the connection it's going to make the connection on behalf of Bob and then feed it back to Bob. Through its connection it's it's kind of like squid. Kind of that it does catch it let's see here so let's go ahead and create this and caught tomcat. -- that favorites. And in this case it's 1010 -- 131. Pretty sure. 137. HTTP -- us us. 10100137. On port 8080. And we're just gonna select every one. And finish. This was there. Okay and there was one thing I forgot to do here -- that was when it set at the justice O'Connell did not make it a favorite you'll see why that's important minutes got added that it. -- favorite save it there we get so. That's so we need to do to get access to those internal resources on the management side so let's actually take a look at what this experience is going to be like for the client. So. We will actually used the same the end here this when museum. And I'm gonna log out here. And we're gonna pretend we are Bob. And what we'll do is just head over to HT TPS. 10100197. Presented with -- You know log in prompt here we can get that Bob and that -- passcode that we give them. You're -- has been disabled."

" I have to check enabled -- account. See I'm plan right through this and then I missed stupid stuff. Art so let's log in is Bob. And his dumb password. And this is what the users -- with and they can see just you know other favorites they can change their password and it's really simple stuff here. We have access to the raid. So let's take a look at that have a -- raid. And yes we do want to allow pop pops. -- a pop up window here in our browser. And we can actually see all of the different you know with folders and files that are set up on our rate here at the -- counts. You know it's. I don't know five move for. Hand. A look at the wallpaper from episode -- before. You know suffice to say we can. Now we added our files we can upload we can believe we can you know whatever we need to do we've got -- store files here. Through this web interface and that's the nice thing about is there was nothing that we had to install we just went to this web page made that easy. Well what about Asus H tunnel we set that up so that you know as an administrator we can go ahead and get access Tor servers that way. Let's go ahead and act that so from our favorite thing in click brouder. And we're gonna get our job on so yes we're going to accept this job and am we now have access to that routers we can actually pull up -- here and point our local host some port 222 as we set up. Looks and there we -- we can log in it so. And there -- this is actually are smooth oval that is running Internet connection here rat pack house. And let's take a look at one other thing and that would be actually accessing that tomcat server. Oh we have to do is click -- from our favorite here. We'll get a new window. And there we aren't -- in keep in mind. You'll see here were connected to tend to attend -- 197. We're using the replacement proxy engine. And you keep going along the address you'll actually see that connected to you. That internal server. Apache tomcat server so. You know it's it's kind of an interesting way to do Webster re direction and there are a few other ways can handle this is while that are outside the scope of this segment. But I implore you to go ahead and play with this it is such a powerful tool. And I look forward to hearing what kind of feedback you guys have on this 01 other thing releases so cool so. The argument between cancer cell and you know your your typical PP TP or IPSec V in is that. For the clients and you can see how did simple this is I'll have to do is open up the browser go to web page log in and they've got access right through their web browser. To those resources and in a lot of instances they don't even need. Java deal with the needed jobs report was to initiate that that tunnel so that a kid you know tunnel to my local let's actually get as a time when my servers. Which necessary to secure anyway now we're only open -- only were opening a lot less in this instance. But then some people may say well I really would like a dedicated client and there actually is one and this is so nifty. This is from. I'm not even going to try to pronounce this web page but you can grab this here and this is actually a standalone. Java based. Agent that you can use to connect to this and I think probably the log out of the web based ones first. And yes -- we understand we disconnected. But I can go ahead and log in as Bob using the standalone agents here. On HTTP yes. There have a I'm logged in and it. This kind of gives you an idea of how versatile this is if you wanna web client. He got that if you wanna stand on -- you've got that. To very powerful piece of software -- hope this really gives you guys some ideas of how you can use this is tricky circumstances where you've got firewalls that are little prohibitive about what you can access out. The insane if you've got access to online banking -- you can get to any HTTP yes slightly. I even Gmail. In most instances of a -- to get access to this and everything just goes through their makes it super simple set up. So I mean just for the web forwarding alone I think it's an awesome. Awesome -- the use so I'm looking forward to hearing you guys feedback if you have questions you had suggestions. Be sure to hit me up here and Hak5 dot org and -- show notes in the rest of details about this segment and any other segments on this show net over to our site. Hak5 dot org."

