|
Sepono 1.6-RC3 is now available. This release fixes a couple minor issues found in the previous release candidate and includes a number of new features: - Added CONFIGME.bat autoconfiguration script for configuring appliance from outside of VM (Windows only ATM)
- Added support for reading RDP settings from Microsoft RDP client config files
- Added check for VPN process termination that will kill rdp process if still present
- Added additional user choices for various events (such as connection failure)
- Added function to display vpn stderr when error occurs
- Added routine to check for invalid RDP BPP config setting, and set to 16 bit if over
- Added support for rdp console connections via rdpconsole='true' rdp-env.sav parameter
- Improved locale and terminfo support, English now complete, more coming...
- Added option to bypass vpn and use as RDP client only
- Added prompt to reconnect or shutdown once VPN and RDP sessions end gracefully
- More... Again, QEMU support is still experimental, but the appliance should be reasonably stable regardless.
ABOUT IT: Sepono version 1.6-RC3 - a complete virtualized remote access client software stack Sepono is a standalone VPN enabled remote desktop client. It is intended to supplant existing VPN client software, and act as a complete software stack for safely connecting to remote computing interfaces from unmanaged or otherwise untrusted end-user systems. This is a virtual appliance. It is designed to run under a VMWare virtualization platform, preferably VMWare Player (experimental QEMU support is also available). Network Administrators deploying this application in lieu of a conventional VPN application will realize the following benefits: - Host OS configuration independence – no more testing and troubleshooting VPN application installations on uncontrolled, potentially broken, end-user PCs.
- Controlled, static computing environment – simplify support by knowing exactly how end-users will access your network, and what they will see when they do.
- Segregation (aka sandboxing) – end-user PCs will never need to, or be able to access VPN protected resources which can significantly reduce the risk of virus outbreaks and other forms of incidental intrusion.
End users will love its simplicity, easy of use, and non-intrusive behavior. Everything happens automatically - a user name and password are all that are required prior to being automatically connected to a remote system Special features: - Extremely simple and flexible X configuration that is tailored for VMWare Player – desktop appliance GUI resolutions take Player window border into account.
- Administrator configurable options – set it up then deploy it. All configuration information is stored on a virtual floppy image. This allows for configuration changes to be made independently of the systems base software.
- Wizard-style setup – for those who can't have it preconfigured for them.
- Read-only file-system helps prevent unwanted changes to the appliance so you never see any unexpected behavior, and the system remains reliable over time.
- Built upon Open Source software - offers distributors flexibility with regards to customization, distribution and licensing.
Sepono is compatible with OpenVPN servers and Cisco 3000 series VPN concentrators. Remote desktop methods including RDP, XDMCP, and VNC are supported. We are always looking for ways to improve this software, and simplify deployment of safe remote access methods. Please send any feedback to
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it This email address is being protected from spam bots, you need Javascript enabled to view it .
GET IT: For VMWare http://mediumware.biz/sepono/Sepono-1.6-RC3-VMWare.zip
Size: 14 MB MD5 SUM: 51f91621f7eb22dd45319b16d749f098 For QEMU (Windows distribution) http://mediumware.biz/sepono/Sepono-1.6-RC3-QEMU.zip
Size: 16.3 MB MD5 SUM: 6e69fadb27e8b9fadb41cdb9cb899ec5
README: Sepono - A complete virtualized remote access client stack
Version 1.6-RC3
Released January 17 2008
Copyright 2008 Nathan Martin, Mediumware LLC
http://www.mediumware.biz
mailto:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
Released under the GPL (v2). Please see http://www.gnu.org/licenses/gpl.txt for details.
IMPORTANT NOTE ABOUT RC3
This release has been built with the latest version (5.1) of the vpnc client application in order to correct
an issue where that application would resend invalid credentials to the VPN server twice after the first
failed login. It has been reported (albiet very rarely) that some users running 5.1 are unable to access systems
behind their VPN after the connection has been established. If you encounter this problem but are otherwise able to
use Sepono 1.6-RC2 or earlier, please send me an email (
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
) so that I can collect some debug
information from you to pass on to the vpnc maintainers.
NEW IN THIS RELEASE
- Added CONFIGME.bat autoconfiguration script for configuring appliance from outside of VM (Windows only ATM)
- Added support for reading RDP settings from Microsoft RDP client config files
- Added check for VPN process termination that will kill rdp process if still present
- Added additional user choices for various events (such as connection failure)
- Added function to display vpn stderr when error occurs
- Added routine to check for invalid RDP BPP config setting, and set to 16 bit if over
- Added support for rdp console connections via rdpconsole='true' rdp-env.sav parameter
- Improved locale and terminfo support, English now complete, more coming...
- Added option to bypass vpn and use as RDP client only
- Added prompt to reconnect or shutdown once VPN and RDP sessions end gracefully
- More...
NOTEWORTHY BUG FIXES
- Fixed mouse scroll wheel support
- Fixed problem where failed vpnc authentications would be attempted two subsequent times
- More...
