Adito (Now called OpenVPN ALS) – Lars Werner

Adito (Now called OpenVPN ALS)

 

About

Adito is an open-source, browser-based SSL VPN solution. It’s a remote access solution that provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.

Background

This is the open-source clone of SSL-Explorer after it went biz-o-matic.

Windows installer (download links below)

My contribution to this project is a Windows-installer, check old version here, if you are looking for the updated SVN-version download here

Please note that the SVN-version is only supported on Java run time 1.8! Older version require Java run time 1.7 or older.

Step-by-step guides

There are now three guides written by me on the topic.

1. Scroll down on the installer page for installation-tips

2. Scroll down on this page for a simple demonstration of a port-forward

3. NEW! Practical RDP guide here

4. Read the guide on running the Java 7 version 51

What the buzz about?

Pictures says more than words so please take a look in the pictureseries with description below.

You are first presented with a login window:

Login window

After successfully logging in you are at the main window

Main Window

Usally the SSL Tunnel are common used. This technique open a port locally and forward it throught the server and to your destination.

In this example we create a port forwarding on port 4040 locally requests to google.com on port 80 (www-default-port)

Create SSL Tunnel

After the creation we start the Agent. This is the software you run in the remote location straight from the browser. Since it uses default-java you would find access almost everywhere.

My rule is; if you can connect to your bank you can use Adito 😉

Agent launching

When it has launched you got a new little man-like icon in your sys-tray

Agent in systray

By right-clicking on the agent you will find items you have configed on the server. In our case the tunnel “Test” is available

Agent options

When the tunnel is activated the agent notify you and we are ready to use it

Agent SSL Tunnel open

Now for some magic 🙂 Connect to google through your server

Surfing through SSL Tunnel

As you can see this is pretty easy to use and manage a great product!

Check out the new guide on setting up RDP here

 Posted by at 13:51:53

  132 Responses to “Adito (Now called OpenVPN ALS)”

  1. Hi, I just installed adito on my win7 x64 box. I can’t get the Adito agent to start getting the error on client browser: “Adito Agent failed connect”. On the adito server Log file I see this error: “ERROR RegisterClientSynchronizationAction – Registration of agent did not occur when the specified timeout of 60000ms”. I get the error when I connect to adito from either my win7 box or my laptop. Windows firewall is turned off on win7 for my tests. I have the same installation on my Win2003 server without any issues on that installation. What is wrong with my win7 adito installation ? How could I resolve the agent? If not possible is there another way with adito to open RDP session without the agent ?
    regards
    Fred

    • Hi Frederic,

      You need to use a 32-bit browser and 32-bit jvm on the machine you are connecting from (client).
      I have tested Adito on my Win7 x64 box and everything works as expected here (server).

      If you have any 64-bit java installed or similar, please remove it and reinstall 32-bit (both).
      Also try to reinstall Adito on a different port, for instance 8181 and see if you get correct results.

      Regards. Lars

      • I use 32 bit browser for sure, but how can I make sure I use Java 32 bits? For the moment my 2 client machines have java\jre7 in Program Files (x86) folder , and a Java(32 bits) icon in control panel. which I assume is 32 bit,. What do you mean by reinstall 32-bit (both), both ? You mean on both server and clients ? Is there a diffrence between JRE and JVM ? Thanks Fred

        • After checking I’m using 32 bits Java and browser. I’m using latest java runtime on both clients and server. I’ve tried reinstalling Adito on 8181 port, I’m still getting Adito Agent Failed Connect error. On server config I’ve tried using IPv6 interfaces along with ipv4, when I select use all interfaces (including ipv6) I can’t even connect to the server it says IP adress is not allowed: so in order to be able to connect to adito I need to select only the 2 ipv4 interfaces 127.0.01 and the 192.168.0.2 which is the adress my router assign to this computer. Maybe my problem is related to that(?) I’m at a dead end right now there is no way I can start a Adito Agent session on that server. This is the last program I need to migrate to my windows box for me to decommission my old win2003 server box. Is there an alternate way I could connect RDP to my private network from the internet with SSL port forwarding.
          regards
          Frederic

          • If you don’t want to use more time on Adito, then i could suggest Cop Ssh from itfix.no. It will require you to setup a ssh server and use a ssh client like putty and create your own port forwards. It works, but isn’t practical. Maybe check out the java controlpanel and see if there are any options to “looseup” something, since it fails. Did you try to run the adito directly from java (shortcut in startmenu)? It could provide info on what happens on the w7 side. Also try to disable UAC, it could block…

          • User Access Control cannot be disabled but it’s set to never notify. I tried java security settings in control panel set to low, still same error. As for running adito from shortcut menus, those apps starts comand prompt, then press any key to continue and it closes the prompt. I may look into copssh, but I’m not sure I want to get into those complicated configs. I will try to make Adito agent to work with hopefully some help here, if not I might look into other plans, one of those might be keeping the win2003 box only for my RDP access, which would be quite annoying to me. I really don’t get it why I can make this thing work in win2003 but not in win7. Will try adito server on my laptop to see if my problem is related to Windows7 OS or my Win7 Box installation in my basement,ohh well 🙁

          • Same problem on adito server installation on my laptop (win7 x64), so the problem is not related to my win7 box, but it seems with win7 (or 64bits?) – I’m out of clue now

  2. Now it’s permanently disabled; I actually opened the db file in Wordpad and saw that I named that superuser “super” and now I remember the password, but it’s too late as the account is disabled. I did see a post on how to remove the lock with sqltool, but it’s way over my head and using HeidiSQL tool I didn’t understand the settings needed to connect to the db and remove that lock.

    Secondly, I tried to install Adito on WHS 2003, and everything seems to work fin until the final push on “NEXT” wher the browser opens, says it’s “installing.. please wait” and it just hangs there. Neither that nor the DOS window ever changes past those prompts and I have to end up hitting a CTRL-C to break out of it, after which the service can’t be started. I have a feeling that some of the services on WHS are interfering or causing a problem..

    • Hi Teredactle,

      I recently helped a friend out with the exact same problem 🙂
      The site you referred to was this http://sourceforge.net/apps/trac/openvpn-als/wiki/database_management right?
      You can use a GUI that makes this operation much easier.

      Steps for total reset your password:
      1. Download the RazerSQL: http://www.razorsql.com/download.html
      2. While it is downloading, stop Adito and edit %adito_home%\system.properties, set adito.hsqldb.tcpipServer=true
      3. Start Adito, check with “netstat -a” that port 9001 is open (if not, did you save the config before starting Adito?)
      4. In RazerSQL do the following:

      Press: Connections -> Connection
      Select: HSQLDB / HyperSQL
      *JDBC (HSQLDB Server)
      Fill out following
      Profilename: Adito (or whatever you like)
      Driver version: 1.8
      Login: SA
      Host: localhost
      Port: 9001
      Database name: explorer_configuration

      5. Connect, find the “ATTRIBUTES” database and delete any attribute_name=aditoUserEnabled set to false on your username
      6. If you need to update your password execute the following query: update users set password=ENCPASSWORD(‘qwerty’) where username=’yourusername’;

      Hopefully that will get you on-the-go.

      Regarding the installation on a WHS 2003.
      I don’t know why it hung, but try to reinstall java (32-bit) and restart installation.
      It could the restrictive Internet Explorer profile that is enabled by default causing the trouble.
      A good try is to install another browser, Firefox, Chrome etc and set is as default while you install.

      Cheerio,
      Lars Werner
      http://lars.werner.no

  3. Oh boy, I need to move Adito to another machine, however I don’t remember my superuser login password, OR the actual login name. If I recall correctly, the super user account name is “super” and this cannot be changed right?

