|
Sepono 1.6-RC2 is now available. This release fixes a couple of issues found in the previous release candidate and includes a few new features as well: - System information messages shown separate from configuration prompts
- XDMCP support improved, cleaner process flow
- vpnc password entry now indicated with asterisks to aid user in successful logon
- Enhanced support for QEMU. Custom screen resolutions possible.
- Custom VPN and remote desktop commands now supported
- General process flow improvements QEMU support is still experimental, but the appliance should be reasonably stable regardless.
ABOUT IT: Sepono version 1.6 - a complete virtualized remote access client software stack Sepono is a standalone VPN enabled remote desktop client. It is intended to supplant existing VPN client software, and act as a complete software stack for safely connecting to remote computing interfaces from unmanaged or otherwise untrusted end-user systems. This is a virtual appliance. It is designed to run under a VMWare virtualization platform, preferably VMWare Player (experimental QEMU support is also available). Network Administrators deploying this application in lieu of a conventional VPN application will realize the following benefits: - Host OS configuration independence – no more testing and troubleshooting VPN application installations on uncontrolled, potentially broken, end-user PCs.
- Controlled, static computing environment – simplify support by knowing exactly how end-users will access your network, and what they will see when they do.
- Segregation (aka sandboxing) – end-user PCs will never need to, or be able to access VPN protected resources which can significantly reduce the risk of virus outbreaks and other forms of incidental intrusion.
End users will love its simplicity, easy of use, and non-intrusive behavior. Everything happens automatically - a user name and password are all that are required prior to being automatically connected to a remote system Special features: - Extremely simple and flexible X configuration that is tailored for VMWare Player – desktop appliance GUI resolutions take Player window border into account.
- Administrator configurable options – set it up then deploy it. All configuration information is stored on a virtual floppy image. This allows for configuration changes to be made independently of the systems base software.
- Wizard-style setup – for those who can't have it preconfigured for them.
- Read-only file-system helps prevent unwanted changes to the appliance so you never see any unexpected behavior, and the system remains reliable over time.
- Built upon Open Source software - offers distributors flexibility with regards to customization, distribution and licensing.
Sepono is compatible with OpenVPN servers and Cisco 3000 series VPN concentrators. Remote desktop methods including RDP, XDMCP, and VNC are supported. We are always looking for ways to improve this software, and simplify deployment of safe remote access methods. Please send any feedback to
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it This email address is being protected from spam bots, you need Javascript enabled to view it .
GET IT: For VMWare http://www.mediumware.biz/sepono/Sepono-1.6-RC2-VMWare.zip
Size: 10.9 MB MD5 SUM: e8edce55653d346d69f17a0c0a1f3676 For QEMU (Windows distribution) http://www.mediumware.biz/sepono/Sepono-1.6-RC2-QEMU.zip Size: 13.2 MB MD5 SUM: f3ef1841101f3c08aa7f0253267b9906
README: Sepono - A complete virtualized remote access client stack
Version 1.6-RC2
Released October 05 2007
Copyright 2007 Nathan Martin, Mediumware LLC
http://www.mediumware.biz
mailto:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
NEW IN THIS RELEASE
- System information messages shown separate from configuration prompts
- XDMCP support improved, cleaner process flow
- vpnc password entry now indicated with asterisks to aid user in successful logon
- Enhanced support for QEMU. Custom screen resolutions possible.
- Custom VPN and remote desktop commands now supported
- General process flow improvements
- More...
NOTEWORTHY BUG FIXES
- VNC client support fixed and enhanced over previous release
- XDMCP client support fixed and enhanced over previous release
- Static user passwords now parsed from Cisco PCF profile
- Background keep-alive ping to remote desktop server functional again
ON THE TO-DO LIST
- Support for multiple VPN / remote desktop profiles
- Reduce ISO file size
- Support for Microsoft RDP client config files
- Additional system behavior options
- External configuration tools for administrators - i.e. web floppy image generator, independent config tools etc.
- Additional support for different VPN and remote desktop clients
- Locale support for non-English keyboards
- Enhanced QEMU support
- Bug fixes - please report them.
- More...
KNOWN ISSUES
- vpnc connections to unresponsive or invalid VPN servers may not terminate in a timely fashion.
- XDM connections to unresponsive or invalid XDMCP servers may not terminate in a timely fashion
- If user elected to save XDM settings, they will not be discarded if connection fails. X will return true regardless.
- vncviewer command menu (usually accessible via F8 key) is not functional presently
- QEMU resolutions are not as flexible as under VMWare. This is due to limitations with QEMU X drivers.
CONFIGURATION OVERVIEW
Sepono stores configuration information on a virtual floppy disk file (sepono-conf.flp in the base distribution). At run-time, this floppy will be searched for specific files that are expected to contain the necessary information for establishing the VPN connection and subsequent remote desktop session. If there are no files present, or they contain incomplete information, the user will be prompted to answer questions in order to build a workable configuration set. This should be sufficient for most users, and generally speaking, the configuration engine should be able to determine if requisite settings are not already defined and take the appropriate action.
The floppy disk image itself will be mounted as /etc/fdconf.d and be formatted as a standard MS DOS diskette. Relevant configuration files may include:
vpn-env.sav # Contains variables applicable to VPN client; Created by guided configuration assistant
rdp-env.sav # Contains variables applicable to remote desktop client; Created by guided configuration assistant
cisco.pcf # A standard Cisco VPN client PCF profile; Provided by network administrator
vpnc.conf # A standard vpnc configuration file; Provided by network administrator
openvpn.conf # A standard OpenVPN configuration file; Provided by network administrator
These files may be pre-populated on the floppy disk (see TIPS AND TRICKS below) for end-user convenience. When booted with an empty floppy disk image, the appliance will run a guided configuration assistant that will allow a user to build a workable configuration base by simply answering a few questions.
VPN CONFIGURATION INSTRUCTIONS - Cisco client
Sepono is able to parse standard Cisco PCF profiles, and has been enhanced to include provisions for prompting and saving any required settings (including user IDs) that may not be present in the original PCF. This allows administrators to create a single configuration image for distribution. The relevant PCF file needs to be saved to the configuration floppy as 'cisco.pcf'.
It is also possible to create a standard vpnc configuration file and save it to a floppy disk/image as 'vpnc.conf'. This method will bypass the guided configuration assistant. You may also elect to manually create a custom vpn-env.sav file to contain the requisite VPN client settings. This file will contain a set of name/value pairs defined as standard shell variables. The following options are applicable when acting as a client to Cisco VPN concentrators:
vpncmd # REQUIRED - VPN command to use ; Set this to 'vpnc'
vpnuser # REQUIRED - VPN user ID
vpnserver # REQUIRED - VPN concentrator hostname or IP address
vpncipsecid # REQUIRED - IPSec group ID
vpncipsecsecret # REQUIRED - IPSec group secret (must be clear text, i.e. not encoded as in Cisco .pcf files)
vpncdomain # OPTIONAL - Windows NT Domain name if applicable
vpncudp # REQUIRED - Whether to use UDP encapsulation; Set to 'true' to enable, 'false' to disable
vpncnat # OPTIONAL - Whether to disallow NAT traversal; Set to 'true' to disable NAT traversal, 'false' to allow it
The following is an example Cisco client vpn-env.sav configuration:
vpncmd='vpnc'
vpnserver='example.com'
vpncipsecid='fake_id'
vpncipsecsecret='fake_secret'
vpnuser='some_user'
vpncudp='true'
VPN CONFIGURATION INSTRUCTIONS - OpenVPN client
OpenVPN configuration is implemented in a similar fashion to Cisco client configuration. If necessary, a standard OpenVPN configuration file may be created and saved to the config floppy as 'openvpn.conf'. OpenVPN servers frequently require the use of PKI certificates and keys for authentication. As such, any necessary certificates and client keys should be saved to the floppy and referenced in the relevant config file with the following file names:
/etc/fdconf.d/ca.crt # CA certificate file
/etc/fdconf.d/client.crt # client certificate file
/etc/fdconf.d/client.key # client private key file
If using the guided configuration wizard, these files will be detected and referenced automatically. As with the Cisco client, it is possible to manually create a 'vpn-env.sav' file. This file should contain a set of name/value pairs defined as standard shell variables. The following options are applicable when acting as a client to OpenVPN servers:
vpncmd # REQUIRED - VPN command to use; Set to 'openvpn'
vpnuser # OPTIONAL - VPN user ID if applicable
