Archive for April, 2007

Printing through the SSL-Explorer Agent

Published at 28 April, 2007 in Linux/Unix, SysAdmin and Windows. Comment

SSL-Explorer’s Community Version doesn’t give you full network access like some commercial SSL VPN solutions, but that shouldn’t stop you from printing.

This assumes that you’ve got some sort of network-enabled printer - such as a HP with an internal JetDirect card. From memory, if you’ve got an external JetDirect device with multiple physical Parallel or USB ports, the network port number changes according to the physical port used.

The setup is as follows:

  1. Go to Access Control, Policies, and create a new policy. Assign some users to the policy if you like.
  2. Go to Resources, SSL Tunnels, and create a new Tunnel with the following properties:
    1. Source Interface: 127.0.0.1
    2. Source Port: 9100
    3. Destination Host: Printer’s IP Address
    4. Destination Port: 9100
    5. Auto Start: Ticked, if you want the tunnel to be enabled as soon as the Java client starts
    6. Type: Local
  3. Assign the policy that was created in step one to this tunnel.

That’s it for the SSL-Explorer side of things. In Windows, make sure you’ve got the driver for your printer handy, and follow these steps:

  1. Go to Control Panel, Printers and Faxes, and add a new Local Printer (untick ‘Automatically Detect’ if it’s ticked)
  2. Create a new Standard TCP/IP Port
  3. As the address for the port, enter 127.0.0.1
  4. Click ‘Custom’, and leave the settings as:
    1. RAW mode
    2. Port 9100
    3. IP 127.0.0.1
  5. Point the Wizard to the correct printer driver, and finish the installation. If you want to print a test page, make sure that the SSL Tunnel is activated first. This can be verified by right-clicking on the SSL client’s tasktray icon and selecting ‘Tunnel Monitor’. You should see and entry for port 9100.

The way this works is that once the tunnel is enabled, it listens on 127.0.0.1 on the port you’ve specified, and redirects traffic to the IP and port specified on the network behind the SSL VPN.

In addition to this, you can add a ‘Web Forward’ of type ‘Tunneled proxy’ to the printer’s port 80 if you’d like to check up on the printer’s status via the web interface. You can then add this ‘Web Forward’ to the policy created in step 1.

Share/Save/Bookmark

SSL-Explorer on Centos

Published at 27 April, 2007 in Linux/Unix and SysAdmin. Comment

Here is a brief guide to installing SSL-Explorer, a great SSL VPN solution, on Centos. I used Centos 4.4, as there is currently no Server CD for version 5. I had to search around a bit in order to find out how to set the JAVA_HOME environment variable to the correct location, so here it is - to save you time.

Centos was installed with a minimum of options - no Apache, no X. If you install Apache, you’ll have to either change the ports it listens on, or change the ports SSL-Explorer listens on. If you don’t, then you’ll get conflicts. Configure the firewall to allow port 443, as that’s what SSLExplorer will be running on.

[root@server ~]# service ipchains stop
[root@server ~]# cd /root
[root@server ~]# wget http://link.to.sf.net/download
[root@server ~]# chmod 755 sslexplorer_linux_0_2_12.rpm

Download JRE, and copy to /root. I used FileZilla with FTP/SSH to put the file on the linux box

[root@server ~]# chmod 755 jre-6u1-linux-i586-rpm.bin
[root@server ~]# ./jre-6u1-linux-i586-rpm.bin
[root@server ~]# /usr/local/bin/install-sslexplorer

Configure using Web interface

[root@server /]# export JAVA_HOME=/usr/java/jre1.6.0_01
[root@server /]# /opt/sslexplorer/install/platforms/linux/install-service
[root@server /]# service sslexplorer start

Note that if you’re copying and pasting these directions, get the link to the newest version from sourceforge, and replace the generic link on the 3rd line.

Share/Save/Bookmark

Spiceworks

Published at 20 April, 2007 in SysAdmin and Windows. Comments

Spiceworks Desktop Screenshot If you’re after a free helpdesk solution, give Spiceworks a shot. It seems to be targeted at smaller companies with under 200 users.

It currently sports:

  • Helpdesk
  • WMI-based asset tracking
  • SNMP discovery of devices
  • SSH login to audit *nix boxes

My only gripes with it at the moment are:

  • A bit slow
  • No updates sent to owner of tickets when the user replies (coming in V2, June 07)

The auditing features and functionality are mostly on par with the Open Source project Open-Audit, although Open-Audit does some things better, such as License Key retrieval, ease of viewing data.

Spiceworks is a closed-source project which is supported by sponsored advertisements on the right-hand side of the screen.

Download Spiceworks!

Share/Save/Bookmark