ON THE TO-DO LIST
- Support for multiple VPN / remote desktop profiles
- Reduce ISO file size where possible
- Improve external config tools
- Add support for additional VPN and remote desktop clients
- Better locale support for non-English keyboards
- Enhance QEMU support
- Bug fixes - please report them.
- More...
KNOWN ISSUES
- vpnc connections to unresponsive or invalid VPN servers may not terminate in a timely fashion.
- XDM connections to unresponsive or invalid XDMCP servers may not terminate in a timely fashion
- If user elected to save XDM settings, they will not be discarded if connection fails. X will return true regardless.
- vncviewer command menu (usually accessible via F8 key) is not functional presently
- QEMU resolutions are not as flexible as under VMWare. This is due to limitations with QEMU X drivers.
- Attempts to re-connect/re-initialize RDP session after VPN connection is terminated will fail.
CONFIGURATION OVERVIEW
Sepono stores configuration information on a virtual floppy disk file (sepono-conf.flp in the base distribution). At run-time, this floppy will be searched for specific files that are expected to contain the necessary information for establishing the VPN connection and subsequent remote desktop session. If there are no files present, or they contain incomplete information, the user will be prompted to answer questions in order to build a workable configuration set. This should be sufficient for most users, and generally speaking, the configuration engine should be able to determine if requisite settings are not already defined and take the appropriate action.
The floppy disk image itself will be mounted as /etc/fdconf.d and be formatted as a standard MS DOS diskette. Relevant configuration files may include:
vpn-env.sav # Contains variables applicable to VPN client; Created by guided configuration assistant
rdp-env.sav # Contains variables applicable to remote desktop client; Created by guided configuration assistant
cisco.pcf # A standard Cisco VPN client PCF profile; Provided by network administrator
vpnc.conf # A standard vpnc configuration file; Provided by network administrator
openvpn.conf # A standard OpenVPN configuration file; Provided by network administrator
These files may be pre-populated on the floppy disk (see TIPS AND TRICKS below) for end-user convenience. When booted with an empty floppy disk image, the appliance will run a guided configuration assistant that will allow a user to build a workable configuration base by simply answering a few questions.
VPN CONFIGURATION INSTRUCTIONS - Cisco client
Sepono is able to parse standard Cisco PCF profiles, and has been enhanced to include provisions for prompting and saving any required settings (including user IDs) that may not be present in the original PCF. This allows administrators to create a single configuration image for distribution. The relevant PCF file needs to be saved to the configuration floppy as 'cisco.pcf'.
It is also possible to create a standard vpnc configuration file and save it to a floppy disk/image as 'vpnc.conf'. This method will bypass the guided configuration assistant. You may also elect to manually create a custom vpn-env.sav file to contain the requisite VPN client settings. This file will contain a set of name/value pairs defined as standard shell variables. The following options are applicable when acting as a client to Cisco VPN concentrators:
vpncmd # REQUIRED - VPN command to use
vpnuser # REQUIRED - VPN user ID
vpnserver # REQUIRED - VPN concentrator hostname or IP address
vpncipsecid # REQUIRED - IPSec group ID
vpncipsecsecret # REQUIRED - IPSec group secret (must be clear text, i.e. not encoded as in Cisco .pcf files)
vpncdomain # OPTIONAL - Windows NT Domain name if applicable
vpncudp # REQUIRED - Whether to use UDP encapsulation; Set to 'true' to enable, 'false' to disable
vpncnat # OPTIONAL - Whether to disallow NAT traversal; Set to 'true' to disable NAT traversal, 'false' to allow it
The following is an example Cisco client vpn-env.sav configuration:
vpncmd='vpnc'
vpnserver='example.com'
vpncipsecid='fake_id'
vpncipsecsecret='fake_secret'
vpnuser='some_user'
vpncudp='true'
VPN CONFIGURATION INSTRUCTIONS - OpenVPN client
OpenVPN configuration is implemented in a similar fashion to Cisco client configuration. If necessary, a standard OpenVPN configuration file may be created and saved to the config floppy as 'openvpn.conf'. OpenVPN servers frequently require the use of PKI certificates and keys for authentication. As such, any necessary certificates and client keys should be saved to the floppy and referenced in the relevant config file with the following file names:
/etc/fdconf.d/ca.crt # CA certificate file
/etc/fdconf.d/client.crt # client certificate file
/etc/fdconf.d/client.key # client private key file
If using the guided configuration wizard, these files will be detected and referenced automatically. As with the Cisco client, it is possible to manually create a 'vpn-env.sav' file. This file should contain a set of name/value pairs defined as standard shell variables. The following options are applicable when acting as a client to OpenVPN servers:
vpncmd # REQUIRED - VPN command to use; Set to 'openvpn'
vpnuser # OPTIONAL - VPN user ID if applicable
vpnserver # REQUIRED - OpenVPN server hostname or IP address
ovpncacert # OPTIONAL - Name of OpenVPN Certificate Authority certificate file
ovpncert # OPTIONAL - Name of OpenVPN client certificate file
ovpnkey # OPTIONAL - Name of OpenVPN client key file
ovpnproto # REQUIRED - Transport protocol to use; Set to 'udp' or 'tcp'; Defaults to 'udp' if undefined
ovpnport # REQUIRED - Transport protocol port number to use; Defaults to '1194' if undefined
ovpndev # REQUIRED - OpenVPN interface type; Set to 'tun' or 'tap'; Defaults to 'tun' if undefined
The following is an example OpenVPN vpn-env.sav configuration:
vpncmd='openvpn'
ovpncacert='/etc/fdconf.d/ca.crt'
ovpncert='/etc/fdconf.d/client.crt'
ovpnkey='/etc/fdconf.d/client.key'
vpnserver='example.com'
ovpnproto='udp'
ovpnport='1194'
ovpndev='tun'
VPN CLIENT CONFIGURATION - Custom
A new feature in this release allows for the configuration of arbitrary VPN client commands, and is implemented by creating a 'vpnexec' variable in an existing or new vpn-env.sav file on the configuration floppy. This may be used when adding custom VPN client applications to the default Sepono distribution, or to bypass VPN client initialization entirely. For example:
vpnexec='true' # Executes the UNIX shell command 'true', bypassing VPN connection setup altogether
The contents of this variable will be passed to a UNIX shell and executed. The command(s) must return 'true' (an exit value of zero), or remote desktop initialization will not occur. Use of this variable will bypass the guided VPN configuration assistant entirely.
REMOTE DESKTOP CONFIGURATION - RDP, XDMCP, & VNC
Configuration of remote desktop settings is done in the same fasion as VPN settings, excepting that the configuration file is named 'rdp-env.sav'. Sepono inlcudes support for three different remote desktop client methods - Microsoft Remote Desktop Protocol (RDP, aka Terminal Services), X Display Manager Connection Protocol (XDMCP), and Virtual Network Computing (VNC). Each method supports different options as outlined below:
rdpcmd # REQUIRED - Remote desktop command to use; 'rdesktop', 'xdm', or 'vncviewer'
rdpserver # OPTIONAL - Remote desktop server hostname or IP address
rdpuser # OPTIONAL - Remote desktop user name; Applicable to rdesktop
rdpconsole # OPTIONAL - Option to connect to console session; Set to 'true' to enable
rdpdomain # OPTIONAL - Remote desktop domain name; Set to 'true' to enable
rdpdepth # OPTIONAL - Remote desktop color depth; Set to '8' , '15' , or '16'
rdpcompress # OPTIONAL - Remote desktop compression setting; Set to 'true' to enable
vnclisten # OPTIONAL - Whether to use VNC listener mode; Set to 'true' to enable; Applicable to vncviewer
vncconnid # OPTIONAL - A specific connection ID number to use; Defaults to '0' (zero); Applicable to vncviewer
Additionally, vncviewer supports reading VNC passwords from a file as opposed to prompting the user to enter one manually. To use this feature, save the applicable VNC password file to the configuration floppy/image named 'vncpasswd'.
REMOTE DESKTOP CLIENT CONFIGURATION - Custom
As with the VPN setup, a new feature in this release allows for the configuration of arbitrary remote desktop client commands, and is implemented by creating a 'rdpexec' variable in an existing or new rdp-env.sav file on the configuration floppy. This may be used when adding custom remote desktop client applications to the default Sepono distribution, or to augment the existing commands. For example:
rdpexec='ssh -l user_ID server.example.com' # SSH to a server
rdpexec='rdesktop -a 8 -f server.example.com' # Start rdesktop in 8-bit color mode
The contents of this variable will be passed to a shell and executed. If the command(s) do not return true (an exit value of zero) the user will be prompted to revise their configuration settings. Use of this variable will bypass the guided remote desktop configuration assistant entirely.
TIPS AND TRICKS
- Use the new CONFIGME.bat script to quickly setup your vpn and RDP connections. See CONFIGME.txt for details
- Sepono leverages the Dynamic Window Manager (DWM) - you may press ALT+SHIFT+ENTER to spawn a new terminal window.
- Custom VPN commands can be executed by using the vpnexec variable in the vpn-env.sav file (see above).
- Custom RDP commands can be executed by using the rdpexec variable in the rdp-env.sav file. (see above).
- Windows users will find that files are most easily added to the floppy image using a floppy emulator:
http://chitchat.at.infoseek.co.jp/vmware/vfd.html
- Linux/UNIX users can mount the sepono-conf.flp file as a loopback filesystem.
TIMEZONE CONFIGURATION
It is possible to configure the appliance's time zone. This may be important if your VPN server performs any kind of date/time validation of client connections. The default timezone is Pacific Standard Time (West-Coast United States). To customize this, save an appropriate UNIX /etc/localtime file to the floppy image as 'localtime'. This will then be reference by the system at boot time.
|