" Squarespace is a publishing system for anyone looking to build a blog portfolio or any kind of website. They're unique drag and drop design tool makes it easy for anyone to build a beautiful looking website without any programming required. They're hosting is fully managed C don't have to think about servers are patches. Squarespace just launched a new site importing tool that makes it easier than ever to move your existing website over. They're tool crawls your site preserving all your media on their S three power Baghdad if you use a personal domain you're you're a structures maintained. Meaning your links -- break in here as CEO won't take a dive so if you're already on blogger type pad movable type or any platform that transition will be if he's okay. Trial Squarespace free for two weeks and use code Hak5 to get 10% off the life of your service."

" But just very upset this episode of Hak5 think you get through watching. As always we encourage your feedback so if you like to shoot the letter go ahead do so feedback Hak5 dot org. What you do on the Twitter thing that's -- you can planet's on FaceBook just you know those that would think what you'd like to see. -- let you know about a new show on Revision 3 it's called white checker and it is. So the cover the best of indie video games so you know stuff downloadable for the ex boxer that we where the iPhone that's your sort of thing you're gonna love this show. It airs Thursdays at revision3.com. Slash hijacker. And we have some excellent stuff coming up soon here next week on so we're gonna be talking to him radio operator about them. Packet radio stuff."

" It's going to be a lot of fun and what else. Oh we've got some hardware -- coming up with some and LCD displays and touch screens and and -- at some ridiculous stuff that includes fire if you guys who enjoyed so. Fiesta around we will see you guys so Wednesday's. As always and you know this is if you -- speakers -- need to become might just go ahead pick this up so Garrett dot com -- but they like. Until next time on behalf of -- and time we're reminding you trust your technolust."

" declared corridor and it is difficult and literally into the whole book. You deflator you can stuff and this is the candidate. -- today. Partners when it really just decorate -- 130 where it shouldn't -- reminder. Put on a recent trip we'll. What happened to it but we'll. As long and so now have -- that was doing the deal works -- that couldn't. Wouldn't let you know about and your show on Revision 3 band like -- go ahead now that lays dreams that life is. -- It's green. There you go. And Jersey."

" Wow."

" This time on the show bypassing restrictive firewalls for free and open source virtual private network servers for windows and Linux that'll have you connecting back to the home or office network with just a web browser. -- brought you by go to -- express. Squarespace. In the united states air force thanks air force for sponsoring this show."

" Welcome back up my name is Darren Kitchen and that's probably isn't what you were expecting to see. I'm actually flying solo today. And after last week's interview with that with writer. You know working on little blog -- comic figures it this a shot. It's fun Leo and show. So this so I'm going to be talking about -- he ends. Which are excellent or we need to get remote access but you're behind and you know school or whatever firewalls that prohibit. UP TP or -- traffic. So. They had to get through the banks I felt yeah now. 443. -- to be a good. Matt and which I think it's episode. Or that we. It's very cute so. They'll be back next week and from all the puts -- But. And have a math problem -- that it would record a couple of times and that we gotta work. With the help what do you Franklin. This powerful -- with -- is keep it soldering that we had details. So. Anyway. -- on -- it -- to get yourself. So let's take a look after a report from one of our office and authors."

