WeirdX "Kiosk Mode" vpn.
-
Okay, I need to back up and explain this one.
I have a client that currently uses a WatchGuard firebox. Along with standard VPN solutions, it ships with a kiosk mode VPN. This allows an end user to go up to joe random machine, bring up a web interface, and a java applet loads. The applet does an initial authentication check (appears to use LDAP to check Active Directory), then for the briefest of moments you see an X11 load screen (presumably weirdx), and then it automagically loads a "full screen" (within the X11 session) RDP session to a selected terminal server, thus given the user a "Kiosk VPN" solution.
Unfortunately I can't put cash into this bounty just yet, but I wanted to toss it out there. As soon as I have funds available to do so I'll kick some cash into this.
-
You probably want something like http://3sp.com/showSslExplorerCommunity.do?referrer=sslexplorer .
-
i am amazed so much with the SSLexplorer. it would be really cool to have an option to install this software as a package to the pfsense. wonderfull!
-
Requires Java. I don't think we are planning on ever including Java.
-
Requires java on hte remote system, not on the local pfSense box (at least not for WeirdX, don't know about the SSL Explorer).
-
SSL Explorer reguires Java on the SSL Explorer server, in which your proposed case would be pfSense.
http://3sp.com/products/ssl-explorer/documentation/SSL-Explorer_Administrators_Guide.pdf page 35
-
so if WeirdX dont require java on the pfsense, isn't it perfect? :o)
-
Are we talking about http://www.jcraft.com/weirdx/ ??
-
i am sorry, i mean ssl explorer. but with my job all the things around me goes crazy at the end of the week.
-
SSL Explorer would require Java on pfSense, something which is not a good idea.
-
Sorry, haven't been on in a while. Yup, that's precisely it Scott. It requires java on the client side, (at the web browser, not on the pfsense box).
The only downside to straight weirdx is that the x11 session is not encrypted, but if if we're talking about connections behind the firewall, that may not be an issue. There is an implementation of WeirdX called "WeirdMind" which is a meld of WeirdX and MindTerm, so it's X11 over SSH. That solution would be ideal, but to be truthful I had issues getting WeirdMind to work here. Don't know if any other attempts at X11 over SSH in a similar manner have been attempted or not.
(Actually, reading the site, apparently it's been added using Jsch.)
USAGE AS AN APPLET ================== Copy "misc/weirdx.jar" and "misc/weirdx.html" to some directory, which is accessible through a http server, then open weirdx.html with a web browser via a http server. If everything goes well, WeirdX will start in your web browser. In default setting, WeirdX use display-name '<your hostname="">:2.0' . If you have Java Plug-in, try 'weirdx-JRE12.html'. In some situations, JVM may throw the Security Exception. WeirdX must gain access to TCP port(6002) and JVM may reject to do so.</your>and
SSH2 X11 Forwarding in Java =========================== WeirdX allows you to get secure X accesses via SSH2 X11 forwarding in pure Java. This functionality is based on JSch, which is a pure Java implementation of SSH2 and developed by JCraft under revised BSD license. It is available at http://www.jcraft.com/jsch/ . To enjoy this functionality, try following steps, 1\. Download JSch from http://www.jcraft.com/jsch/ . You can get the source code of JSch and also jar file from there. 2\. Specify property 'weirdx.sshrexec' as 'yes'. 3\. Run WeirdX For example, if you have two jar files, jsch-0.1.14.jar and weirdx-1.0.32.jar, java -Dweirdx.sshrexec=yes \ -cp jsch-0.1.14.jar\;weirdx-1.0.32.jar \ com.jcraft.weirdx.WeirdX 4\. A dialog window for rexec on ssh will be appeared. Please note that your JVM must be J2SE v1.4 or higher to enable this functionality. And also the souce code for this functionaly is named as 'com/jcraft/weirdx/SSHRexec.jav', so you have to rename it as 'com/jcraft/weirdx/SSHRexec.java' to compile it.