Help me to help you
By buying a cert together Adito will be alive much longer!
Please see this post to understand and how to donate!
About
Adito is an open-source, browser-based SSL VPN solution. It’s a remote access solution that provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.
Background
This is the open-source clone of SSL-Explorer after it went biz-o-matic.
Windows installer (download links below)
My contribution to this project is a Windows-installer, check old version here, if you are looking for the updated SVN-version download here
Please note that the SVN-version is only supported on Java run time 1.8! Older version require Java run time 1.7 or older.
Step-by-step guides
There are now three guides written by me on the topic.
- Scroll down on the installer page for installation-tips
-
Scroll down on this page for a simple demonstration of a port-forward
-
NEW! Practical RDP guide here
-
Read the guide on running the Java 7 version 51
What the buzz about?
Pictures says more than words so please take a look in the pictureseries with description below.
You are first presented with a login window:
After successfully logging in you are at the main window
Usally the SSL Tunnel are common used. This technique open a port locally and forward it throught the server and to your destination.
In this example we create a port forwarding on port 4040 locally requests to google.com on port 80 (www-default-port)
After the creation we start the Agent. This is the software you run in the remote location straight from the browser. Since it uses default-java you would find access almost everywhere.
My rule is; if you can connect to your bank you can use Adito 😉
When it has launched you got a new little man-like icon in your sys-tray
By right-clicking on the agent you will find items you have configed on the server. In our case the tunnel “Test” is available
When the tunnel is activated the agent notify you and we are ready to use it
Now for some magic 🙂 Connect to google through your server
As you can see this is pretty easy to use and manage a great product!
Check out the new guide on setting up RDP here
Sorted my problem out. Originally I had published the website using ISA (2006) as a web server on port 8443. I have 3 SSL websites running on my external IP 443, 444 and 8444 (all going to the same webserver too – you *CAN* do this with M$ but that is another story…) Anyway, It seems that I needed to create a non-webserver rule with a new filter type that listened only on port 8443 (inbound TCP only). This has cured the agent launching – I can now launch internal or external.
The problem with this approach is that the JAVA agent throws up an issue saying that the *.mydomain.net is an invalid certificate. Obviously it isnt and I suspect that this has to do with the nonwebserver forward not carrying the original client domain request through (hence the webserver will only see the ip address forwarded by the ISA server). I may make a man-in-the-middle type certificate between the ISA server and webserver based on its IP address to see if this cures it.
Now onto mapping drives (if it can be done).
Robert:
Make sure that you make a clean install into a new directory.
The uninstall does not handle Adito-directories in “policies directories” etc, so a search for adito after uninstall could be needed.
Make sure that you login to the system as superuser (first user you created through config). Check also “Access Rights” tab for “Resource right” policy, you could “lock” superuser out of creating stuff through that.
Under Resources (under the management console) I only have Network Places and Profiles. There is no Web Forwards, Applications, or SSL Tunnels. I have tried uninstalling and reinstalling several times. I would appreciate any help.
I have it set to “allow connection” – purely because I didnt want to lock myself out before I got everything working!
The actual login and “network places” links work perfectly internally I can use the IP address, netbios name or go external with the external domain name and all will work. It works external to the building (via 3G disconnected from the local network). Integration into active directory works perfectly. It is the “launch adito agent” that wont launch – which is a pain since that is the main reason for me wanting this (I plan to map drives somehow).
Anyway, I will continue and if I find a solution post it here. Thanks for the help in any case!
Hello KK20,
Did you check to make sure the setting “INVALID HOSTNAME ACTION” is not set to close connection immediately?
Works a charm, apart from…. I cannot get the Adito Agent to launch from a client. If I use 127.0.0.1 on the server then the agent does launch but fail to connect after “synchronizing”. If I use the server name or IP on the server then it fails in the same way as if I was on a client.
Java error:
load: class com.adito.agent.client.launcher.AgentLauncher not found.
java.lang.ClassNotFoundException: com.adito.agent.client.launcher.AgentLauncher
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection failed:https://10.1.1.253:8443/fs/apps/adito-agent/com/adito/agent/client/launcher/AgentLauncher.class
at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
… 7 more
Exception: java.lang.ClassNotFoundException: com.adito.agent.client.launcher.AgentLauncher
Any ideas? Ive had a hunt around google but I havent found anything yet.