" So thus far in our PP answers we've only been talking about PP TP or point point tunneling particle EP ends. And while keeping -- is -- insecure. Technology in my experience it does have a few catches. And namely it's traversing firewalls. And legislating from my experience you guys now I'm assisted in my day now this is fund your money hobby but. You know I gotta support a whole bunch users and while we do you use PP TP primarily we you have some please -- to clients sites that are may be secure government facilities and they have some problems. Actually getting a VPN tunnel back through those firewalls. So. In in that instance it's it just led me to talking about as to sell these -- and Mac could speak about this. In great detail he he also supports -- they'll -- again. But no one those pointed out from the gavel that we talked about few episodes ago on them with pointed out from the media a lot emails about. Is this has to sell explorer and I thought that maybe. We could you know talk about this in the evolution -- product and show you how to set it up both on windows and on Linux and she gets and BC usage. I know that's a -- explorer has a lot of people pointed out is actually. Well as is not pointed out SS Alex Horwitz in open source as a cell. BP and technology. That was then acquired by barracuda. And basically stop being maintained but there is a source fork over to the name. I. VPN. -- number of and he can from a prior VP and segment where we actually put together. And open DP and access server one of this product is being called open VPN AL ass or application layer software. And it's basically going to complement the suite of open he can technologies. Along with the access server and there are other network players stuff and it's not really gonna be rolled into it from what I understand reading you know the CEO of a and he can't comment when this. You know when the -- happened it's not really gonna merge into its not gonna. Be brought into the opens you can't access server product. But it is going complement it and it's really good to see them supporting goes -- In getting it to developers on hand because it is a very cool piece of software is merely is. Is well documented as it could be but it is so powerful so let's go ahead and you know if if not really Glock in this so far it I kind came up with a perfect analogy. What the differences between what we're doing before it went atomic particle or even IPSec if you will. And how we're going to be implementing an Asus -- can and the differences. That you know. In SS LB -- you're just using. Your web browser you using you know the certificates that are already built in your browser to go ahead and make it secure connection and you can kind of think of it as the difference between using today. Pop three or I'm up and a standalone client like outlook or thunderbird to connect through email and you know do that securely with. You know with the authentication in and the and the time -- the security whatnot encryption. Or. You could just use Gmail Yahoo! mail whatever and just do the HTTP -- and from any web browser gain access to those resources so. You know that's kind of the idea here is if you were able to see a at your workplace your school where ever get to an HT TPS site so if you can do want that the belonged sort of -- to online banking. Most likely you're going to be able to use -- SS LV PN because all the browser and the only thing required is Java and in some cases not even that. So let's go ahead and talk about how to set this up. On windows XP. So setting up an open he can -- server and windows can be kind of difficult honestly but it's not impossible and can be set up on you know your windows XP. Clients or a windows server 20032000. And whatever. It's actually didn't need a lot easier by Lars Warner actually put together -- SIS installer. Right here and it makes setting this up so much easier all the need to do is make sure that we actually have the Java run time environments and we're gonna go ahead and do this here. On one of our XP PMs. And I'm gonna walk you through it it's really dead simple that -- while one in Linux but. But seriously it's just -- next I agree next install. And once it starts the service we can actually connect to the web interface and go ahead and configure certificate. And this is going to be the same on basically Linux and windows. But eventually this happening here. So here we are and are ghetto browser of choice and will go ahead and create a new certificate. And come up with a pass phrase for that's certificate nothing fancy here. And we'll give it some information so this host -- locals will do for right now. I would get the options you use either active directory or built in authentication and if we were using the -- that actually have the option to do radius. A for the time being let's just focus on the built and and we'll configure our super user and I'm gonna be lame. And use admin as the super user -- is yeah. -- feel -- coming up with anything -- right now. We're gonna go ahead with the default but you'll notice here that airports four point three so if you've got an Internet -- service provider you elect a residential cable modem DSL something like that but actually -- 443 incoming. -- wanna make sure had a time. And change ports accordingly but we're just gonna go with the defaults to make things easy for clients that -- happening coal and whatever after the address. And scale it that's standard HT TPS address. No proxies -- here. And let's go ahead and finish it out and click finish. And down at that time we can exit the installer. And in just a few seconds here. It will actually tell this installation process that we have completed. And we will talk to install as a service. So we can actually use this just like we would any other windows service using service -- C. Which is great because now in control it with you know fire demon or gaming or whatever we've talked about. Ways to have fun with when -- services before in the past. There we go that's completed press any key. We click finish and it's all pretty much set up for us we just come into. A and their Rio can restart the service we can you know find all sorts information go to via the web interface. Now as far as can figure in the system that is nearly identical on Linux or windows so this is the point where we're going to stop with the windows install. And take a quick break and when we get back. We will go through the Linux install and then find out some information about basic usage and actually figuring this that would get and local resources remotely."

