Jared Heinrichs

  • Technology Blog
  • Winnipeg Computer Repair
  • Winnipeg Photographer
  • Cooking With Jared
You are here: Home / Operating System / Ubuntu Linux / OpenVpn-als / How to install openvpn-als on Ubuntu Linux SSL VPN

Oct 28, 2009 By Jared Heinrichs 5 Comments

How to install openvpn-als on Ubuntu Linux SSL VPN

This is a complete walkthrough for installing openvpn-als on linux, and synchronizing the user database with a windows domain controller running Active Directory. I used debian lenny, but this should work equally well with ubuntu server.

Log into your new system as root (i know, i know, but it’s easier. If you don’t feel comfortable logging in as root, just prepend sudo to all the commands below.)

First add the extra repositories to apt, and change it over from lenny to stable (ubuntu users, ignore the first line here)

  1. sed -i.bak ‘s#lenny#stable#’ /etc/apt/sources.list
  2. sed -i.bak ‘s#main#main contrib non-free#’ /etc/apt/sources.list
  3. aptitude update

Now install the needed dependencies:

  1. aptitude install sun-java6-jdk ant junit subversionand grab the current svn trunk version of ALS svn co https://openvpn-als.svn.sourceforge.net/svnroot/openvpn-als/adito/trunk /opt/openvpn-als
  2. ALS needs the tools.jar (about 12.5mb) that is distributed with the JDK to be placed in the $ADITO_HOME\adito\lib folder. On my system I had to do this, but you may be different…
  3. cp /usr/lib/jvm/java-6-sun-1.6.0.12/lib/tools.jar /opt/openvpn-als/adito/lib/

now run the installer

  • cd /opt/openvpn-als && ant install

You’ll see alot of text scroll by as the javac does it’s magic, the it’ll stop and give you a web address to go to, so open a web borwser and go to the url provided. If you dont have DNS set up yet, then you can substitute the hostname for the IP fo the machine. e.g. http://192.168.1.10:28080

you should get something like this:
clip_image002

Only you won’t get the "use current certificate" option – you only get this if you re-run the installer.

Choose "create new certificate", and enter a passphrase, then fill in the certificate details and click next.

Step 2 – user database
clip_image004
Choose Active directory, and fill in the details:
clip_image006

Domain: Your Active directory domain, as displayed in the "active direcotry users and computers" mmc snapin

Service Account Name: this is the username of a standard user in the company.local -> users OU. It is not a full LDAP DN as the documentation suggests.

Service Account password: the password for the above account. It is recommended to set the password to never expire, and prevent the user fom changing the password when creating the account (or set it now from the account tab of the users properties).

Note that for this to work your DNS must be working, i.e. you should be able to ping dc AND dc.domain.local from your ALS server. If you have problems at this point examine the contents of the /opt/openvpn-als/adito/logs/adito.log file. I would suggest adding all your DC’s to your /etc/hosts file jic.

clip_image008
On the OU filter tab, you should add the OU’s that your users and groups exist in as LDAP DN strings. In my case all my users are in an OU off the root called Comany Users, and all my groups are in an OU called Company groups, so i added:

OU=Company Users,DC=company,DC=local

OU=Comapny Groups,DC=company,DC=local

On the options tab I had to increase the "Max Group Cache Objects" because we have a lot of groups, but I’d leave everything as default to start with, as you can rerun the installer if you have problems later.

Step 3 – Superuser.
clip_image010

On this screen you should choose an account from AD to be your openvpn-als admin account. This is the accout that you use to edit the configuration of openvpn-als. It doesn’t have to be a domain admin account, but I wouldn’t use a personal account, as multiple administrators may need to use it. I created a new user called aadmin for the task. NOTE: I wouldn’t use the same account that you used above, as you may have to (in fact you should) change the password of this user every so often.

Step 4 – Webserver.
Choose the ports & IP that you ant the server to listen on. If you leave the default 443, you will be able to browse to the site without having to specify a port, i.e. https://yourserver, instead of https://yourserver:portnumber

Step 5 – Proxies
Configure proxy information as needed

Step 6 – Summary
Check over the information provided, and finish.

At this point the installer will finish:

clip_image012

and you will get your cursor back in the terminal window.

Now we need to build the client and install the service. These are both done with ant. To see the possible ant options, use the command

  • ant -projecthelp

from within the /opt/adito-svn folder:
clip_image014

We need to install the agent, and the service, so run the follwing commands, one after the other:

  1. ant install-agent
  2. ant install-service
  3. now you should be able to start the service with the command
  4. /etc/init.d/openvpn-als start

and browse to https://yourserver to log into openvpn-als (with the aadmin superuser from earlier).

Now you’ll need to configure some applications…

Filed Under: OpenVpn-als

Comments

  1. Murray says

    Sep 27, 2010 at 4:47 pm

    Thankyou very much for this tutorial it has helped me numerous times in trying to set up openvpn-als. A couple of hints for those who may be stuck on some things.

    to find out where tools.jar is simply type in

    locate tools.jar

    at the very last command (/etc/init.d/openvpn-als start) change openvpn-als to adito so it reads

    /etc/init.d/adito start

  2. Graeme Lockett says

    Sep 12, 2011 at 5:30 pm

    Firstly thanks for this.

    Some additional notes

    If you are installing on a 64 bit Linux server you are likely to get this error
    exec: 370: install/platforms/linux/x86/wrapper: not found
    If you edit /opt/adito.svn/adito/build.xml and change all entries of x86 to x86-64 so it works on 64 bit Ubuntu

    When you exit you will need alter /opt/adito.svn/adito/conf/wrapper.conf and uncomment out the line wrapper.java.additional.2=-Dfile.encoding=UTF-8 or edit
    wrapper.conf.base and locate the line that reads #wrapper.java.additional.2=-Dfile.encoding=UTF-8, remove the # and save (Ctrl+X)

  3. Andre says

    Nov 4, 2011 at 7:16 pm

    Hi, do you know where I can find out how to change the look of our logon screen. I am also wanting to add some external links to it.

  4. Ramesh says

    Nov 9, 2011 at 9:25 pm

    Hi,
    Do you know where I can change the landing page(https://localhost/)instead of showLogon.do page.I want to change adito home landing page

  5. Edouard says

    Nov 13, 2015 at 6:04 am

    hi, i have set openvpnals as it is indicated, everything run well but after setting i have no result when browsing http://hostname so i cant insatall applications. can someone help me pleas?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Board Game Rules
  • Camera
  • Computer Hardware
    • Blackberry
    • drivers
    • iPad
    • Magic Jack
    • USB
  • Damn Small Linux
  • Exam Notes
  • Facebook
  • FREE Flashcards
  • Games
    • PC
      • League of Legends
    • Wii
    • xbox 360
  • Music
  • Networking
    • Cisco Certification
    • Mitel
    • Palo Alto Firewall
  • News
    • Google
    • Microsoft
  • Operating System
    • Active Directory (2003)
    • Android
    • Command Prompt
    • Damn Small Linux
    • Group Policy
    • Hyper-V
    • IIS
    • ISA 2006
    • Mac OS X
    • Microsoft Exchange Server
    • Powershell
    • Security
    • SME Server
    • Terminal Server 2003
    • Ubuntu Linux
      • Adito Web SSL VPN
      • OpenVpn-als
      • Webmin
    • Virtual Machine Manager
    • Windows 2003 SBS
    • Windows 2003 Server
    • Windows 2008
    • Windows 2008 R2
    • Windows 2012R2
    • Windows 7
    • Windows 8
    • Windows Command Line
    • Windows Deployment Services
    • Windows Server Backup
    • Windows Vista
    • Windows XP
  • Phones
  • Photography
  • Photos
    • Animals
    • Misc
    • Nature
    • Portraits
  • Portfolio
  • Programming
    • CSS
    • HTML
    • jQuery
    • MySQL
    • PHP
    • Script
  • Programs
    • Acrobat
    • Acrobat Reader
    • Adobe Dreamweaver
    • Adobe Illustrator
    • Adobe Photoshop
    • Anti-virus Software
    • Antivirus
    • Backup Exec
    • Bittorent
    • Blackberry BESADMIN
    • Internet Explorer 9
    • Lightroom
    • Microsoft Office
    • Netbeans
    • Onenote
    • Outlook
    • Shelby
    • Sysprep
    • Trend
    • Video Editing
    • Visual Studio
    • Windows Live Writer
    • WireShark
    • XP Mode
    • Zarafa
  • Recipe
  • Review
  • Software Links
  • Troubleshooting
  • Uncategorized
  • Videos
  • Web Applications
    • Brage
    • Google
    • Spiceworks
    • Wordpress
  • Web Browsers
    • Internet Explorer
  • Web Server
    • XAMPP
  • Winnipeg
    • ISP

Try searching this site!

Copyright © 2021 Winnipeg Web Design