WeirdX "Kiosk Mode" vpn.

hoba

You probably want something like http://3sp.com/showSslExplorerCommunity.do?referrer=sslexplorer .

Mercredi

i am amazed so much with the SSLexplorer. it would be really cool to have an option to install this software as a package to the pfsense. wonderfull!

sullrich

Requires Java.  I don't think we are planning on ever including Java.

Numbski

Requires java on hte remote system, not on the local pfSense box (at least not for WeirdX, don't know about the SSL Explorer).

yoda715

SSL Explorer reguires Java on the SSL Explorer server, in which your proposed case would be pfSense.

http://3sp.com/products/ssl-explorer/documentation/SSL-Explorer_Administrators_Guide.pdf  page 35

Mercredi

so if WeirdX dont require java on the pfsense, isn't it perfect? :o)

sullrich

Are we talking about http://www.jcraft.com/weirdx/ ??

Mercredi

i am sorry, i mean ssl explorer. but with my job all the things around me goes crazy at the end of the week.

yoda715

SSL Explorer would require Java on pfSense, something which is not a good idea.

Numbski

Sorry, haven't been on in a while.  Yup, that's precisely it Scott.  It requires java on the client side, (at the web browser, not on the pfsense box).

The only downside to straight weirdx is that the x11 session is not encrypted, but if if we're talking about connections behind the firewall, that may not be an issue.  There is an implementation of WeirdX called "WeirdMind" which is a meld of WeirdX and MindTerm, so it's X11 over SSH.  That solution would be ideal, but to be truthful I had issues getting WeirdMind to work here.  Don't know if any other attempts at X11 over SSH in a similar manner have been attempted or not.

(Actually, reading the site, apparently it's been added using Jsch.)

USAGE AS AN APPLET
==================
Copy "misc/weirdx.jar" and "misc/weirdx.html" to some directory,
which is accessible through a http server, then open weirdx.html with 
a web browser via a http server. If everything goes well, 
WeirdX will start in your web browser.
In default setting, WeirdX use display-name 
'<your hostname="">:2.0' .
If you have Java Plug-in, try 'weirdx-JRE12.html'.

In some situations, JVM may throw the Security Exception.
WeirdX must gain access to TCP port(6002) and JVM may reject to do so.</your> 

and

SSH2 X11 Forwarding in Java
===========================
WeirdX allows you to get secure X accesses via SSH2 X11 forwarding
in pure Java.  This functionality is based on JSch, which is a pure
Java implementation of SSH2 and developed by JCraft under revised BSD
license. It is available at http://www.jcraft.com/jsch/ . 

To enjoy this functionality, try following steps,
1\. Download JSch from http://www.jcraft.com/jsch/ .
   You can get the source code of JSch and also jar file from there.
2\. Specify property 'weirdx.sshrexec' as 'yes'.
3\. Run WeirdX  For example, if you have two jar files, jsch-0.1.14.jar
   and weirdx-1.0.32.jar, 

   java -Dweirdx.sshrexec=yes \
        -cp jsch-0.1.14.jar\;weirdx-1.0.32.jar \
        com.jcraft.weirdx.WeirdX

4\. A dialog window for rexec on ssh will be appeared.

Please note that your JVM must be J2SE v1.4 or higher to enable this 
functionality. And also the souce code for this functionaly is named 
as 'com/jcraft/weirdx/SSHRexec.jav', so you have to rename it 
as 'com/jcraft/weirdx/SSHRexec.java' to compile it.