|
After much developement work, a significant update to Sepono is available. This version includes a number of all new features and enhancements designed to make the appliance faster, easier to use, and simpler to cofigure. Anyone using an older version is encouraged to test out the RC and provide feedback. New features include: - New Linux based distribution running on Mediumware's Myso platform
- Faster boot time
- Completely revamped configuration engine
- Experimental QEMU support (screen configuration is limited at present)
- Dynamic screen resolution configuration. Arbitrary resolutions are now possible under VMWare
- Includes dropbear SSH package for SSH users
- Added option to execute a shell upon successful VPN connection
- Added routines to prompt for configuration revisions when connection attempts are unsuccessful.
- Graphical bootup ala bootsplash
- Substantial decrease to overall ISO size
- More...
ABOUT IT: Sepono version 1.6 RC1 - a complete virtualized VPN client software stack Sepono is a standalone VPN enabled remote desktop client. It is intended to supplant existing VPN client software, and act as a complete software stack for safely connecting to remote computing interfaces from unmanaged or otherwise untrusted end-user systems. This is a virtual appliance. It is designed to run under a VMWare virtualization platform, preferably VMWare Player (experimental QEMU support is also available). Network Administrators deploying this application in lieu of a conventional VPN application will realize the following benefits: - Host OS configuration independence – no more testing and troubleshooting VPN application installations on uncontrolled, potentially broken, end-user PCs.
- Controlled, static computing environment – simplify support by knowing exactly how end-users will access your network, and what they will see when they do.
- Segregation (aka sandboxing) – end-user PCs will never need to, or be able to access VPN protected resources which can significantly reduce the risk of virus outbreaks and other forms of incidental intrusion.
End users will love its simplicity, easy of use, and non-intrusive behavior. Everything happens automatically - a user name and password are all that are required prior to being automatically connected to a remote system Special features: - Extremely simple and flexible X configuration that is tailored for VMWare Player – desktop appliance GUI resolutions take Player window border into account.
- Administrator configurable options – set it up then deploy it. All configuration information is stored on a virtual floppy image. This allows for configuration changes to be made independently of the systems base software.
- Wizard-style setup – for those who can't have it preconfigured for them.
- Read-only file-system helps prevent unwanted changes to the appliance so you never see any unexpected behavior, and the system remains reliable over time.
- Built upon Open Source software - offers distributors flexibility with regards to customization, distribution and licensing.
Sepono is compatible with OpenVPN servers and Cisco 3000 series VPN concentrators. Remote desktop methods including RDP, XDMCP, and VNC are supported. We are always looking for ways to improve this software, and simplify deployment of safe remote access methods. Please send any feedback to
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it This email address is being protected from spam bots, you need Javascript enabled to view it .
GET IT For VMWare http://www.mediumware.biz/sepono/Sepono-1.6-RC1-VMWare.zip
Size: 9.48 MB MD5 SUM: b46fa97ab686a4a6e40c27ca0b232037 For QEMU (Windows distribution) http://www.mediumware.biz/sepono/Sepono-1.6-RC1-QEMU.zip Size: 11.1 MB MD5 SUM: f2552963432107a9d7bd00fd36a69ec6
README Sepono - a complete virtualized VPN client stack
Version 1.6 - RC1. This is the fourth public release.
Released August 08 2007
Copyright 2007 Nathan Martin, Mediumware LLC
http://www.mediumware.biz
mailto:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
NOTE: This is a release candidate. While it should be suitable for most situations, there may still be undiscovered bugs, so please report any that you may find. XDMCP session support has not yet been adequately tested in this version, though RDP and VNC support should be reasonably stable.
NEW IN THIS RELEASE
- New Linux based distribution running on Mediumware's Myso platform
- Faster boot time
- Completely revamped configuration engine
- Experimental QEMU support (screen configuration is limited at present)
- Dynamic screen resolution configuration. Arbitrary resolutions are now possible under VMWare
- Includes dropbear SSH package for SSH users
- Added option to execute a shell upon successful VPN connection
- Added routines to prompt for configuration revisions when connection attempts are unsuccessful.
- Graphical bootup ala bootsplash
- Substantial decrease to overall ISO size
- More...
NOTEWORTHY BUG FIXES
- Fixed issue with delayed authentication when using vpnc
- Too many others to list
ON THE TODO LIST
- External configuration tools for administrators - i.e. web floppy image generator, independent config tools etc.
- Additional support for different VPN clients
- Locale support for non-English keyboards
- Better QEMU support
- Bug fixes - please report them.
KNOWN ISSUES
- vpnc connections to unresponsive or invalid VPN servers may not terminate in a timely fashion.
- XDM connections to unresponsive or invalid XDMCP servers may not terminate in a timely fashion - furthermore, if user elected to save XDM settings, they will not be discarded if connection fails. X will return true regardless.
- vnc does not return true when a successful connection is made, so settings will not be saved if desired. Subsequently it may return true if certain types of connection errors occur, at which point settings will be saved. - additionally, it appears to prevent window focus from returning to the terminal window necessitating a restart.
- XDM sessions have not yet been sufficiently tested, problems may occur
- VNC command menu (ala F8) not functional, listener mode needs some work
INDEPENDENT VPN CONFIGURATION INSTRUCTIONS
Sepono supports the parsing of Cisco PCF profiles, and has been enhanced to include provisions for promping and saving any required settings (including usernames) if they are not present in the original PCF. This allows network administrators to create a single config image that can be widely distributed.
When booted with an empty floppy disk image, the appliance will run a configuration assistant that will allow users to build a workable configuration base by simply answering a few questions. This should be sufficient for many users. However some VPN servers require PKI certificates and associated keys. These should be saved onto the floppy. Most other requisite settings can be entered in response to the configuration assistant questions. Generally speaking, the new configuration engine should be able to determine if necessary settings are not defined and prompt for their configuration at run time. This will not be foolproof if you require a reasonably advanced setup.
Please note that, the guided configuration assistant does not allow you to set all the available OpenVPN or vpnc options, so if you require a more advanced setup, you can create your own config floppy with the relevant information. One way to do this is to create a standard OpenVPN or vpnc config file, and save it to a floppy disk/image as 'ovpn.conf' or 'vpnc.conf' respectively. The floppy will be mounted as /etc/fdconf.d and should be formatted as a standard MS DOS diskette. Any necessary OpenVPN certificates should be included on the floppy as well, and referenced in the config file with the following file names:
/etc/fdconf.d/ca.crt # CA certificate file
/etc/fdconf.d/client.crt # client certificate file
/etc/fdconf.d/client.key # client private key file
Again, you may also just copy OpenVPN certs and keys to the floppy as above, and run through the guided setup wizard.
Another method (as is employed by the configuration assistant), is to create a vpn-env.sav file on the floppy utilizing any of the following variables:
# Common options
vpncmd # VPN command to use - 'openvpn' or 'vpnc' (required)
vpnuser # VPN user id if applicable (optional for OpenVPN)
vpnserver # Remote VPN server hostname or IP address (required)
# OpenVPN specific options
ovpncacert # name of OpenVPN certificate authority certificate file
ovpncert # name of OpenVPN client certificate file
ovpnkey # name of OpenVPN client key file
ovpnproto # Transport protocol to use - 'udp' or 'tcp' - defaults to 'udp'
ovpnport # Transport protocol port number to use - defaults to '1194'
ovpndev # OpenVPN interface type - 'tun' or 'tap' - defaults to 'tun'
# vpnc specific options
vpncipsecid # IPSec group ID - This is required. If it is not defined, vpnc will prompt for it.
vpncipsecsecret # IPSec group secret (must be clear text, i.e. not encoded as in Cisco .pcf files) - This is required. If it is not defined, vpnc will prompt for it.
vpncdomain # Windows NT Domain name if applicable
vpncudp # Enable/Disable UDP encapsulation - 'true' or 'false' - set to 'true' to enable
vpncnat # Disable/Enable NAT traversal - 'true' or 'false' - set to 'true' to disable
Define them as veriables (i.e. variable=value) in each appropriate file. Previous versions required that they be exported as well, but this is no longer necessary. Here are a couple examples of valid vpn-env.sav files:
For vpnc:
vpncmd=vpnc
vpnserver=example.com
vpncipsecid=fake_id
vpncipsecsecret=no_secret
vpnuser=someuser
vpncudp=true
For OpenVPN:
vpncmd=openvpn
ovpncacert=/etc/fdconf.d/ca.crt
ovpncert=/etc/fdconf.d/client.crt
ovpnkey=/etc/fdconf.d/client.key
vpnserver=example.com
ovpnproto=udp
ovpnport=1194
ovpndev=tun
INDEPENDENT RDP CONFIGURATION INSTRUCTIONS
Configuration of remote desktop settings is done in the same fasion as VPN settings, just with a 'rdp-env.sav' file. Three different remote desktop client methods are supported - Remote Desktop Protocol (RDP, aka Terminal Services), X Display Manager Connection Protocol (XDMCP), and Virtual Network Computing (VNC). Each method supports different option variables (though none are necessary for XDM except 'rdpserver' and 'rdpcmd'):
# Common options
rdpcmd # remotd desktop command to use - 'rdesktop', 'xdm', or 'vncviewer'
rdpserver # remote desktop server hostname or IP address (required)
# RDP specific options
rdpuser # Remote Desktop Protocol user name (optional)
# VNC specific options
vnclisten # Enable/disable VNC listener mode (VNC server connects to client) - 'true' or 'false' - defaults to 'false'
Furthermore, vncviewer supports reading VNC passwords from a file as opposed to promting the user to enter it manually. To use this feature, save the applicable VNC server password file to the configuration floppy/image as 'vncpasswd'.
INDEPENDENT TIMEZONE CONFIGURATION INSTRUCTIONS
It is possible to configure the appliance's time zone. This is important if your VPN server performs date/time validation of client connections. The default timezone is Pacific Standard Time (West-Coast United States). To customize this, save an appropriate UNIX /etc/localtime file to the floppy image as 'localtime'. This will be copied and reference by the system on boot.
ADDING FILES TO OR OTHERWISE EDITING THE CONFIG IMAGE FLOPPY
Windows users will want to use a virtual floppy emulator such as that found here:
http://chitchat.at.infoseek.co.jp/vmware/vfd.html
*NIX users should be able to mount the sepono-conf.flp file as a loopback filesystem. Please consulut your operating system documentation for details.
|
