SSL-Explorer – Open-Source SSL VPN

I’ve been playing with SSL-Explorer for the past couple of days at the office and it is really pretty cool.

SSL-Explorer is the world’s first open-source SSL VPN solution of its kind. This unique remote access solution provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.

SSL-based VPNs have become a hot topic in recent years … browser-based VPN solutions are something that cannot be overlooked by most businesses, though implementation costs can often be prohibitive.

In contrast to a conventional IPsec-based solution, no client side code needs to be installed on your end user’s systems. SSL VPNs rely on Java&#153 based technology and hence require only a standard web browser to operate. Standard network protocols can be tunnelled through the SSL connection, meaning that email and intranet web/file resources are easily and securely accessible from outside the corporate network.

Because it is Java it works on multiple platforms. I initially tried it on our Linux box, and I got it work, but I had intermittent problems with Windows Networking Browsing so I caved and installed it on a Windows Server 2003 box and it worked like a champ. It has a number of neat features:

  • Remote access through Windows Explorer to shares using Microsoft WebFolders (on XP)
  • Web-based Microsoft Windows file system browser
  • Access your desktop remotely (via RDP)
  • Supports Active Directory authentication and built-in database
  • Configure multiple profiles for access depending on your location
  • Accessible using zero-footprint VPN client
  • Connect using any SSL-enabled browser (it worked great with Safari on my Mac)

I think the WebFolders is the best part. It gives the users the ability to interact with the remote file servers via the standard XP folder interface. Other than having to log in with your username and password it is just like working with any other folder.

While the installation is fairly easy, the configuration is a little tricky. This is particularly so if you have a complicated Active Directory configuration. One of the non-obvious things is when entering the LDAP information for the Organization Units (OU) it is case sensitive, except for the domain part which must be capitalized.

I think this product has a lot of potential, especially since it is under active development. We will continue to evaluate it over the next couple of weeks. Like other things technology things where I work, it will probably go into limited deployment. I know that my group will use it, but we’ll have to see how easily we can train others to use it.

Advertisements
Leave a comment

6 Comments

  1. So, it uses port 443? If so, that means you can get to your network from behind a corporate firewall and use all the network resources, including file shares, IMAP and any other services your network may be providing?

    Keith

  2. Yes! It uses port 443 to tunnel all traffic. Without launching the VPN client portion you have access to your file shares and some websites. After launching the tunnel you can tunnel any traffic you want (with configuration both on the client and vpn server).

    For example you could configure it to tunnel both IMAP and SMTP traffic across the SSL-VPN tunnel to you server. You would then tell the client to use localhost to look for and send messages. When the client goes to get mail, it gets forward across the encrypted tunnel to the server inside your network.

    They have some great flash demos on the main SSL-Explorer page. It is really easy to set up on windows and pretty easy for Linux too. Just make sure that port 443 is not already in use by another webserver application.

  3. After looking at the demos you suggested I think I might try and set this up. The only issue is I’ll have to figure out what to do with the secure domain I set up for my mail and other web utilities that I want to protect. The demos look cool and I think this would be something good to offer my small business customers. They all like the idea of OpenSource being free :-).

    Keith

  4. Phil Dowling

     /  December 11, 2006

    Hi There

    We are trying to get this SSL Explorer working where I work. We have the commercial version. In particular, we have it working in most senses, but we are struggling with the IMAP functionality.

    I was wondering, have you setup IMAP with MS Outlook? Did you have any useful hints on how this might be achieved as the “normal” way does not seem to work so well 😉

    Thanks Sir!

    Phil Dowling

  5. Travis F

     /  October 30, 2007

    Just a note in case you (anyone) forgot or isn’t sure.
    Don’t install this on same box that might have IIS running. They will fight over port 443

    This sounds pretty cool. Hope I can get some time to try it myself.

    T

  6. Andrew

     /  October 11, 2008

    Hi I cant seem to forward SSL Explorer using port 443. It says that the port is closed even though i forwarded it

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: