LITTLEBLACKDOG.COM

Cat Chaser Joined: 11 May 2004 Posts: 481

I am trying to build an SSL VPN.

I want to have users go to an HTTPS page and enter their credentials. Once authenticated, the user would have a new browser window opened (a window in a window) where they would be local to the SSL server and could gain access to Intranet web sites.

I am not locked to a specific Distro or Browser.

Any ideas?

Posted: Mon Jan 17, 2005 7:24 pm Post subject:

1 way would to use the pf firewall, then assign a account to the authpf shell and have some webpage use a ssh p1 connection to authenticate through the firewall and load a dynamic ruleset.

Cat Chaser Joined: 11 May 2004 Posts: 481

I found an opensource project that is working on this. It is called ssl-explorer.

They have the source code available so you can port it to whatever system you want. (you have to have J2RE 1.5 also)

They have packaged a windows version and a redhat version. I tried them both and the Windows version seems to be faster. They are functionally identical though.

It is really cool. If you are into this sort of thing, I recommend that you try it out.

It is at www.3sp.com

Posted: Fri Mar 04, 2005 11:24 am Post subject:

ChrisDrass wrote:
It is really cool. If you are into this sort of thing, I recommend that you try it out.

It is at www.3sp.com

Started playing with it today. This is pretty fricken cool. I see alot of potential for this project.

Posted: Sun Mar 06, 2005 7:50 pm Post subject:

Now I started using their SSH client as well. I love it.
http://www.sshtools.com/products/applications/sshterm-pro/sshterm-pro.jsp

Posted: Sun Mar 06, 2005 9:51 pm Post subject:

Chris are you running this on Windows or LInux?

Posted: Fri Jul 15, 2005 11:53 am Post subject:

Just read that SSL-Explorer now has a plugin to allow it to authenticate against the local password file on Unix and Linux systems.

Posted: Wed Aug 23, 2006 9:50 pm Post subject:

There is now a VMWARE Applicance for SSL-Explorer.
http://h0bbel.p0ggel.org/2006/06/28/ssl-explorer-clientless-vpn-via-ssl/

Posted: Tue Oct 10, 2006 8:37 am Post subject:

what about OpenVPN? it uses SSL too
http://openvpn.net/
you can use it in many environments, even via web proxies where you specify web proxy information in your OpenVPN client

Quote:
1 way would to use the pf firewall, then assign a account to the authpf shell and have some webpage use a ssh p1 connection to authenticate through the firewall and load a dynamic ruleset.

I don't think this method encrypts sent data at all, it just uses SSH session for authenticating users and loading per-user firewall rules. so I think it still allows for ip spoofing attacks

Posted: Wed Oct 11, 2006 8:45 am Post subject:

Thanks for bumping the thread. Never heard of SSL-Explorer. Cool stuff.

Posted: Thu Oct 12, 2006 9:14 pm Post subject:

Mahmoud wrote:
what about OpenVPN? it uses SSL too
http://openvpn.net/
you can use it in many environments, even via web proxies where you specify web proxy information in your OpenVPN client

Quote:
1 way would to use the pf firewall, then assign a account to the authpf shell and have some webpage use a ssh p1 connection to authenticate through the firewall and load a dynamic ruleset.

I don't think this method encrypts sent data at all, it just uses SSH session for authenticating users and loading per-user firewall rules. so I think it still allows for ip spoofing attacks

But then you need a client. SSL Explorer doesn't require you to install a client on your computer.