Saturday, 04 September 2010
Mediumware LLC
 
Home

New MDAVPNC release PDF Print E-mail
Written by Nathan   
Wednesday, 05 July 2006

Mediumware is pleased to announce a new release of it's innovative virtualized VPN remote access appliance.  This release brings a number of fixes and enhancements to the product, particularly in the areas of stability, usability, and performance...

ABOUT IT:

Mediumware Diet Appliance VPN Client (MDAVPNC)

This is a virtual appliance. It is designed to run under a VMWare virtualization platform, preferably VMWare Player. The purpose of this appliance is to serve as a self-contained VPN enabled Remote Desktop Client enabling users to connect safely to a desktop or terminal server from a remote network or untrusted PC. Network Administrators deploying this virtual appliance will realize the following benefits:

  • Host OS configuration independence – no more testing and troubleshooting VPN application installations on uncontrolled, potentially broken, end-user PCs.
  • Known, static computing environment – simplify support by knowing exactly how end-users will access your network, and what they will see when they do.
  • Segregation – end-user PCs will never need to, or be able to access internal company resources which will significantly reduce the risk of virus outbreaks.

End users will love its simplicity, easy of use, and non-intrusive behavior. Everything happens automatically - a user name and password are all that are required prior to being automatically connected to a remote system

Special features:

  • Extremely simple and flexible X configuration that is tailored for VMWare Player – desktop appliance GUI resolutions take Player window border into account.
  • Administrator configurable options – set it up then deploy it. All configuration information is stored on a virtual floppy image. This allows for configuration changes to be made independently of the systems base software.
  • Wizard-style setup – for those who can't have it preconfigured for them.
  • Read-only file-system helps prevent unwanted changes to the appliance so you never see any unexpected behavior, and the system remains reliable over time.
  • Built on FreeBSD - offers distributors flexibility with regards to customization, distribution and licensing.

 The MDAVPNC is compatible with OpenVPN and vpnd servers, as well as Cisco 3000 series VPN concentrators. 

USAGE INSTRUCTIONS:

Prerequisites

  • VMWare Player (or other VMWare product) - available from http://www.vmware.com
  • A compatible VPN server (OpenVPN or Cisco 3000 series / vpnd)
  • Network connectivity to remote VPN server
  • A system running Remote Desktop / Terminal Services on the far side of the VPN link to which you would connect: typically a Windows server or workstation (2000, XP, 2003)

  1. Decompress the appliance and open it's storage folder.
  2. Use VMWare Player to launch the virtual appliance VMX file (MDAVPNC.vmx).
  3. Follow any on-screen prompts. The first prompt will be a question asking if the user would like to try out a different screen resolution. I would invite you to change this to suit your needs.
  4. If you are building a new configuration from scratch, subsequent questions will gather pertinent information required to establish your VPN connection. Note that it is quite feasible, and expected that administrators will want to preconfigure VPN settings on behalf of users. Please see the independent configuration instructions further down this page.
  5. After the requisited VPN information has be collected, the appliance will prompt for a remote Terminal Server to connect to. Please enter one, and optionally, the username you wish to log in to that system with.
  6. Once the VPN connection is established, the appliance will initiate a Remote Desktop session to the defined system, at which point you should go ahead and log in.
  7. Once users are finished with the Remote Desktop session they should, take a moment to log out and watch as the appliance neatly shuts itself down and disappears from the desktop in the same fasion as any other desktop application

GET IT:

 http://www.mediumware.biz/mdavpnc/MDAVPNC-1.0-build05.zip

SIZE: 8.9 MB 

MD5 SUM: 8ddebb994ab6102f4e3d80c564fabe67

Enjoy, and please send any feedback to  This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .

README:

Mediumware Diet Appliance VPN Client (MDAVPNC)
Version 1.0 - Build 05. This is the second public release.


Copyright 2006 Nathan Martin, Mediumware LLC
http://www.mediumware.biz
mailto:// This e-mail address is being protected from spam bots, you need JavaScript enabled to view it


DISCUSS IT:
http://www.vmware.com/community/thread.jspa?threadID=43952&tstart=90


RATE IT:
http://www.vmware.com/vmtn/appliances/directory/218


NEW IN THIS RELEASE
- New ISO based distribution
- Revamped init system
- Settings are saved only upon successful connections to ensure recoverability
- All processes run unprivileged except where necessary
- Slightly faster boot time
- Smaller size (root FS is now ~ 6MB smaller)
- Smaller memory footprint
- Cleaner assisted configuration
- Signals are now trapped and ignored in every script to prevent user interrupt
- Updated to FreeBSD 6.1
- Further compatibility with original FreeBSD distribution
- NTP enabled to ensure current date and time
- Better error checking and user input sanitization
- VPN disconnection cleanup and process termination prior to shutdown
- Diagnostic error messages
- Lots of bug fixes
- Probably more that I can't think of at the moment...


