Difference between revisions of "Adito"

From Amahi Wiki
Jump to: navigation, search
 
(111 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
[[Category:Apps]]
 
[[Category:Apps]]
 +
[http://www.amahi.org/apps/openvpn-als OpenVPN Application Layer Software (ALS)], formerly know as Adito, is a web-based SSL VPN server written in Java. It has a browser-based AJAX UI which allows easy access to intranet services.  Once installed and configured correctly, you will be able to access all your server files and the HDA (to include applications) using the FREE dynamic DNS provided by Amahi.
  
OpenVPN Application Layer Software (ALS), formerly know as [http://adito.wiki.sourceforge.net Adito], is a web-based SSL VPN server written in Java. It has a browser-based AJAX UI which allows easy access to intranet services.  Once installed and configured correctly, you will be able to access all your server files and the HDA (to include applications) using https://user.yourhda.com (tested with Firefox and Internet Explorer). 
 
  
=== Web Browser Tip: ===
+
'''NOTE: ''' This [http://dl.amahi.org/SSL-Explorer_Administrators_Guide.zip SSL-Explorer Administrators Guide] may come in handy for those interested in more documentationAlthough this not specifically updated for OpenVPN ALS, it is fairly accurate.
* You will receive a security alert on the first run for Mozilla Firefox or Internet Explorer.  This is no cause for alarmTo prevent this from occurring each time you access Adito, follow the procedures listed below:
 
  
<u>Mozilla Firefox</u> - When the page loads, you will see a pop up stating "adito:4443 uses an invalid security certificate."
+
There is an [http://zhoupenghust.web.officelive.com/project.aspx Adito standalone agent client] for Windows.
# Select Ok and you will see another message, "Secure Connection Failed"
 
# Choose the "or you can add an exception" link at the bottom.
 
# You will then see two choices, "get me out of here!" and "Add Exception..." Select the "Add Exception..." option.
 
# Another box will appear stating "You are about to override how Firefox identifies this site"  Select "Get Certificate"
 
# You will then have an option to "View Certificate" or "Confirm Security Exception" or "Cancel"  Select "Confirm Security Exception"  Ensure the "Permanently store this exception" is checked.
 
# It may take a minute for it to finish, then you should see the login screen.  You won't see invalid security certificate now that you have added the exception.
 
  
<u>Internet Explorer</u> - When the page loads, it will say "There is a problem with this website's security certificate."
+
=== Configuration Options ===
# Select the option "Continue to this website (not recommended)."
+
<u>Router (Settings)</u><br>
# Look for the "Certificate Error" box next to the web page address at the top and select it.
+
In order to use '''<nowiki>https://user.yourhda.com</nowiki>''' (substitute your user name for user) to access Adito VPN from any computer using the web browser, create a Port Forward or Virtual Server ruleThis is a required step for the Map HDA Folders and Apps options to work from outside your network.
# A box will pop up saying "Untrusted Certificate" and select "View certificates"
 
# When the certificate is displayed, you will see it belongs to username.yourhda.comChoose the Install button and a wizard will pop up.
 
# Select Next and ensure the "Automatically select the certificate store based on the type of certificate is chosen and select Next.
 
# Select Finish and a Security Warning will appear stating "You are about to isntall a certificate from a certification authority (CA) claing to represent:  user.yourhda.com".  Select Yes.
 
# It will indicate Finished and choose OK to complete.  You won't see "There is a problem with this website's security certificate" in the future as the site is now a trusted site.
 
  
* Other browsers have not been testedThe procedures will be slightly different for them.
+
On a D-LINK WBR-2310 router, set a Virtual Server setting to forward port 443 public and 4443 private to the HDA server IP address using TCP traffic type.   
  