" You probably already know they go to assist expressed by some -- is the easiest way to provide instant remote support to clients anywhere in the world. Let's see it in action from my computer and launch go to Estes express and -- the support hero to the life. Click the link and click run and click yes to joint session and back on my computer I'm greeted by the screen taking control the computer mouse and keyboard. That's a -- in just one click I have a thorough PC diagnostics that I can troubleshoot that you see for. Or two clicks reboot their PC in safe mode without ever losing connection and let's face it. That beats the heck I'm driving or flying -- any day. Sign up for your free go to -- express trial go to assist dot com slash Hak5."

" So now let's go ahead and set it on a Linux server. I love we're going to be using but -- actually eight Leo where in this instance and it's the 32 bit edition. And to save some time I've already set up at the end here with it configured as an open SSH server and a lamp server. You know. The Linux and so does make that super simple whatever favorite that's true is I just hadn't yet much setup and let's go and and the rest. So here bash and it's really just a matter of getting a couple of blood tendencies namely we need Java. We need to get sun Java six and the GP case though. Just in the -- here and two apt get -- We need to make sure that we get the JDK. And not the -- up JR -- and justice has had left episodes ago bang bang. I'm always forget -- Through that is an important thing. Now once we've gone ahead and downloaded job and agreed to license and install that we do need to make sure that we set up the home correctly so for that will run export. And in our case it's user live GBM. I Java six on the that may differ depending on what you distribution has and I'm gonna go ahead and also put that in the -- with a slash span and it. Finally will go ahead and verify the version of Java that we are running by issuing Java attacked version. And we can see there that we are using. One point six. There's another dependency that we're going to need and that is amp amp -- is kind of like make up for Java so let's go ahead and get that real quick. So we have our dependence these let's go ahead and download a so we're gonna do that in slash opt. Panel -- and W get it over from a source port. Now all un -- it. Now before we go ahead and saw this we do need to know RIP address because that's how we are going to configure the certificates are real quick. -- I African pig on that 10100197. So keep that in mind. And run pseudo and it install. Now -- at this point we are instructed to go ahead and point our browser over to this -- On port 28080. And that's where we can go ahead and set up the certificate much like we did in the wind is version of this installs so let's go ahead. Over to our when disclaim here and launcher get a browser. And -- greeted by the anti -- installation wizard and much sleep we. Did India. When his version will fly right through this creating -- pass phrase. And setting up or certificate. And we'll go ahead and use the built ten. And set up a lane super user. And the rest are defaults. Now I exit the install and in just a few seconds this will complete installation here on the Linux side. And there we go now we do wanna make sure that this is installed as a service so run every time that the server is booted so for that we run pseudo aunt. Install. Service. And we'll start that and now we can actually start and stop this just like we would any other service pirating spots ETT -- in it but he slash. Now in this case it's a so now let's take a look at some basic usage and how we'll actually use this as a client. So now that we have our Linux server set up let's go ahead and actually configure and connect to it as a client and an analyst to know right off the bat that this is such. A large piece of software with so many intricacies that there's no way that we're gonna cover -- But I'll just go ahead -- basics here in the lead the rescue guys to explore. Now to go ahead and configure this would you just connect to like we said we can -- set it up on port 443 so in this case is just HTTP yes. The IP address and in our get a rather we are a presented with this warning about mr. -- server certificate because we are actually using it self signed certificate. Rather than actually doing had purchasing one from an authority. Let's go ahead and continue. And we set up our user men that they pretty lame password. And from here we can configure the users and the other resource that those users will that have access to you. So I can say we are using the built in authentication into this we're not using radius old anything like that so let's go ahead and create an account so under access controls will click counts and under actions on the right we'll click create -- account. And we're gonna make Bob. And that's his username and his full name is mother didn't love them and let's make him -- dot org. And we haven't actually set up any security groups but that's fine for the time being. Give them a password. We're not gonna force in the changes password. An area it set up Bob. Now let's actually let Bob have access to some resources so what kind of resources we need if you're connecting back here home or small office Lan remote -- Well no administrators would I want access to you. Some of you know. Services -- servers that will tunnel into administer fitness. The users I would character files and I care about getting to some website name got some accounting systems that are using. Apache tomcat. Are now so let's go ahead and give them access to those so under resource is here you'll see that we have. Just web -- and why do we only have. Mike how -- can't see the rest of the because my resolution is too small. He -- in a bump up the end here. While those Palin. Let's say to look at the resource is that we can give you our users. First off it's SSL tunnels. We've actually talked about -- tunneling long ago and act I believe in season for most recently. And this makes it super simple to go ahead and create there's -- on Iraq increase. Click create tunnel and we'll give it a name that's in this case it's actually -- routers we're gonna create NASA so tunnel over to our routers. And the interface for the person connecting is actually going to beat their local host. In this case it is port 222. And on this land that the connecting to its tent and a one. On port to to -- We're going to say that every one. Has access to that. And finish. And in just a minute when we connect over as the client you'll see how we can actually access that lets go ahead and set it to other resources. So on an exit this wizard. And choose the network place a basically a windows samba share so we're gonna go under network places under resources. And click create network place. And we're gonna call this read one. Yes who allowed it favorites. And the path to this. And this is a windows network share. The host will be ten to attend -- to a five. It passes are one. We don't in this instance does our home raid and we actually don't really worry about the authentication here so we'll leave that blank select next we're gonna choose everyone once again. -- but you can have access -- notes Bob. And finish. Exit that wizard. And we're also going to give Bob here access to -- Apache tomcat servers so let's see if I can actually pull that up here. Which one of view is running tomcat. May remember this from a few episodes back. Just need to get his IP here -- 137. Excellent. We're going to create a web forward to that. Now what that means is once Bob connects to the PP end here. He can actually connect to that Apache tomcat server that you know behind the firewall protected and encrypted with this SSL VPN. And there's a few different types of web forwarding that we can you hear the one that we're gonna focus on today is actually called. -- web replacement proxy and what that essentially does is makes the RSS he'll be cancer here actually handle the connection it's going to make the connection on behalf of Bob and then feed it back to Bob. Through its connection it's it's kind of like squid. Kind of that it does catch it let's see here so let's go ahead and create this and caught tomcat. -- that favorites. And in this case it's 1010 -- 131. Pretty sure. 137. HTTP -- us us. 10100137. On port 8080. And we're just gonna select every one. And finish. This was there. Okay and there was one thing I forgot to do here -- that was when it set at the justice O'Connell did not make it a favorite you'll see why that's important minutes got added that it. -- favorite save it there we get so. That's so we need to do to get access to those internal resources on the management side so let's actually take a look at what this experience is going to be like for the client. So. We will actually used the same the end here this when museum. And I'm gonna log out here. And we're gonna pretend we are Bob. And what we'll do is just head over to HT TPS. 10100197. Presented with -- You know log in prompt here we can get that Bob and that -- passcode that we give them. You're -- has been disabled."

