Hak5

Hosted by Darren Kitchen and Shannon Morse. New episodes Tuesdays.

Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a... Read More

Build a free SSL VPN on Linux or Windows

Tuesday, September 29th, 2009 – running time 30:02

This time on the show, bypass restrictive firewalls with a free and open source virtual private network server for Windows and Linux that will have you connecting back to the home or office with just a web browser!

Show notes

SSL VPN Introduction and Windows Setup

Thus far we've only spoken about implementing Virtual Private Networks using Point-To-Point Tunneling Protocol. While PPTP is a ok protocol for secure tunneling, at least in my experience it comes with a few gotchyas. Namely firewalls.

VPNs based on Secure Sockets Layer or SSL technologies are less encumbered by these restrictions. Certificates are already in the browsers and there is often no software to install. Secure, Easy, Versatile.

You can think of SSL VPNs as the Webmail of email. Rather than setting up a dedicated client like Outlook or Thunderbird to use POP3 or IMAP4 we'll be using our web browser to access an https site.

SSL Explorer is a web based SSL VPN server. The technology was acquired by Barracuda Networks. Project named OpenVPN Application Layer Software (OpenVPN-ALS)

Windows Install

Can be sorta tricky so Lars Werner made an awesome installer using NSIS-Installer. Make sure you have the latest Java JRE.

Download, Run, Next, next, next, install, next, Create certificate, Install Service, browse to https://server:28080 from client, Login as admin and follow the certificate creation wizard.

System Configuration is basically the same on Linux or Windows.

02:23 | Play

SSL VPN Linux Setup and Basic Usage

Begin by setting up a LAMP and OpenSSH server. In this segment I used Ubuntu Server 8.04 32-bit.

Install Java JDK and configure paths.

sudo apt-get install sun-java6-bin and sun-java6-jdk
export JAVA_HOME=/usr/lib/jvm/java-6-sun
export PATH=$PATH:$JAVA_HOME/bin
java -version

Next install ant, which is kinda like make for Java.

sudo apt-get install ant

Then in /opt go ahead and download and install OpenVPN-ALS.

cd /opt
wget http://downloads.sourceforge.net/project/openvpn-als/adito/adito-0.9.1/adito-0.9.1-bin.tar.gz (note: at time of writing this was the latest version.)
sudo tar zxvf *.gz
cd adito-0.9.1/
ifconfig (remember this IP, you'll need it in a minute)
sudo ant install

From a browser go to http://:28080 and run the certificate wizard.

Once the wizard is complete the installer will finish. Now we'll install OpenVPN-ALS as a service.

sudo ant install-service
sudo ant start

At this point we can stop and start the service using /etc/init.d/adito stop|start|restart.

You can now browse to the server's IP on the port you configured in the setup wizard (default is 443 so simply prepend the IP by https://). Login with the super user account and you'll be greeted by a management GUI. From here you can create accounts, groups, policies, and add resources. In this segment I configured an SSL Tunnel, a Network Place, and a Web Forward. For more details on configuration I advise consulting the SSL-Explorer Admin Guide (Zipped PDF). While the name has changed most of the functionality is the same. You may find additional documentation at the OpenVPN ALS forums.

10:29 | Play

Connect with Hak5

About the Show

Details
Show Title:
Hak5
Description:
Hak5 isn't your typical tech show. It's hacking in the old-school sense, covering everything from network security, open source and forensics to DIY modding and the homebrew scene. Damn the warranties, it's time to Trust your Technolust.
Categories:
How-To & DIY, Technology & Gadgets
Launch Date:
Sep 7, 2008
Episodes:
Credits