  
=== Configuration Options: ===
+
<u>Map HDA folders (Network Places)</u>
* <u>Router (Settings)</u>
+
* Login as administrator
** In order to use https://user.yourhda.com to access Adito VPN from any computer using the web browser, create a Port Forward or Virtual Server rule. This is a required step for the Map HDA Folders and Apps options to work from outside your network.
+
* Select Network Places (middle left menu)
** On a D-LINK WBR-2310 router, set a Virtual Server setting to forward port 443 public and 4443 private to the HDA server IP address using TCP traffic type.   
+
* Select Create Network Places (upper right menu)
 +
* Enter desired Name and Description.
 +
* Check Add to Favorites and select Next
 +
* Choose Local File from drop down
 +
* Enter path to the folder you want mapped and select next
 +
* Select Everyone, select Add, and select Next
 +
* Select Finish and select Exit Wizard
 +
'''NOTE:'''  You can add any folder on the server using the steps aboveThe default Amahi folders (Music, Docs, etc) have already been added.
  
* <u>Map HDA folders (Network Places)</u>
 
** Login as administrator
 
** Select Network Places (middle left menu)
 
** Select Create Network Places (upper right menu)
 
** Enter Music for Name and Description.
 
** Check Add to Favorites and select Next
 
** Choose Local File from drop down
 
** Enter path /var/hda/files/music and select next
 
** Select Everyone, select Add, and select Next
 
** Select Finish and select Exit Wizard
 
** Repeat this process for all HDA folders (books, pictures, movies, docs)
 
** You can add any folder on the server using the steps above.
 
  
* <u>Map HDA Apps Option 1 (Web Forwards Tunneled Web)</u>
+
<u>Map HDA Apps Option 1 (Web Forwards Tunneled Web)</u>
** Login as administrator
+
* Login as administrator
** Select Web Forwards (middle left menu)
+
* Select Web Forwards (middle left menu)
** Select Create Web Forward
+
* Select Create Web Forward
** Select Tunneled Web and select Next
+
* Select Tunneled Web and select Next
** Enter HDA for Name and Description.
+
* Enter Application Name and Description.
** Check Add to Favorites and select Next
+
* Check Add to Favorites and select Next
** Enter http://hda for Destination URL and select Next
+
* Enter '''<nowiki>http://application</nowiki>''' (i.e. HDA, Opendb, etc) for Destination URL and select Next.  Applications that use a port other than 80, you need to specify that as part of the URL, for example '''<nowiki>http://application:8069</nowiki>'''
** Select Everyone, select Add, and select Next
+
* Select Everyone, select Add, and select Next
** Select Finish and select Exit Wizard
+
* Select Finish and select Exit Wizard
** Not all HDA apps will work (i.e. phpsysinfo)
+
* Keep in mind not all HDA apps will work outside your network
** This method makes use of Adito Agent (java web agent)
+
* This method makes use of Adito Agent (java web agent)
** Each time the agent is executed, a random port is tunneled (may not work  with firewalled client network)  
+
* Each time the agent is executed, the SSL tunnel uses a random port (may not work  with firewalled client network)  
  
* <u>Map HDA Apps Option 2 (Web Forwards Replacement Proxy)</u>
+
 
** Login as administrator
+
<u>Map HDA Apps Option 2 (Web Forwards Replacement Proxy)</u>
** Select Web Forwards (middle left menu)
+
* Login as administrator
** Select Create Web Forward
+
* Select Web Forwards (middle left menu)
** Select Create Replacement Proxy and select Next
+
* Select Create Web Forward
** Enter HDA for Name and Description.
+
* Select Create Replacement Proxy and select Next
** Check Add to Favorites and select Next
+
* Enter Application Name and Description.
** Enter http://hda for Destination URL and select Next
+
* Check Add to Favorites and select Next
** Select Next
+
* Enter '''<nowiki>http://application</nowiki>''' (i.e. HDA, Opendb, etc) for Destination URL and select Next.  Applications that use a port other than 80, you need to specify that as part of the URL, for example '''<nowiki>http://application:8069</nowiki>'''
** Select Everyone, select Add, and select Next
+
* Select Next
** Select Finish and select Exit Wizard
+
* Select Everyone, select Add, and select Next
** Not all HDA apps will work (i.e. phpsysinfo)
+
* Select Finish and select Exit Wizard
** There is no port restriction (uses 443).
+
* Keep in mind not all HDA apps will work outside your network
 +
* The Adito Agent is not used, so the SSL tunnel uses only port 443.
 +
 
 +
== Remote Desktop (RDP) Through OpenVPN ALS (Adito) ==
 +
Download the RDP extension from [http://lars.werner.no/adito-application-advancednativerdpwin32.zip here] and leave it as a .zip file to upload the extension.
 +
=== Credit Due ===
 +
Nearly all of these instructions are taken from [http://lars.werner.no/?p=640 the work of Lars Werner].  His website has images as well and may be a better source of instruction.  These notes are included here so that this hard-to-come-by information is not lost.  If you go there, start on "Step 2."
 +
 
 +
=== Installing the RDP extension ===
 +
The Adito client can publish software to download and execute.
 +
Typical portable software is preferred, since clients does not always have registry write access.
 +
 
 +
The RDP Extension uses the RDPsso.exe command from Microsoft and is based on the old less secure RDP.  But you are connecting through a SSL encrypted tunnel, so it is considered “safe”.
 +
 
 +
If you are not in managementconsole press the changebutton now (Third icon from the left located in the upper right of the Adito screen.  If it says "Management Console" when you mouse over it, you need to click it to change into Management mode.)
 +
 
 +
* Press “Extensions” in the “Configuration” tab (Left side menu)
 +
* Then press the “Upload Extension”.  (Upper Right menu)
 +
* Press the Browse-button and select the adito-application-advancednativerdpwin32.zip file, press “Upload”
 +
 
 +
 
 +
'''NOTE:'''  The upload may take some time.  Be patient.
 +
 
 +
You should now have the Microsoft RDP client installed
 +
 
 +
=== Creating an Application ===
 +
 
 +
* Select “Application” under the Resources section of the Left Menu.
 +
* Press the “Create Application shortcut” (Upper Right corner)
 +
* <u>Step 1: Application Extension.</u>  Select the RDP application. Press "Next."
 +
* <u>Step 2: Application Details.</u> Input the name for the client computer to which I wanted to connect and give it a short description.
 +
* <u>Step 3: Application Options.</u> Input the local ip address for that client under "hostname" (e.g. 192.168.1.x or whatever it is in your network) and leave everything else the same.  The default RDP port is 3389 and is usally left alone.
 +
::(Note: You aren’t restricted to local-ips or -hosts here, you can also use internet hosts. Some people use the Adito server as the only entrypoint on their firewall)
 +
* Press next
 +
* <u>Step 4: Application Shortcut Policy Selection.</u>  Click on "Everyone" in the left list and then click on the "Add" button. This gives permission to use the application to all users in the Everyone group.
 +
* Press next and look over the summary, then press Finish.
 +
 
 +
 
 +
You have now published an app called whatever you called it in Step 2 to the group “Everyone”.
 +
That means that every user that you have, will gain access to this app.
 +
You can create as many applications as you need, just repeat the wizard
 +
 
 +
=== Java Security Considerations for RDP ===
 +
Before connecting to the RDP from a remote pc, you will need to add an exception to the remote pc's Java's URL Exception List to get passed the errors. Here is how in windows:
 +
 
 +
* Go to the Java Control Panel (On Windows Click Start and then Configure Java)
 +
* Click on the Security tab
 +
* Click on the Edit Site List button
 +
* Click Add in the Exception Site List window
 +
 
 +
 
 +
Add url to Exception Site list
 +
Click in the empty field under the Location field to enter the URL
 +
The url to be added is the dns domain (whatever.yourhda.com)
 +
 
 +
=== Another RDP Extension (Cross-Platform) ===
 +
Here is another collection of RDP extensions that may fit your preferences better.  Once can upload and configure these extensions almost exactly like the above.
 +
 
 +
http://waldemar.schlackow.de/node/10
 +
 
 +
== Troubleshooting: ==
 +
* "This Connection is Untrusted" in FireFox or "There is a problem with this website's security certificate." in Internet Explorer, there is no cause for alarm.  Follow the guidance [http://wiki.amahi.org/index.php/Browser_Tip here].
 +
 
 +
* Application does not start automatically.  enter the following in terminal as '''root''' user:
 +
 
 +
ant -f /var/hda/web-apps/adito/server/build.xml start
 +
 
 +
Once it says "Adito started successfully" give it a a minute or so before trying to access it with your web browser.
 +
 
 +
 
 +
'''Reference:'''  [http://www.howtoforge.com/installing-adito-openvpn-als-on-centos Installing Adito (Open VPN ALS) on CentOS]
 +
<!--* Enable application autostart on boot, enter the following in terminal as '''root''' user:
 +
 +
cd /var/hda/web-apps/adito/server/
 +
ant install-service
 +
service adito start
 +
 
 +
This will create a service that will start upon reboot.  To remove the service, change the second line to read:
 +
 
 +
ant uninstall-service
 +
 
 +
This will be necessary if you uninstall the application.
 +
 
 +
* Fedora 12 64-bit error message "/lib/ld-linux.so.2: bad ELF interpreter: No such file or directory" then do the following:
 +
 
 +
yum install glibc.i686
 +
 
 +
This may add several libraries but seems to correct the problem with the missing file.
 +
 
 +
 
 +
* Error message "Invalid Credentials" then follow the fix below.
 +
 
 +
# Open terminal
 +
# vi /var/hda/web-apps/adito/server/conf/wrapper.conf.base
 +
# Locate the line that reads '''#wrapper.java.additional.2=-Dfile.encoding=UTF-8'''
 +
# Remove the # and save
 +
# Enter ant -f /var/hda/web-apps/adito/server/build.xml start
 +
 
 +
 
 +
* http://hda/ it redirects to https://hda.server.home:4443/showLogon.do and presents me an Adito vpn login screen.  Open terminal and become root user, the do the following:
 +
 
 +
# ant -f /var/hda/web-apps/adito/server/build.xml stop
 +
# service httpd restart
 +
# ant -f /var/hda/web-apps/adito/server/build.xml start
 +
 
 +
This issue occurs infrequently.  Once it can be narrowed down to a cause, a fix will be implemented.-->

Latest revision as of 00:28, 28 March 2017

OpenVPN Application Layer Software (ALS), formerly know as Adito, is a web-based SSL VPN server written in Java. It has a browser-based AJAX UI which allows easy access to intranet services. Once installed and configured correctly, you will be able to access all your server files and the HDA (to include applications) using the FREE dynamic DNS provided by Amahi.


NOTE: This SSL-Explorer Administrators Guide may come in handy for those interested in more documentation. Although this not specifically updated for OpenVPN ALS, it is fairly accurate.

There is an Adito standalone agent client for Windows.

Configuration Options

Router (Settings)
In order to use https://user.yourhda.com (substitute your user name for user) to access Adito VPN from any computer using the web browser, create a Port Forward or Virtual Server rule. This is a required step for the Map HDA Folders and Apps options to work from outside your network.

On a D-LINK WBR-2310 router, set a Virtual Server setting to forward port 443 public and 4443 private to the HDA server IP address using TCP traffic type.


Map HDA folders (Network Places)

  • Login as administrator
  • Select Network Places (middle left menu)
  • Select Create Network Places (upper right menu)
  • Enter desired Name and Description.
  • Check Add to Favorites and select Next
  • Choose Local File from drop down
  • Enter path to the folder you want mapped and select next
  • Select Everyone, select Add, and select Next
  • Select Finish and select Exit Wizard

NOTE: You can add any folder on the server using the steps above. The default Amahi folders (Music, Docs, etc) have already been added.


Map HDA Apps Option 1 (Web Forwards Tunneled Web)

  • Login as administrator
  • Select Web Forwards (middle left menu)
  • Select Create Web Forward
  • Select Tunneled Web and select Next
  • Enter Application Name and Description.
  • Check Add to Favorites and select Next
  • Enter http://application (i.e. HDA, Opendb, etc) for Destination URL and select Next. Applications that use a port other than 80, you need to specify that as part of the URL, for example http://application:8069
  • Select Everyone, select Add, and select Next
  • Select Finish and select Exit Wizard
  • Keep in mind not all HDA apps will work outside your network
  • This method makes use of Adito Agent (java web agent)
  • Each time the agent is executed, the SSL tunnel uses a random port (may not work with firewalled client network)


Map HDA Apps Option 2 (Web Forwards Replacement Proxy)

  • Login as administrator
  • Select Web Forwards (middle left menu)
  • Select Create Web Forward
  • Select Create Replacement Proxy and select Next
  • Enter Application Name and Description.
  • Check Add to Favorites and select Next
  • Enter http://application (i.e. HDA, Opendb, etc) for Destination URL and select Next. Applications that use a port other than 80, you need to specify that as part of the URL, for example http://application:8069
  • Select Next
  • Select Everyone, select Add, and select Next
  • Select Finish and select Exit Wizard
  • Keep in mind not all HDA apps will work outside your network
  • The Adito Agent is not used, so the SSL tunnel uses only port 443.

Remote Desktop (RDP) Through OpenVPN ALS (Adito)

Download the RDP extension from here and leave it as a .zip file to upload the extension.

Credit Due

Nearly all of these instructions are taken from the work of Lars Werner. His website has images as well and may be a better source of instruction. These notes are included here so that this hard-to-come-by information is not lost. If you go there, start on "Step 2."

Installing the RDP extension

The Adito client can publish software to download and execute. Typical portable software is preferred, since clients does not always have registry write access.

The RDP Extension uses the RDPsso.exe command from Microsoft and is based on the old less secure RDP. But you are connecting through a SSL encrypted tunnel, so it is considered “safe”.

If you are not in managementconsole press the changebutton now (Third icon from the left located in the upper right of the Adito screen. If it says "Management Console" when you mouse over it, you need to click it to change into Management mode.)

  • Press “Extensions” in the “Configuration” tab (Left side menu)
  • Then press the “Upload Extension”. (Upper Right menu)
  • Press the Browse-button and select the adito-application-advancednativerdpwin32.zip file, press “Upload”


NOTE: The upload may take some time. Be patient.

You should now have the Microsoft RDP client installed

Creating an Application

  • Select “Application” under the Resources section of the Left Menu.
  • Press the “Create Application shortcut” (Upper Right corner)
  • Step 1: Application Extension. Select the RDP application. Press "Next."
  • Step 2: Application Details. Input the name for the client computer to which I wanted to connect and give it a short description.
  • Step 3: Application Options. Input the local ip address for that client under "hostname" (e.g. 192.168.1.x or whatever it is in your network) and leave everything else the same. The default RDP port is 3389 and is usally left alone.
(Note: You aren’t restricted to local-ips or -hosts here, you can also use internet hosts. Some people use the Adito server as the only entrypoint on their firewall)
  • Press next
  • Step 4: Application Shortcut Policy Selection. Click on "Everyone" in the left list and then click on the "Add" button. This gives permission to use the application to all users in the Everyone group.
  • Press next and look over the summary, then press Finish.


You have now published an app called whatever you called it in Step 2 to the group “Everyone”. That means that every user that you have, will gain access to this app. You can create as many applications as you need, just repeat the wizard

Java Security Considerations for RDP

Before connecting to the RDP from a remote pc, you will need to add an exception to the remote pc's Java's URL Exception List to get passed the errors. Here is how in windows:

  • Go to the Java Control Panel (On Windows Click Start and then Configure Java)
  • Click on the Security tab
  • Click on the Edit Site List button
  • Click Add in the Exception Site List window


Add url to Exception Site list Click in the empty field under the Location field to enter the URL The url to be added is the dns domain (whatever.yourhda.com)

Another RDP Extension (Cross-Platform)

Here is another collection of RDP extensions that may fit your preferences better. Once can upload and configure these extensions almost exactly like the above.

http://waldemar.schlackow.de/node/10

Troubleshooting:

  • "This Connection is Untrusted" in FireFox or "There is a problem with this website's security certificate." in Internet Explorer, there is no cause for alarm. Follow the guidance here.
  • Application does not start automatically. enter the following in terminal as root user:
ant -f /var/hda/web-apps/adito/server/build.xml start

Once it says "Adito started successfully" give it a a minute or so before trying to access it with your web browser.


Reference: Installing Adito (Open VPN ALS) on CentOS