" I have to check enabled -- account. See I'm plan right through this and then I missed stupid stuff. Art so let's log in is Bob. And his dumb password. And this is what the users -- with and they can see just you know other favorites they can change their password and it's really simple stuff here. We have access to the raid. So let's take a look at that have a -- raid. And yes we do want to allow pop pops. -- a pop up window here in our browser. And we can actually see all of the different you know with folders and files that are set up on our rate here at the -- counts. You know it's. I don't know five move for. Hand. A look at the wallpaper from episode -- before. You know suffice to say we can. Now we added our files we can upload we can believe we can you know whatever we need to do we've got -- store files here. Through this web interface and that's the nice thing about is there was nothing that we had to install we just went to this web page made that easy. Well what about Asus H tunnel we set that up so that you know as an administrator we can go ahead and get access Tor servers that way. Let's go ahead and act that so from our favorite thing in click brouder. And we're gonna get our job on so yes we're going to accept this job and am we now have access to that routers we can actually pull up -- here and point our local host some port 222 as we set up. Looks and there we -- we can log in it so. And there -- this is actually are smooth oval that is running Internet connection here rat pack house. And let's take a look at one other thing and that would be actually accessing that tomcat server. Oh we have to do is click -- from our favorite here. We'll get a new window. And there we aren't -- in keep in mind. You'll see here were connected to tend to attend -- 197. We're using the replacement proxy engine. And you keep going along the address you'll actually see that connected to you. That internal server. Apache tomcat server so. You know it's it's kind of an interesting way to do Webster re direction and there are a few other ways can handle this is while that are outside the scope of this segment. But I implore you to go ahead and play with this it is such a powerful tool. And I look forward to hearing what kind of feedback you guys have on this 01 other thing releases so cool so. The argument between cancer cell and you know your your typical PP TP or IPSec V in is that. For the clients and you can see how did simple this is I'll have to do is open up the browser go to web page log in and they've got access right through their web browser. To those resources and in a lot of instances they don't even need. Java deal with the needed jobs report was to initiate that that tunnel so that a kid you know tunnel to my local let's actually get as a time when my servers. Which necessary to secure anyway now we're only open -- only were opening a lot less in this instance. But then some people may say well I really would like a dedicated client and there actually is one and this is so nifty. This is from. I'm not even going to try to pronounce this web page but you can grab this here and this is actually a standalone. Java based. Agent that you can use to connect to this and I think probably the log out of the web based ones first. And yes -- we understand we disconnected. But I can go ahead and log in as Bob using the standalone agents here. On HTTP yes. There have a I'm logged in and it. This kind of gives you an idea of how versatile this is if you wanna web client. He got that if you wanna stand on -- you've got that. To very powerful piece of software -- hope this really gives you guys some ideas of how you can use this is tricky circumstances where you've got firewalls that are little prohibitive about what you can access out. The insane if you've got access to online banking -- you can get to any HTTP yes slightly. I even Gmail. In most instances of a -- to get access to this and everything just goes through their makes it super simple set up. So I mean just for the web forwarding alone I think it's an awesome. Awesome -- the use so I'm looking forward to hearing you guys feedback if you have questions you had suggestions. Be sure to hit me up here and Hak5 dot org and -- show notes in the rest of details about this segment and any other segments on this show net over to our site. Hak5 dot org."

" Squarespace is a publishing system for anyone looking to build a blog portfolio or any kind of website. They're unique drag and drop design tool makes it easy for anyone to build a beautiful looking website without any programming required. They're hosting is fully managed C don't have to think about servers are patches. Squarespace just launched a new site importing tool that makes it easier than ever to move your existing website over. They're tool crawls your site preserving all your media on their S three power Baghdad if you use a personal domain you're you're a structures maintained. Meaning your links -- break in here as CEO won't take a dive so if you're already on blogger type pad movable type or any platform that transition will be if he's okay. Trial Squarespace free for two weeks and use code Hak5 to get 10% off the life of your service."

" But just very upset this episode of Hak5 think you get through watching. As always we encourage your feedback so if you like to shoot the letter go ahead do so feedback Hak5 dot org. What you do on the Twitter thing that's -- you can planet's on FaceBook just you know those that would think what you'd like to see. -- let you know about a new show on Revision 3 it's called white checker and it is. So the cover the best of indie video games so you know stuff downloadable for the ex boxer that we where the iPhone that's your sort of thing you're gonna love this show. It airs Thursdays at revision3.com. Slash hijacker. And we have some excellent stuff coming up soon here next week on so we're gonna be talking to him radio operator about them. Packet radio stuff."

" It's going to be a lot of fun and what else. Oh we've got some hardware -- coming up with some and LCD displays and touch screens and and -- at some ridiculous stuff that includes fire if you guys who enjoyed so. Fiesta around we will see you guys so Wednesday's. As always and you know this is if you -- speakers -- need to become might just go ahead pick this up so Garrett dot com -- but they like. Until next time on behalf of -- and time we're reminding you trust your technolust."

" declared corridor and it is difficult and literally into the whole book. You deflator you can stuff and this is the candidate. -- today. Partners when it really just decorate -- 130 where it shouldn't -- reminder. Put on a recent trip we'll. What happened to it but we'll. As long and so now have -- that was doing the deal works -- that couldn't. Wouldn't let you know about and your show on Revision 3 band like -- go ahead now that lays dreams that life is. -- It's green. There you go. And Jersey."