vpnserver # REQUIRED - OpenVPN server hostname or IP address
ovpncacert # OPTIONAL - Name of OpenVPN Certificate Authority certificate file
ovpncert # OPTIONAL - Name of OpenVPN client certificate file
ovpnkey # OPTIONAL - Name of OpenVPN client key file
ovpnproto # REQUIRED - Transport protocol to use; Set to 'udp' or 'tcp'; Defaults to 'udp' if undefined
ovpnport # REQUIRED - Transport protocol port number to use; Defaults to '1194' if undefined
ovpndev # REQUIRED - OpenVPN interface type; Set to 'tun' or 'tap'; Defaults to 'tun' if undefined
The following is an example OpenVPN vpn-env.sav configuration:
vpncmd='openvpn'
ovpncacert='/etc/fdconf.d/ca.crt'
ovpncert='/etc/fdconf.d/client.crt'
ovpnkey='/etc/fdconf.d/client.key'
vpnserver='example.com'
ovpnproto='udp'
ovpnport='1194'
ovpndev='tun'
VPN CLIENT CONFIGURATION - Custom
A new feature in this release allows for the configuration of arbitrary VPN client commands, and is implemented by creating a 'vpnexec' variable in an existing or new vpn-env.sav file on the configuration floppy. This may be used when adding custom VPN client applications to the default Sepono distribution, or to bypass VPN client initialization entirely. For example:
vpnexec='true' # Executes the UNIX shell command 'true', bypassing VPN connection setup altogether
The contents of this variable will be passed to a UNIX shell and executed. The command(s) must return 'true' (an exit value of zero), or remote desktop initialization will not occur. Use of this variable will bypass the guided VPN configuration assistant entirely.
REMOTE DESKTOP CONFIGURATION - RDP, XDMCP, & VNC
Configuration of remote desktop settings is done in the same fasion as VPN settings, excepting that the configuration file is named 'rdp-env.sav'. Sepono inlcudes support for three different remote desktop client methods - Microsoft Remote Desktop Protocol (RDP, aka Terminal Services), X Display Manager Connection Protocol (XDMCP), and Virtual Network Computing (VNC). Each method supports different options as outlined below:
rdpcmd # REQUIRED - Remote desktop command to use; 'rdesktop', 'xdm', or 'vncviewer'
rdpserver # OPTIONAL - Remote desktop server hostname or IP address
rdpuser # OPTIONAL - Remote desktop user name; Applicable to rdesktop
vnclisten # OPTIONAL - Whether to use VNC listener mode; Set to 'true' to enable; Applicable to vncviewer
vncconnid # OPTIONAL - A specific connection ID number to use; Defaults to '0' (zero); Applicable to vncviewer
Additionally, vncviewer supports reading VNC passwords from a file as opposed to prompting the user to enter one manually. To use this feature, save the applicable VNC password file to the configuration floppy/image named 'vncpasswd'.
REMOTE DESKTOP CLIENT CONFIGURATION - Custom
As with the VPN setup, a new feature in this release allows for the configuration of arbitrary remote desktop client commands, and is implemented by creating a 'rdpexec' variable in an existing or new rdp-env.sav file on the configuration floppy. This may be used when adding custom remote desktop client applications to the default Sepono distribution, or to augment the existing commands. For example:
rdpexec='ssh -l user_ID server.example.com' # SSH to a server
rdpexec='rdesktop -a 8 -f server.example.com' # Start rdesktop in 8-bit color mode
The contents of this variable will be passed to a shell and executed. If the command(s) do not return true (an exit value of zero) the user will be prompted to revise their configuration settings. Use of this variable will bypass the guided remote desktop configuration assistant entirely.
TIPS AND TRICKS
- Sepono leverages the Dynamic Window Manager (DWM) - you may press CTRL+SHIFT+ENTER to spawn a new terminal window.
- Custom VPN commands can be executed by using the vpnexec variable in the vpn-env.sav file (see above).
- Custom RDP commands can be executed by using the rdpexec variable in the rdp-env.sav file. (see above).
- Windows users will find that files are most easily added to the floppy image using a floppy emulator:
http://chitchat.at.infoseek.co.jp/vmware/vfd.html
- Linux/UNIX users can mount the sepono-conf.flp file as a loopback filesystem.
TIMEZONE CONFIGURATION
It is possible to configure the appliance's time zone. This may be important if your VPN server performs any kind of date/time validation of client connections. The default timezone is Pacific Standard Time (West-Coast United States). To customize this, save an appropriate UNIX /etc/localtime file to the floppy image as 'localtime'. This will then be reference by the system at boot time.
|
