Now USD 300: Clientless SSL VPN, proxy transparent, Browser GUI

bill · Dec 6, 2007, 6:52 AM

Hi, I know something similar has been discussed in:
http://forum.pfsense.org/index.php/topic,3254.0.html
so maybe this gentleman would add his bounty to mine to make this happen? (Please confirm)

Why do I need this, what is the use case?
People would like to connect to VPN server on our pfsense machine.
These people wanting to connect are sitting in corp networks behind fw "A" (unknown vendor) with proxy.
We have no access to configure proxy or fw "A".
We have no admin rights on client machine to install TAP devices for VPN.
People are not experienced to configure putty with tunneling and connect to localhost. :-)
->Need is for clientless VPN access - which is usually done by connecting a browser to https://vpn-terminator/, downloading a java applet which does the encryption, etc. work.

The solution that comes close is Cisco SSL VPN, Checkpoint Connectra and probably the best way to start with:
http://3sp.com/products/ssl-explorer/documentation/SSL-Explorer_Administrators_Guide.pdf
Eric already mentioned in above copied topic, that this solution needs java on the server side. I am not 100% sure if this is needed for the connection or rather for internal housekeeping in the ssl-explorer, but nevertheless, I am not focused on ssl-explorer but just mention this as a good example.
If somebody knows a workaround without using SSL or java client, I am more than happy. But remember it needs to get through proxy with content inspection. It is not enough to just set an SSH server on port 443. ;-)

Thanks,

Bill

Juve · Jul 23, 2007, 11:28 AM

SSL-Explorer just can't work without Java installed on the server. I really think this type of software should have its own server with dedicated resources. Nevertheless, for those who has never tried ssl-explorer, you really should to!!!! This piece of software is just one of the best open source projects like pfsense is (9.99/10 on my ladder ;-)).

What you need is more like an activeX for openVPN, like checkpoint's one…. I don't know if someone has already released such piece of software but goolge didn't help me.

bill · Oct 15, 2007, 11:10 PM

ActiveX is welcome if it does its job.
I will bump to USD300.
Anybody else interested in spending bounty money?

bill · Dec 6, 2007, 6:51 AM

As there is a fair number of people viewing this (more than 1700) I will keep this up. Anyone else spending money?

Cry Havok · Dec 6, 2007, 12:42 PM

If you're interested in an OpenVPN solution, not purely a pfSense solution, it might make sense to take your requests to the OpenVPN mailing lists.

(Not to say that it's not relevant here, just that you may reach a wider audience)

bill · Jan 23, 2008, 9:16 AM

Please explain.
Are you thinking of OpenVPN over TCP443? Are there any zero-footprint OpenVPN clients?
Thanks