ON THE TODO LIST
- Native Cisco VPN client profile compatibility
- More user input sanitization
- Floppy configuration via file, as opposed to files contained on floppy image (dd if=/dev/fd0 ...)
- External configuration assistant for administrators. Web generated floppy images and independent config tools.
- Splash screen
- Bug fixes - please report them.


KNOWN ISSUES
- VMWare applications running on Linux platforms seem to have trouble reading floppy images. There is no known workaround for this issue at the moment. If you know of one, please email me ( This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ).


INDEPENDENT VPN CONFIGURATION INSTRUCTIONS
When booted with an empty floppy disk image, the appliance will run a configuration assistant that will allow users to build a workable configuration base by simply answering a few questions. This should be sufficient for many users. However some VPN servers require PKI certificates and associated keys. These should be saved onto the floppy. Most other requisite settings can be entered in response to the configuration assistant questions.

However, the guided configuration assistant does not allow you to set all of the myriad of available OpenVPN or vpnc options, so if you require a more advanced setup, you can create your own config floppy with the relevant information. One way to do this is to create a standard OpenVPN or vpnc config file, and save it to a floppy disk or image as ovpn.conf or vpnc.conf respectively. The floppy will be mounted as /etc/fdconf.d and should be formatted as a standard MS DOS diskette. OpenVPN certificates should be included on the floppy as well, and referenced in the config file with the following file names:

/etc/fdconf.d/ca.crt		# CA certificate file
/etc/fdconf.d/client.crt	# client certificate file
/etc/fdconf.d/client.key	# client private key file

Again, you may also just copy OpenVPN certs and keys to the floppy as above, and run through the guided setup wizard.

Another way to do it, and this is how the appliance manages settings internally, is to create a vpn-env.sav file on the floppy utilizing any of the following variables:

# Generic options
vpncmd		# required
vpnuser		# optional depending on your VPN server
vpnserver	# required
# OpenVPN specific options
ovpncacert	# optional depending on your VPN server
ovpncert	# optional depending on your VPN server
ovpnkey		# optional depending on your VPN server
ovpnproto	# optional, will fall back to default value of 'udp'
ovpnport	# optional, will fall back to default value of '1194'
ovpndev		# optional, will fall back to default value of 'tun'
# vpnc specific options
vpncipsecid	# optional depending on your VPN server
vpncipsecsecret	# optional depending on your VPN server
vpncdomain	# optional depending on your VPN server
vpncudp		# optional depending on your VPN server

Just define them like you would in a normal shell script. Previous versions required that they be exported as well, but this is no longer necessary. Here is what the demonstration vpn-env.sav file looks like:

vpncmd=openvpn
ovpncacert=/etc/fdconf.d/ca.crt
ovpncert=/etc/fdconf.d/client.crt
ovpnkey=/etc/fdconf.d/client.key
vpnserver=71.39.135.214
ovpnproto=udp
ovpnport=1195
ovpndev=tun

Please note that OpenVPN will NOT prompt for requisite missing information. It is important to make sure that all necessary options are properly defined. vpnc will prompt for required, undefined settings.


INDEPENDENT RDP CONFIGURATION INSTRUCTIONS
Configuration of RDP settings is done much in the same fasion with a rdp-env.sav file. The following variables are valid:

rdpserver	# required
rdpuser		# optional


INDEPENDENT TIMEZONE CONFIGURATION INSTRUCTIONS
A new setting in this release allows administrators to set the system time zone. This is important if your VPN server performs date/time validation of client connections. This is pretty common with OpenVPN servers. The default timezone is Pacific Standard Time (West-Coast United States). To customize this, save an appropriate /etc/localtime file to the floppy image as 'localtime'. This will be copied and reference by the system on boot.
Last Updated ( Monday, 02 October 2006 )
 
< Prev   Next >
[ Back ]
© 2010 Mediumware LLC
Joomla! is Free Software released under the GNU/GPL License.

Top!