Saturday, 04 September 2010
Mediumware LLC
 
Home

MDAVPNC Rebranded - New Release! PDF Print E-mail
Written by Nathan   
Friday, 20 October 2006

Mediumware is pleased to announce a new release of our innovative virtualized VPN client. Please note that with this release we are rebranding the application to better reflect it's purpose and capabilities. MDAVPNC is now Sepono.

seh-poh-noh (Latin) [ verb ] : To set apart , sequester, banish

The new name is definitely the least significant of all the changes, and this release brings a number of substantial improvements, one of which is support for native Cisco VPN client profiles.

ABOUT IT:

Sepono version 1.5 - a complete virtualized VPN client software stack

Sepono (previously know as the Mediumware Diet Appliance VPN Client, or MDAVPNC) is a standalone VPN enabled remote desktop client. It is intended to supplant existing VPN client software, and act as a complete software stack for safely connecting to remote computing interfaces from unmanaged or otherwise untrusted end-user systems. This is a virtual appliance. It is designed to run under a VMWare virtualization platform, preferably VMWare Player. Network Administrators deploying this application in lieu of a conventional VPN application will realize the following benefits:

  • Host OS configuration independence – no more testing and troubleshooting VPN application installations on uncontrolled, potentially broken, end-user PCs.
  • Controlled, static computing environment – simplify support by knowing exactly how end-users will access your network, and what they will see when they do.
  • Segregation (aka sandboxing) – end-user PCs will never need to, or be able to access VPN protected resources which can significantly reduce the risk of virus outbreaks and other forms of incidental intrusion.

End users will love its simplicity, easy of use, and non-intrusive behavior. Everything happens automatically - a user name and password are all that are required prior to being automatically connected to a remote system

Special features:

  • Extremely simple and flexible X configuration that is tailored for VMWare Player – desktop appliance GUI resolutions take Player window border into account.
  • Administrator configurable options – set it up then deploy it. All configuration information is stored on a virtual floppy image. This allows for configuration changes to be made independently of the systems base software.
  • Wizard-style setup – for those who can't have it preconfigured for them.
  • Read-only file-system helps prevent unwanted changes to the appliance so you never see any unexpected behavior, and the system remains reliable over time.
  • Built on FreeBSD - offers distributors flexibility with regards to customization, distribution and licensing.

Sepono is compatible with OpenVPN servers and Cisco 3000 series VPN concentrators. Remote desktop methods including RDP, XDMCP, and VNC are supported. 

We are always looking for ways to improve this software, and simplify deployment of safe remote access methods. Please send any feedback to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it This email address is being protected from spam bots, you need Javascript enabled to view it .

 

GET IT 

http://www.mediumware.biz/sepono/Sepono-1.5-build16.zip

Size: 8.52 MB

MD5 SUM: 2950cdc3a562961f0bae181a2d491983

 

README: 

Sepono - a complete virtualized VPN client stack
Version 1.5 - Build 16. This is the third public release.
Released November 02 2006

Copyright 2006 Nathan Martin, Mediumware LLC
http://www.mediumware.biz
mailto: This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

 
NEW IN THIS RELEASE
- Support for native Cisco client profile parsing, including group secret decoding
- Support for XDM desktop servers ala XDMCP
- Support for VNC desktop servers, as well as client listener-mode capability
- Cleaner assisted configuration prompts, layout, and interface
- Better (if not entirely comprehensive) user input sanitization and verification
- Improved error messaging and handling
- Added option to restart configuration and connection processes if errors occur
- Included keepalive routines to maintain desktop response and prevent VPN timeout
- Improved overall internal process flow
- Included routines to handle corrupted floppy images
- Updated FreeBSD to 6.1-RELEASE-p10
- Updated OpenVPN to version 2.0.6_4
- Updated rdesktop to version 1.5.0
- Updated vpnc to version 3.3_3
- Updated vnc to version 4.1.2


NOTEWORTHY BUG FIXES
- Fixed fatal error when vpnc IPSec group secret was not defined at config time
- Fixed remote desktop name resolution failures when using OpenVPN


ON THE TODO LIST
- External configuration tools for administrators - i.e. web floppy image generator, independent config tools etc.
- Bug fixes - please report them.


KNOWN ISSUES
- FreeBSD seems to have trouble reading floppy images under Linux VMWare plaforms. There is no known workaround for this issue at the moment. If you know of one, please email me ( This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ).
- rdesktop may stop responding due to inactivity, but fail to terminate in a timely fashion - this appears to be due to VPN connection timeouts - this has been mitigated, for the most part, by initiating an intermittent ping to the remote desktop server in the background.
- vpnc connections to unresponsive or invalid VPN servers may not terminate in a timely fashion.
- XDM connections to unresponsive or invalid XDMCP servers may not terminate in a timely fashion - furthermore, if user elected to save XDM settings, they will not be discarded if connection fails. X will return true regardless.
- vnc does not return true when a successful connection is made, so settings will not be saved if desired. Subsequently it may return true if certain types of connection errors occur, at which point settings will be saved. - additionally, it appears to prevent window focus from returning to the terminal window necessitating a restart.


INDEPENDENT VPN CONFIGURATION INSTRUCTIONS
A new feature in this release is the ability of the appliance to utilize native Cisco VPN client profiles. Such profiles should simply be copied to the floppy/image (sepono-conf.flp) as 'cisco.pcf'. This feature will make life easier for network administrators looking to migrate their existing remote access users to the Sepono client.

When booted with an empty floppy disk image, the appliance will run a configuration assistant that will allow users to build a workable configuration base by simply answering a few questions. This should be sufficient for many users. However some VPN servers require PKI certificates and associated keys. These should be saved onto the floppy. Most other requisite settings can be entered in response to the configuration assistant questions.

Please note that, the guided configuration assistant does not allow you to set all the available OpenVPN or vpnc options, so if you require a more advanced setup, you can create your own config floppy with the relevant information. One way to do this is to create a standard OpenVPN or vpnc config file, and save it to a floppy disk/image as 'ovpn.conf' or 'vpnc.conf' respectively. The floppy will be mounted as /etc/fdconf.d and should be formatted as a standard MS DOS diskette. Any necessary OpenVPN certificates should be included on the floppy as well, and referenced in the config file with the following file names:

/etc/fdconf.d/ca.crt          # CA certificate file
/etc/fdconf.d/client.crt     # client certificate file
/etc/fdconf.d/client.key    # client private key file

Again, you may also just copy OpenVPN certs and keys to the floppy as above, and run through the guided setup wizard.

Another method (as is employed by the configuration assistant), is to create a vpn-env.sav file on the floppy utilizing any of the following variables:

# Common options
vpncmd                # VPN command to use - 'openvpn' or 'vpnc' (required)
vpnuser                 # VPN user id if applicable
vpnserver              # Remote VPN server hostname or IP address (required)

# OpenVPN specific options
ovpncacert           # name of OpenVPN certificate authority certificate file
ovpncert               # name of OpenVPN client certificate file
ovpnkey                # name of OpenVPN client key file
ovpnproto             # Transport protocol to use - 'udp' or 'tcp' - defaults to 'udp'
ovpnport               # Transport protocol port number to use - defaults to '1194'
ovpndev               # OpenVPN interface type - 'tun' or 'tap' - defaults to 'tun'

# vpnc specific options
vpncipsecid          # IPSec group ID - This is required. If it is not defined, vpnc will prompt for it.
vpncipsecsecret    # IPSec group secret (must be clear text, i.e. not encoded as in Cisco .pcf files) - This is required. If it is not defined, vpnc will prompt for it.
vpncdomain         # Windows NT Domain name if applicable
vpncudp               # Enable/Disable UDP encapsulation - 'true' or 'false' - set to 'true' to enable
vpncnat                # Disable/Enable NAT traversal - 'true' or 'false' - set to 'true' to disable

Just define them like you would in a shell script (i.e. variable=value). Previous versions required that they be exported as well, but this is no longer necessary. Here are a couple examples of valid vpn-env.sav files:

For vpnc:

vpncmd=vpnc
vpnserver=example.com
vpncipsecid=fake_id
vpncipsecsecret=no_secret
vpnuser=someuser
vpncudp=true

For OpenVPN:

vpncmd=openvpn
ovpncacert=/etc/fdconf.d/ca.crt
ovpncert=/etc/fdconf.d/client.crt
ovpnkey=/etc/fdconf.d/client.key
vpnserver=example.com
ovpnproto=udp
ovpnport=1194
ovpndev=tun


Please note that OpenVPN will NOT prompt for requisite missing information. It is important to make sure that all necessary options are properly defined. vpnc will prompt for required, undefined settings, but it will not automatically save them for you under any circumstances.


INDEPENDENT RDP CONFIGURATION INSTRUCTIONS
Configuration of remote desktop settings is done in the same fasion as VPN settings, just with a 'rdp-env.sav' file. Three different remote desktop client methods are supported - Remote Desktop Protocol (RDP, aka Terminal Services), X Display Manager Connection Protocol (XDMCP), and Virtual Network Computing (VNC). Each method supports different option variables (though none are necessary for XDM except 'rdpserver' and 'rdpcmd'):

# Common options
rdpcmd        # remotd desktop command to use - 'rdesktop', 'xdm', or 'vncviewer'
rdpserver      # remote desktop server hostname or IP address (required)

# RDP specific options
rdpuser         # Remote Desktop Protocol user name (optional)

# VPN specific options
vnclisten      # Enable/disable VNC listener mode (VNC server connects to client) - 'true' or 'false' - defaults to 'false'

Furthermore, vncviewer supports reading VNC passwords from a file as opposed to promting the user to enter it manually. To use this feature, save the applicable VNC server password file to the configuration floppy/image as 'vncpasswd'.


INDEPENDENT TIMEZONE CONFIGURATION INSTRUCTIONS
It is possible to configure the appliance's time zone. This is important if your VPN server performs date/time validation of client connections. The default timezone is Pacific Standard Time (West-Coast United States). To customize this, save an appropriate UNIX /etc/localtime file to the floppy image as 'localtime'. This will be copied and reference by the system on boot.
Last Updated ( Saturday, 11 November 2006 )
 
< Prev   Next >
[ Back ]
© 2010 Mediumware LLC
Joomla! is Free Software released under the GNU/GPL License.

Top!