Michael:
You should install the adito-server on a “dummy computer” and play around with it. Trial and error is your friend 😉
The system only has one “superuser” as far as I know. But hey I’m not a superuser, hehe
Here is how I’ve done it for other admins (without AD):
1. Create a Policy called “Admins”
2. Do not add superuser, but all other admins to the policy
3. Go to the “Access Rights” tab and create a new “Resource Right”
4. Add all available rights
5. Add “Admins” policy in the “Policy” tab and save.
Please let us know if that also works with the AD integration.
gconcepts:
You are not the first one to ask that question, please see http://sourceforge.net/projects/openvpn-als/forums/forum/824507/topic/3492047
Is it possible to have Adito agent run on windows mobile 6.5?
I’m completely stumped on this one. I need to set up someone else as SUPERUSER besides myself. I’m at a complete loss. I’m sure it is in a config file somewhere or something, but for the life of me, I cannot find it.
We’re using AD integration, and my login is fine as SuperUser, but I need to get my boss as that as well (in addition to me). Is this even possible?
Thanks in advance
Thank you so much for this application.
I had a problem with a machine that refused to install SSL EXPLORER.
Then i found this software.
Excellent stuff man. Thank you !
Hi
I am looking for similar requirement Paul had mentioned. I need to have a full access to the LAN using adtio ssl access. Could any one suggest me how to do this or any other open source free software?
Please reply
Thanks,
Siva
Sadly,
it looks as though this great piece of software is gonna slowly be laid to rest. openvpn have made no attempt to bring the project forward and have decided to concentrate on their openvpn access server (which involves and openvpn client being installed from a web portal)
I will cling onto adito (nee sslexplorer) for as long as i can as it’s got me out of a mess on many occassion and has gone through every corporate firewall i have tried and didn’t upset any installation policies.
i do hope that somebody takes this great piece of software on and brings it more forward than it is (perhaps to the point it was in sslexplorer with drive mappings etc)
Hi,
Is there a full SSL-VPN extention like a network connector or agent that provides full access to connected user to the LAN? or how do I configure a full tinnel not a single port ot port.
2nd On SSL-Explorer there was a Network Map Drive (when user logs in a network drive is automatically mapped like X: that points to an internal Server share)extention does somebody knows if it’s still out there somewhere?
Anyone know if there is a 64bit Adito Agent available anywhere?
Brian:
Sorry no, I don’t have time to mess with java these days. So I’ve made the installer scripts public to everyone. If someone picks up the ball and create a build of the svn-release the timeout bug will be fixed.
Meanwhile you can reinstall to reset it (without generating new certs ect).
Lars,
Do you have or can you make an installer that has a version of openvpn-als compiled with agent timeout bug fix (the one in src\com\adito\properties\forms\AbstractPropertiesForm.java)?
Gconcepts:
After you install the extension it becomes available as a application to deploy to users. The WinUtil app was made as an example for how you can manage the XML-file. You have todo xml-editing and do some testing to make the extension work as you like.
As for the USB-token thingy you are speaking of, it is unknown to me. But the SSL Explorer Enterprice had a one-time-code by SMS (cellphone) system. That worked quite good. Since Open VPN ALS is based on SSL Explorer community edition non of these features are present.
You can turn on the 5 questions after password was written as a extra “security”.
Also Large,
How do I configure Adito to require clients to have a certain kind of USB token before accepting connections. That is a user must have some kind of security token on a USB stick besides regular password authentication.
thanks
hello Large,
Thanks for your swift response. So i have a portable application like Clamwin Virus scanner. How do I install that into Adito. Also, how do i use the winutil you provided? sorry i’m a noob at this.
thanks
GConcepts:
First check if the software can run as a portable application. If so check out the existing package, WinUtil: http://lars.werner.no/WinUtil.zip
The XML-file shows how you can create your own simple applications. There are other extensions that you can look at here: http://lars.werner.no/?p=190