    I’ve been trying using “super” to log in and several passwords that I thought I used, but it gets locked out and then it says it’s disabled (resetting itself).

    Which is the actual file that contains just the users? I’d like to reinstall and just keep the new users database, that way when I copy all the old files with the settings/plugins/etc.

    TY

  4. Do we need to create separate tunnels for each destination port on Adito server. For E.g If i have to accesses my home PC (Adito server) on multiple ports say 2010-2030 using telnet from my office lapy. Do i have to create separate tunnels for each of these ports and open each tunnel from my office Laptop ?

    • Hi Rahul

      I suggest that you create a SSH-server on your machine and uses Adito to reach that.
      That way you can port yourself out as you like, that requires only one port.

      Adito only needs 1 port open the HTTPS (port 443) or any other port you selected when installed to be reached.
      The client route everything through port 443 afterwards.

      -Lars

  5. I have been using SSL Explorer for many years, but run into problems with windows7. I have now installed Adito with your installer. First problem is with extension manager: link results in a new window, trying to access ‘localhost’. Where is the URL for the extension manager set?

    Regards, Pete

  6. Just wondering if anyone has used this with Active Directory? I got it up and running, but when I create new user’s accounts in AD it will not allow them to log in through adito. Gives Invalid Credentials message everytime.

  7. 1. what does look like your environment, and where do you place the server wich is running adito.
    (in DMZ,) or is it a domain machine?

    2. is it also possible to use this application to connect to your company network and you can reach shares etc?>
    We are now using a PPTP VPN client wich i want to replace.

    3. what is the best os to install this on? I prefer Windows product, but is see verry often ubuntu/linux?

    • Hi Hans, I’ll answer briefly:
      1. Server running Adito can be on DMZ or just port 443 (or whatever you like) as a forwarded port. It only require one port.
      2. The Adito-client is a java-based VPN-client, and yes you can reach shares ect…
      But if you want to use it commercial, and need a stable system check out SSL Explorer ancestor: http://www.barracudanetworks.com/ns/products/sslvpn_features.php
      3. Adito is java-based and runs on any x86-java-environment.
      I created the installer because I wanted an easy windows-install, but on high amount of users I prefer to run it in Linux.

  8. Hello

    i’ve a question,

    it is possible to open a openvpn connexion using adito ssl tunnels ?

    because i need to sync windows AD through proxy.

    Thanks

  9. Is there a way to get all web traffic to pass through the SSL tunnel? I have used web forward and setup a replacement proxy. works great for the site setup. and you can edit the link name in the redirect address but would be nice if you could just setup the link then with the open browser type a site or use your favorites.

    • I suggest that you run a SOCKS server on the Adito server.

      A simple & free one is this: http://sockspuppet.com/
      Remember to block 1080 incomming connections from the internet while using this, it has no security.

      Create a SSL tunnel with following parameters:
      Source port = 1234
      Destination host = localhost
      Destination port = 1080

      Then setup your webbrowser to use socks server with host: localhost and port: 1234.
      (PS: If you didn’t autostart the SSL tunnel, it need to be opened on the Adito client).
      If you don’t know howto, check out this: http://www.ehow.com/how_5598384_configure-browser-use-socks-proxy.html

  10. How I can upload multiple files using network resources ?
    I can do this using a ftp server on the adito server, but how to do the same using CIFS/SMB ?

    Thanks
    Chris

  11. Hi,

    Is it possible to edit the webpage layout and if so can this be done in dreamweaver?

    thanks

  12. it certainly doesn’t need rw to AD. create a read only account on AD and use that for authentication. it works, i use it.

  13. I need to move the ADITO VPN from one computer to another. What is the best way to do this and keep all the settings? Can I just install adito on the new computer (win2003R2) and then just copy the whole adito folder and subfolder from the old comptuer (XP) to the new one?

    Would appreciate thoughts on this.

    Thank you!

    • In theory it should work 🙂
      Make sure that you stop the service before you overwrite the existing on the new one.

      If it fails:
      Under the db\ directory you have a HSQL-database that stores everything, you could try to just replace that one (+ the extension files) that you got.
      Make sure that you install in the same directory structure that you did before, eg: C:\Program files\Adito

      Let me know if you got it running. Any errors can be seen by running it directly with java (shortcut is added for that).

      • That worked.
        -Basically I stopped the service on the XP box, copied the whole Adito folder (from program files) on a USB.
        -Then I stopped the service on the win2003r2 server, and deleted the Adito (well backed it up) folder from program files, and pasted the Adito folder off the USB.
        -Then I restarted the Win2003r2 service.

        All seems good so far, I haven’t tested every single application, and web forward, but the few I tested worked w/o a problem. Even the custome logo is there and all.

        Thanks and cheers, wish all migration could be this easy!

  14. How do I generate a 2048 CSR as most CAs require minimum 2048 CSR now?

  15. Hello again.

    Maybe someone here can help : I got a free certificate from startssl.com and I was able to install it by stopping the service and re-running the installer.bat script. It worked and I was able to connect to my Adito box without my browser complaining.

    However, none of the applications would work anymore, the java tunnel is not being created, java now complains that it can’t connect and hints at a bad certificate…

    Any thoughts? How can I update the certificate that the java tunnel part of Adito is using?

    Thanks!

    • Hi Stanelie

      I would not recommend to install it by the “installer.bat” function.
      It was stated earlier by the developers on Sourceforge.org that it could mess things up.

      Since you still got access to the webpage, try this: https://www.startssl.com/?app=25#4
      1. Export your *.p12 key (filename and same password you did before)
      2. Export the StartComCertificationAuthority.crt
      3. Export the StartComClass1PrimaryIntermediateClientCA.crt

      Now try to add the StartComCertificationAuthority.crt and StartComClass1PrimaryIntermediateClientCA.crt through the wizard using the “A root certificate for your web servers certification authority.” method.

      But keep in mind that the “Class 2” level is the one that should be used… Through a corporate network still could be blocked if the personal info isn’t validated (good admins does so).

      I don’t know it will work, but worth a try! 🙂

      • Thanks for the tips, I will try them.

        I reverted back to an earlier snapshot after messing things up, I’m not taking any chances.

        🙂

        • Since you running virtual, then trial&error is your friend 🙂

          I guess the StartComCertificationAuthority.crt is defined as “root”
          The StartComClass1PrimaryIntermediateClientCA.crt is “A reply from a certification authority”.
          Then add your privat p12-key as “A key for a server that requires client certificate authentication.”

          But it has been a while, so please give feedback if that worked 🙂
          The root & CA has to be inplace to actually work for the private-key import, that isn’t stated so clear in the help text.

          Also try another browser afterwards (lik IE/FF/Chrome) where the cert isn’t installed.
          You can also check the certs installed by Java (locally) in the Controlpanel -> Java (32 bit) -> Security -> Certificates

  16. how do i buy and install a trusted SSL cerificate?

  17. Hello Lars,

    Thanks for adding new features for adito.
    I have one question ?
    Do you have a RDP client for MAC to go to a windows box ?, because the Proper JAVA RDP is slower then you use RDP for MAC.

    Thanks for your help.

    Roel

  18. Hello.

    Is there a adito application bundle for VNC that would work from a MAC OS client?

    Thanks!

    • TightVNC (Java) extension should work on a Mac, but I haven’t tested it myself
      The ProperJavaRDP extension should work good against windows boxes too…

  19. The timeout value can somehow be found in the file
    webapp/WEB-INF/classes/META-INF/profileProperties-definitions.xml

    Example:

  20. For AD integration it says it needs Read and Write access to AD. What exactly is it wanting to write? Without knowing what it whats to write to AD I am reluctent to turn it on. Can anyone shed some light?

Leave a Reply

%d bloggers like this: