Re: [Openvpn-als-devel] Netbeans Build of Embedded Branch

2009-12-12 Thread samuli.seppa...@gmail.com 
o.agent.client.Agent.main(Agent.java:1426)
> 9 [main] DEBUG com.adito.agent.client.Agent  - Failed to create basic GUI
> java.lang.ClassNotFoundException:
> com.adito.agent.client.gui.awt.BasicFrameGUI
> at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
> at java.lang.Class.forName0(Native Method)
> at java.lang.Class.forName(Class.java:169)
> at com.adito.agent.client.Agent.(Agent.java:512)
> at com.adito.agent.client.Agent.initAgent(Agent.java:1619)
> at com.adito.agent.client.Agent.main(Agent.java:1426)/
>
> Any suggestions for these two issues? After this I can get you the
> information on the connection failure (to a 0.9.1 server).
>
> Thanks!
>
> ... Russell
>
>
> On Thu, Dec 10, 2009 03:12 PM,
> "[email protected]"  wrote:
>
> Oh, 0.9.1 server _should: work just fine. I guess this is not the
> traffic redirection problem as I assume. Could you post the logs here?
>
> Samuli
> >
> > Hi Samuli,
> >
> >
> >
> > OK, sounds good. I'll update the Wiki, and change the repository for
>     > nanoxml.
> >
> >
> >
> > BTW, I stepped through Agent (in Netbeans), and it processes
> arguments
> > correctly, configures the Agent - but then fails on connect to the
> > server (even an existing 0.9.1 server). I'll leave this one to
> you, as
> > you suggest ... :-).
> >
> >
> >
> > Thanks,
> >
> > ... Russell
> >
> >
> >
> >
> >
> > On Thu, Dec 10, 2009 03:19 AM,
> > "[email protected] <mailto:[email protected]>"
> mailto:[email protected]>> wrote:
> >
> > Hi Russell,
> >
> > Regarding nanoxml you asked about earlier... if another maven2
> > repository has it, we should probably use it. I'm assuming the Agent
> > fails to "synchronize" with the server. This is because external
> Jetty
> > does not yet know how to handle non-webapp request (e.g. connections
> > from the Agent). Please add the Netbeans documentation to the Wiki -
> > I'll follow the instructions and fix any issues. The world is
> already
> > full of misinformation so there's no point in trying to maintain too
> > high quality standards ;).
> >
> > I have not yet received any reply from [email protected]
> <mailto:%[email protected]>
> > <%[email protected] <mailto:%[email protected]>>
> regarding
> > the problem in "nonembedded". I'll have to verify if the mail went
> > through and if it did, start digging myself.
> >
> > Samuli
> >
> >
> > > Hi guys,
> > >
> > >
> > >
> > > Unfortunately I didn't receive any responses, but I did fix my
> > issue -
> > > by upgrading to Netbeans 6.8 RC2 (i.e. the newest release). I
> > can now
> > > fully compile, and run the debugger on Agent for example. It
> fails,
> > > but that seems to be a code issue, not related to the IDE (i.e. it
> > > can't connect to my server).
> > >
> > >
> > >
> > > As you requested Samuli, I'll add some information to the Wiki
> about
> > > how to get Netbeans working, but before I do - can I write it
> up and
> > > have you two test it out, to make sure I didn't miss any steps
> (i.e.
> > > to avoid leading folks astray)?
> > >
> > >
> > >
> > > Now we just need to get the nonembedded branch working ...
> :-). Any
> > > news on that BTW?
> > >
> > >
> > >
> > > Thanks,
> > >
> > > ... Russell
> > >
> > >
> > >
> > >
> > >
> > > On Tue, Dec 8, 2009

Re: [Openvpn-als-devel] Netbeans Build of Embedded Branch

2009-12-14 Thread samuli.seppa...@gmail.com 
Hi Russell,

Thanks for the excellent HOWTO! I'll test your howto myself later this
week! I've your HOWTO here:

 
http://sourceforge.net/apps/trac/openvpn-als/wiki/developing_openvpn-als_with_netbeans

It is linked to from the "Getting started with... development" article:

 
http://sourceforge.net/apps/trac/openvpn-als/wiki/getting_started_with_openvpn-als_development

You should have the necessary permissions to edit the pages - just login
(see top of the wiki pages) and edit. The Trac wiki syntax is pretty
straightforward but thorough instructions are available here:

 http://trac.edgewall.org/wiki/WikiFormatting

I can't - for technical reasons - add you to the openvpn-als-devel
mailinglist. You need to it yourself from here:

 https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

All the best,

Samuli


> Hi Samuli,
>
>  
>
> To avoid spamming everyone, here are the instructions for getting
> Netbeans working. Can you add this to the Wiki? I’m not sure where you
> want it added in, so just please let me know where it is (so I can
> edit it further later, if I find new information). I guess also maybe
> you can add me to the Developers list … :-).
>
>  
>
> *Prerequisites for NetBeans Install:*
>
> -  Sun Java JDK
>
> -  Subversion
>
> -  Maven2 (sort of, more on this below under NetBeans Notes
> ... check this out before starting!)
>
>  
>
> *NetBeans Install:*
>
> -  download NetBeans (http://www.netbeans.com/), Java Version,
> Release 6.8 or newer.
>
> -  execute the install program (changing the .sh file to
> executable if you are doing this in Linux, and installing as root /
> administrative user)
>
>  
>
> *NetBeans Project:*
>
> -  start NetBeans, make sure the Java SE plug-in is enabled
> under Tools > Plugins (it should be by default, but enable it if needed)
>
> -  accept all updates (if any exist)
>
> -  get a copy of OpenVPN-ALS … using Team > Subversion >
> Checkout on the menu. You need to point the source to
> https://openvpn-als.svn.sourceforge.net/svnroot/openvpn-als, and
> select your desired branch / trunk (storing it locally wherever you want)
>
> -  once the checkout process has completed, let NetBeans
> import / open the Adito project
>
> -  given that the webapp tests do not currently run correctly,
> right click on the Adito project, and edit the Properties. Under
> Actions, for all planned build targets (Build project, Clean and Build
> project), “add maven.test.skip=true” in the Set Properties box. If you
> plan to build the webapp project (inside Adito) individually, make
> these same changes to this sub-project (double clicking on the webapp
> Module to open it first).
>
> -  you are now ready to build OpenVPN-ALS (Adito) in NetBeans!
>
>  
>
> *NetBeans Build:*
>
> -  to build the project simply right click on the project, and
> select the appropriate target (e.g. Build, or Clean and Build)
>
> -  inside the Adito project are the subprojects (click on the
> arrow to the left of Adito to see these, they are under Modules). You
> can open any one of them by double clicking on it, and then you can
> build, etc. this underlying subproject.
>
> -  once your build is working, you can debug / execute a
> project as desired … simply by opening the project or sub-project
> (e.g. agent) and running / debugging that project
>
>  
>
> *NetBeans Notes:*
>
> -  the embedded version of Maven2 inside NetBeans is somewhat
> limited, and as a result the build of Adito will fail (initially). To
> correct this, either Adito / OpenVPN-ALS needs to be changed, or you
> need to install a “full” version of Maven2. If you do this check that
> NetBeans has detected the installed Maven2 version (under Tools >
> Options > Miscellaneous > Maven, confirm that an external version of
> Maven2 is being used, not the embedded one)
>
> -  the Java Version of NetBeans includes SOAP and RESTful Web
> Services (just enable the Java Web and EE plugin)
>
>  
>
>
> Of course, yell if you have any questions!
>
>  
>
> Thanks,
>
> … Russell
>

--
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

[Openvpn-als-devel] Agent API meeting on Saturday, 20th December 2:30PM CET

2009-12-15 Thread samuli.seppa...@gmail.com 
Hi all,

The next Agent API meeting is held on the #adito IRC channel at
freenode.net next Saturday at 2:30PM CET. More information about Agent
API is available here:

http://sourceforge.net/apps/trac/openvpn-als/wiki/agent_api


Samuli

--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] Agent API meeting on Saturday, 20th December 2:30PM CET

2009-12-16 Thread samuli.seppa...@gmail.com 
Hi Mathias,

I took a look at SOAP yesterday and got a good idea how it functions. It
could definitely do the job but _is_ pretty complex and has
functionality we should not need (e.g. routing). However, it seems
pretty versatile and extending it from the Agent API to Agent<->Server
communication should be easy. For example, the Agent occasionally polls
the server for a list of active resources (e.g. tunnels). This kind of
responses should be easy to wrap into a SOAP message. One potential
problem with SOAP is that each endpoint has to be either a client (doing
queries) or a server (answering queries). Also, would need to add
authentication information into SOAP messages if we extend it's use to
Agent<->Server communication.

I have no personal preference over SOAP or REST. Mathias, do you think
could we easily extend REST into Agent<->Server communication, too?

Samuli

 





> Hi all,
>
>
>
> I'm more or less sure that we should use REST for the client API.
>
>
>
> It is based on HTTP and URIs which should be able to use by any client
>
> software and programming language. The only thing that we must decide is
>
> what the payload should look like. We could transfer any kind of data
>
> using
>
> REST, e.g. XML, JSON, plaintext, bytecode, etc.
>
>
>
> I think the two most usefull formats would be XML or JSON with a
>
> preference (by me) of XML.
>
>
>
> Then we would have the power of XML messages but a little less overload of
>
> the communication compared to SOAP.
>
>
>
> But that's only one of the many ways to go...
>
>
>
> Best regards,
>
>
>
> Matthias Jansen
>
>
>
>
>
> On Wed, 16 Dec 2009 09:51:18 +0200, "[email protected]"
>
>  wrote:
>
>   
>> Hi all,
>> 
>
>   
>
>   
>> The next Agent API meeting is held on the #adito IRC channel at
>> 
>
>   
>> freenode.net next Saturday at 2:30PM CET. More information about Agent
>> 
>
>   
>> API is available here:
>> 
>
>   
>
>   
>> http://sourceforge.net/apps/trac/openvpn-als/wiki/agent_api
>> 
>
>   
>
>   
>
>   
>> Samuli
>> 
>
>   
>
>   
>
> --
>
>   
>> This SF.Net email is sponsored by the Verizon Developer Community
>> 
>
>   
>> Take advantage of Verizon's best-in-class app development support
>> 
>
>   
>> A streamlined, 14 day to market process makes app distribution fast and
>> 
>
>   
>> easy
>> 
>
>   
>> Join now and get one step closer to millions of Verizon customers
>> 
>
>   
>> http://p.sf.net/sfu/verizon-dev2dev 
>> 
>
>   
>> ___
>> 
>
>   
>> Openvpn-als-devel mailing list
>> 
>
>   
>> [email protected]
>> 
>
>   
>> https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel
>> 
>
>
>
>   


--
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] Agent API meeting on Saturday, 20th December 2:30PM CET

2009-12-17 Thread samuli.seppa...@gmail.com 
Hi Sebastian,

We just had a chat with supermaz in the IRC regarding the Agent API. We
cancelled next Saturday's meeting (20th Dec) because Russell couldn't
attend and we got thing sorted out with supermaz. The time and date for
the next meeting is not yet set. Summary and full chatlog of our ad-hoc
discussion is available here:

 http://sourceforge.net/apps/trac/openvpn-als/wiki/agent_api

We decided to use REST (+XML) which is simpler and faster than SOAP and
does basically the same thing. It is also easy to debug as you can use a
web browser. Client support should not be a problem with REST, either.
This means the Agent will have a (small) webserver in it responding to
requests from (currently localhost) clients applications. These
applications can be, for example, GUI's. For example, you could (if you
wanted) have a web interface monitoring and controlling local Agent(s).
The idea is to extend usage of REST into Agent<->Server interaction
later on. Some aspects of this interaction could be replaced pretty
easily, e.g. the requests for update of resources (tunnels,
applications, webforwards, etc.) sent by the client to the server.

I'm not sure if REST supports routing like SOAP (intermediate nodes). If
that's proves to be a problem, we can add SOAP support later on. I think
we should try to keep the REST clearly separate from the core code, so
that it's optional rather than a requirement. With Agent<->Server
interaction we need to be more careful with our protocol support.
Perhaps SOAP is better for that, I don't know. Could you elaborate what
the "securenode" functionality did/does? Does usage of REST prevent that?

Anyways, you're most welcome to the Agent API team if you like. The best
way to participate is to hang around in the #adito IRC on freende.net or
send lots of mails to this list :). I assume you're in the CET timezone?

Samuli


> Hi all,
>
> sorry for my poor english,
>
> I've read the chatlog and think the agent go in the right direction ... the
> server ... i don't know
>
> first I think a pure swing gui would be perfect. why? sometimes i've only
> 56kbit/s and the 4MB swt shit (no support for new plattforms, e.g. vista-64
> or solaris on x86 - okay now it is suported, but take 3 or 4 month and need
> changes at "the code") takes 1-2 minutes for download an then the agent
> can't connect to the server (timeout). do it, please. 
>
> soap communication for the agent. It would be nice. The communication
> between server<->agent should use soap, too. I think soap is her the right,
> ?rest is more for crud-applications?. and agent as deamon. why not? I think
> the next step extent it to be a "securenode from sslexplorer enterprise" or
> use it on a gateway/router, which remote port enabled tunnels, in a
> "branch"-office.
>
> yes your are on the right way too life up openvpn-als to the next level ...
> sry can't not help you :( - I hope it change in a few month.
>
> sebastian
>
> On Thu, 17 Dec 2009 09:24:45 +0200, "[email protected]"
>  wrote:
>   
>> Hi Mathias,
>>
>> I took a look at SOAP yesterday and got a good idea how it functions. It
>> could definitely do the job but _is_ pretty complex and has
>> functionality we should not need (e.g. routing). However, it seems
>> pretty versatile and extending it from the Agent API to Agent<->Server
>> communication should be easy. For example, the Agent occasionally polls
>> the server for a list of active resources (e.g. tunnels). This kind of
>> responses should be easy to wrap into a SOAP message. One potential
>> problem with SOAP is that each endpoint has to be either a client (doing
>> queries) or a server (answering queries). Also, would need to add
>> authentication information into SOAP messages if we extend it's use to
>> Agent<->Server communication.
>>
>> I have no personal preference over SOAP or REST. Mathias, do you think
>> could we easily extend REST into Agent<->Server communication, too?
>>
>> Samuli
>>
>>  
>>
>>
>>
>>
>>
>> 
>>> Hi all,
>>>
>>>
>>>
>>> I'm more or less sure that we should use REST for the client API.
>>>
>>>
>>>
>>> It is based on HTTP and URIs which should be able to use by any client
>>>
>>> software and programming language. The only thing that we must decide is
>>>
>>> what the payload should look like. We could transfer any kind of data
>>>
>>> using
>>>
>>> REST, e.g. XML, JSON, plaintext, bytecode, etc.
>>>
>>>
>>&

Re: [Openvpn-als-devel] Openvpn als network place error

2009-12-25 Thread samuli.seppa...@gmail.com 
Hi Julian,

The error message is a little strange. The "com.adito.vfs.webdav" is an
external (non-3sp) WebDAV servlet integrated into SSL-Explorer. I assume
it was used in the proprietary Drive mapping extension to provide glue
between networkplaces accessed using Apache Commons VFS, SSL-Explorer
server, SSL-Explorer Agent and the client-side CIFS server which
provided the actual "Drive mapping" functionality. In any case the
"Drive mapping" functionality was achieved through a number of
components and was _very_ complex. I don't think the WebDAV servlet has
any without it, but may still cause problems (like now).

Anyways, here's the place where the error is triggered:

/*
 * If we wern't expecting authentication, but we got it
anyway, the
 * client probably doesn't support cookies.
 */
AuthenticationScheme authScheme =
(DefaultAuthenticationScheme)  
req.getSession().getAttribute(Constants.AUTH_SESSION);
if (authScheme != null) {
throw new IOException("Not expecting a realm, yet an
authentication session is available. This is unexpected!");
}

Does your client have cookies enabled?


Samuli


> Hi all,
>  
> Recently I created a network place resource pointing to a samba share
> on my adito server. When I tried downloading from the resource, I got
> a the following message.
>  
> --
> 500 - Internal Server Error 
> The server has encountered an unexpected condition and cannot complete
> this request. Contact your administrator or check the logs for more
> information,
>
> --
>  
> I saw this from my adito.log
>  
> ERROR DAVServlet - Network Places Request Failed: /cifs/samba share
> java.io.IOException: Not expecting a realm, yet an authentication
> session is available. This is unexpected!
> at
> com.adito.vfs.webdav.DAVTransaction.authorize(DAVTransaction.java:267)
> at
> com.adito.vfs.webdav.DAVTransaction.attemptToAuthorize(DAVTransaction.java:201)
> at com.adito.vfs.webdav.DAVServlet.service(DAVServlet.java:228)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:426)
> at
> org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:474)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:555)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1562)
> at
> org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:622)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1514)
> at org.mortbay.http.HttpServer.service(HttpServer.java:955)
> at
> org.mortbay.http.HttpConnection.service(HttpConnection.java:813)
> at
> org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:980)
> at org.mortbay.http.HttpConnection.handle(HttpConnection.java:830)
> at
> org.mortbay.http.SocketListener.handleConnection(SocketListener.java:243)
> at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:356)
> at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:533)
>  
> The strange thing is like I can still upload a file and create a new
> folder in that resource. Does anyone knows what might be the cause of
> this error?
>  
> Regards,
>  
> Julian Kam
> Julian Kam Chee Jie
> IT Operations Engineer
> Tel: +65 6720 0413   Fax: +65 6720 0421   Cell: +65 9646 2595  
> Cell(US): 1-415-738-2997 
> skype: juliankam84
>  
>  
> muvee.com 
>   
> *www.muvee.com * - create memories from photos
> and video
> muvee Technologies
> 133 Middle Road, Level 3, BOC Plaza, Singapore 188974
> Singapore   San Francisco   New York   Tokyo   Seoul
> All information in this message should be treated as confidential
> unless otherwise stated.
> For important electronic communications disclaimer, please visit
> http://www.muvee.com/en/privacy
> .
>
>  
> 
>
> --
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> 
>
> ___
> Openvpn-als-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel
>   


--
This SF.Net email is sponsored by the Verizon Developer Co

Re: [Openvpn-als-devel] Openvpn als network place error

2010-01-05 Thread samuli.seppa...@gmail.com 
Hi Julian,

I'm sure we've discussed this earlier, but are you using SVN version or
0.9.1? There are problems with CIFS support in SVN version which might
cause this. Also, which CIFS/SMB server are you using?

Samuli
> Hi Samuli,
>
> The clients I used are cookies enabled. I have tried it on various
> browsers such as firefox , IE and chrome but unfortunately the outcomes
> are the same.
>
> Regards,
> Julian
>  
>
> -Original Message-
> From: [email protected] [mailto:[email protected]] 
> Sent: Friday, December 25, 2009 7:47 PM
> To: [email protected]
> Subject: Re: [Openvpn-als-devel] Openvpn als network place error
>
> Hi Julian,
>
> The error message is a little strange. The "com.adito.vfs.webdav" is an
> external (non-3sp) WebDAV servlet integrated into SSL-Explorer. I assume
> it was used in the proprietary Drive mapping extension to provide glue
> between networkplaces accessed using Apache Commons VFS, SSL-Explorer
> server, SSL-Explorer Agent and the client-side CIFS server which
> provided the actual "Drive mapping" functionality. In any case the
> "Drive mapping" functionality was achieved through a number of
> components and was _very_ complex. I don't think the WebDAV servlet has
> any without it, but may still cause problems (like now).
>
> Anyways, here's the place where the error is triggered:
>
> /*
>  * If we wern't expecting authentication, but we got it
> anyway, the
>  * client probably doesn't support cookies.
>  */
> AuthenticationScheme authScheme =
> (DefaultAuthenticationScheme)  
> req.getSession().getAttribute(Constants.AUTH_SESSION);
> if (authScheme != null) {
> throw new IOException("Not expecting a realm, yet an
> authentication session is available. This is unexpected!");
> }
>
> Does your client have cookies enabled?
>
>
> Samuli
>
>
>   
>> Hi all,
>>  
>> Recently I created a network place resource pointing to a samba share 
>> on my adito server. When I tried downloading from the resource, I got 
>> a the following message.
>>  
>> --
>> 500 - Internal Server Error
>> The server has encountered an unexpected condition and cannot complete
>> 
>
>   
>> this request. Contact your administrator or check the logs for more 
>> information,
>>
>> --
>>  
>> I saw this from my adito.log
>>  
>> ERROR DAVServlet - Network Places Request Failed: /cifs/samba share
>> java.io.IOException: Not expecting a realm, yet an authentication 
>> session is available. This is unexpected!
>> at
>> com.adito.vfs.webdav.DAVTransaction.authorize(DAVTransaction.java:267)
>> at
>>
>> 
> com.adito.vfs.webdav.DAVTransaction.attemptToAuthorize(DAVTransaction.ja
> va:201)
>   
>> at
>> 
> com.adito.vfs.webdav.DAVServlet.service(DAVServlet.java:228)
>   
>> at
>> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:426)
>> at
>>
>> 
> org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationH
> andler.java:474)
>   
>> at
>>
>> 
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:555)
>   
>> at org.mortbay.http.HttpContext.handle(HttpContext.java:1562)
>> at
>>
>> 
> org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationCon
> text.java:622)
>   
>> at org.mortbay.http.HttpContext.handle(HttpContext.java:1514)
>> at org.mortbay.http.HttpServer.service(HttpServer.java:955)
>> at
>> org.mortbay.http.HttpConnection.service(HttpConnection.java:813)
>> at
>> org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:980)
>> at
>> 
> org.mortbay.http.HttpConnection.handle(HttpConnection.java:830)
>   
>> at
>>
>> 
> org.mortbay.http.SocketListener.handleConnection(SocketListener.java:243
> )
>   
>> at
>> 
> org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:356)
>   
>> at 
>> org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:533)
>>  
>> The strange thing is like I can still upload a file and create a new 
>> folder in that resource. Does anyone knows what might be the cause of 
>> this error?
>>  
>&g

Re: [Openvpn-als-devel] Openvpn als network place error

2010-01-08 Thread samuli.seppa...@gmail.com 
Hi Julian,

All major browsers should have at least first-party cookies enabled by
default. I suggest verifying if a browser plugin/extension is blocking
the cookies (e.g. CookieSafe for Firefox). If not, check the browser's
documentation. It's also possible that Apache Commons VFS which provides
the "networkplaces" functionality in Adito 0.9.1 does not work properly
with newer CIFS/SMB servers. I think that's unlikely, though. You can of
course try changing SMB server settings to see if that helps.

Samuli



> Hi Samuli,
>
> How can I check whether my client (agent) is cookies enabled? I'm using
> 0.9.1 currently. My samba server is using v3.0.22. I tried reinstall
> adito but the problem still remains.
>
> Regards,
> Julian
>
> -Original Message-
> From: [email protected] [mailto:[email protected]] 
> Sent: Wednesday, January 06, 2010 2:56 PM
> To: [email protected]
> Subject: Re: [Openvpn-als-devel] Openvpn als network place error
>
> Hi Julian,
>
> I'm sure we've discussed this earlier, but are you using SVN version or
> 0.9.1? There are problems with CIFS support in SVN version which might
> cause this. Also, which CIFS/SMB server are you using?
>
> Samuli
>   
>> Hi Samuli,
>>
>> The clients I used are cookies enabled. I have tried it on various 
>> browsers such as firefox , IE and chrome but unfortunately the 
>> outcomes are the same.
>>
>> Regards,
>> Julian
>>  
>>
>> -Original Message-
>> From: [email protected] [mailto:[email protected]]
>> Sent: Friday, December 25, 2009 7:47 PM
>> To: [email protected]
>> Subject: Re: [Openvpn-als-devel] Openvpn als network place error
>>
>> Hi Julian,
>>
>> The error message is a little strange. The "com.adito.vfs.webdav" is 
>> an external (non-3sp) WebDAV servlet integrated into SSL-Explorer. I 
>> assume it was used in the proprietary Drive mapping extension to 
>> provide glue between networkplaces accessed using Apache Commons VFS, 
>> SSL-Explorer server, SSL-Explorer Agent and the client-side CIFS 
>> server which provided the actual "Drive mapping" functionality. In any
>> 
>
>   
>> case the "Drive mapping" functionality was achieved through a number 
>> of components and was _very_ complex. I don't think the WebDAV servlet
>> 
>
>   
>> has any without it, but may still cause problems (like now).
>>
>> Anyways, here's the place where the error is triggered:
>>
>> /*
>>  * If we wern't expecting authentication, but we got it 
>> anyway, the
>>  * client probably doesn't support cookies.
>>  */
>> AuthenticationScheme authScheme =
>> (DefaultAuthenticationScheme)  
>> req.getSession().getAttribute(Constants.AUTH_SESSION);
>> if (authScheme != null) {
>> throw new IOException("Not expecting a realm, yet an 
>> authentication session is available. This is unexpected!");
>> }
>>
>> Does your client have cookies enabled?
>>
>>
>> Samuli
>>
>>
>>   
>> 
>>> Hi all,
>>>  
>>> Recently I created a network place resource pointing to a samba share
>>>   
>
>   
>>> on my adito server. When I tried downloading from the resource, I got
>>>   
>
>   
>>> a the following message.
>>>  
>>> --
>>> 500 - Internal Server Error
>>> The server has encountered an unexpected condition and cannot 
>>> complete
>>> 
>>>   
>>   
>> 
>>> this request. Contact your administrator or check the logs for more 
>>> information,
>>>
>>> --
>>>  
>>> I saw this from my adito.log
>>>  
>>> ERROR DAVServlet - Network Places Request Failed: /cifs/samba share
>>> java.io.IOException: Not expecting a realm, yet an authentication 
>>> session is available. This is unexpected!
>>> at
>>>
>>>   
> com.adito.vfs.webdav.DAVTransaction.authorize(DAVTransaction.java:267)
>   
>>> at
>>>
>>> 
>>>   
>> com.adito.vfs.webdav.DAVTransaction.attemptToAuthorize(DAVTransaction.
>> ja
>> va:201)
>>   
>> 
>>> at
>>>

Re: [Openvpn-als-devel] OpenVPN-ALS French Translation

2010-01-31 Thread samuli.seppa...@gmail.com 
Hi Nicolas,

Great work! I think you should put the whole OmegaT work directory to
trunk/adito-language/src/fr-FR. This will make it easier for others to
continue work on it, should they want to. You can put the language zip
file to trunk/adito-language. Also feel free to remove the old src/fr-FR
directory.

Thanks,

Samuli

> Hi all,
>
> Just to let you know that I rewrote the french translation of OpenVPN-
> ALS based on the tmx file from Pygram.
> I have now 1828 strings translated of 3297, mostly user oriented. It's 
> not perfect, as this is very hard to find the context of a string, but 
> it's very usable for a standard user.
>
> I have generated an adito-language-fr-FR-22082008.zip file based on the 
> build.xml in adito-language.
>
> I rewrote a lot of strings as the tmx file was incomplete. Should I 
> upload my work to the SVN? If so, should I upload the whole OmegaT 
> project to the SVN?
>
> If somebody want to test it, let me know...
>
> Kind regards,
>
> Nicolas
>
> --
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> ___
> Openvpn-als-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel
>   


--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] using certificates with openvpn-als

2010-02-04 Thread samuli.seppa...@gmail.com 

> Hello everybody,
>
> Jelle de Jong wrote, on 03-02-10 18:09:
>   
>> How can I import my certificiation keys or make the key validation by
>> java work?
>> 
>
> I found a way to get my certificates working, by making a pkcs12
> package from my certificates and shutdown openvpn-als and rerun the
> the ant install command, from there I choice to import the pkcs12
> package and setup openvpn-als as usual.
>
> I used the following command to generate my pkcs12 package:
> openssl pkcs12 -export -in example.crt -inkey example.key -certfile
> caroot.crt -name "example" -out example.p12
>
> I also have a few other questions:
>
> 1) I installed the used "ant install-agent" to setup the agent, but
> how can I remove/de-install the agent?
>
> 2) I want to monitor the commit email list for security updates and
> update my openvpn-als installation, with a new version of the svn
> checkout. What files should I backup and place back to make it
> possible to restore the configurations?
>
> Thanks in advance,
>  
> Kind regards,
>
> Jelle de Jong
>   

Hi Jelle,

You can simply remove the agent's zip package from
trunk/adito/conf/repository/archives and then rebuild and reinstall the
Agent. If you want to upgrade the application, I suggest backing your
the data up, doing a clean install and moving the data back in. The
process is described here:

http://sourceforge.net/apps/trac/openvpn-als/wiki/migrating_data_to_another_openvpn-als_install

Hope this helps,

Samuli

--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] using certificates with openvpn-als

2010-02-07 Thread samuli.seppa...@gmail.com 

> [email protected] wrote, on 04-02-10 09:55:
>   
>> You can simply remove the agent's zip package from
>> trunk/adito/conf/repository/archives and then rebuild and reinstall the
>> Agent.
>> 
>
> I assume this is an answer to the question how I can de-install the
> agent when i did an ant install-agent.
>
> So I did the bellow, but after this the icons to the agent were still
> in the web interfaces, and all my proxy web forwarding where gone... I
> had to place back the adito-agent.zip to get it working again.
>
> /etc/init.d/adito stop
> mv --verbose
> /opt/openvpn-als/adito/conf/repository/archives/adito-agent.zip /root/
> ls -hal /opt/openvpn-als/adito/conf/repository/archives/
> /etc/init.d/adito start
> tail -n 500 /opt/openvpn-als/adito/logs/adito.log -f
>
> I know I can do a complete re installation without executing the "ant
> install-agent" but I hope there is better way to remove the agent?
>   
Strange, I assumed removing the zip would be enough. You could try
removing the Agent using the "Extension Manager" in the Administration
interface. It will probably complain about other extensions (namely
tunnels, applications, webforwards) which need the Agent, but you can
safely ignore the warnings.

Let me know how it goes,

Samuli

--
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] using certificates with openvpn-als

2010-02-10 Thread samuli.seppa...@gmail.com 

> Hi Samuli,
>
> [email protected] wrote, on 08-02-10 08:02:
>   
>> Strange, I assumed removing the zip would be enough. You could try
>> removing the Agent using the "Extension Manager" in the Administration
>> interface. It will probably complain about other extensions (namely
>> tunnels, applications, webforwards) which need the Agent, but you can
>> safely ignore the warnings.
>> 
>
> I did a new installation of openvpn-als on a production server, and
> first did not execute the ant install-agent command to be sure I did
> not have any leftovers of the agent. However it seems without the
> install agent there are no web forwarding's available in openvpn-als.
>
> After I installed the agent and the web forwardings became available.
>
> I would like openvpn-als to be able to be used without the Java agent
> for the end users, and also remove the icon references to the aaent on
> the default top bar. Should I create a bug/feature request for this?
>   
You could remove the reference to the agent icon from the top panel to
make it go away. I'm not exactly sure where it's located. I'm guessing
it somewhere in adito/webapp. There's some information in our Wiki which
might help:

 
http://sourceforge.net/apps/trac/openvpn-als/wiki/Hacking%20the%20default%20theme

You should be able to use webforwards without having the Agent
installed. Just edit the extension.xml in
"adito/conf/repository/archives/adito-community-web-forwards.zip". By
default the extension.xml has a line like this:

http://localhost"; order="400"
depends="adito-community-tunnels,adito-agent">

and you want it to look like this

http://localhost"; order="400">

or this

http://localhost"; order="400" depends="">

depending on which one works. Let us know if this hack works or not.

Samuli

--
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

[Openvpn-als-devel] Future of Adito/OpenVPN ALS

2010-04-07 Thread samuli.seppa...@gmail.com 
(I've initiated this discussion simultaneously on both mailinglists and
on the "Open Discussion" forum)

Hi all,

As you may have noticed, ALS has not been developed actively since last
summer / early autumn:

* http://sourceforge.net/apps/trac/openvpn-als/wiki/scrum_chatlogs
* http://dir.gmane.org/gmane.network.openvpn.als.devel

In addition, the lack of maintenance development since the fork (in May
2008) means some parts of the code are falling apart already due to
changes in Adito/ALS operating environment (the UNIX auth module, CIFS
support in networkplaces...). Also, there are at least two known
security vulnerabilities and expecting a fix would be unrealistic:

* 
* 

I had hoped that OpenVPN Technologies Inc. - my current employer, btw -
would have allocated development resources into the project. However,
after having long discussions with James (CTO) and Francis (CEO) we
decided not to support OpenVPN ALS. Just for the record I fully agree
with them on this. The rationale behind our decision boils down to this:

* We already have a similar product, OpenVPN Access Server, which
   - serves 90% of the same needs as ALS
   - we know very well (as we wrote it)
   - does not require hiring JavaEE developers
* We only need the reverse proxy / replacement proxy capabilities of
ALS, for which there other more lightweight solutions
* We do not wish to support) ALS as a separate product alongside Access
Server

There are many generic problems with monetizing on OpenVPN ALS - the
biggest problem being the GPLv2 license coupled with the lack of full
copyright to the whole codebase. This prevents 3sp-style proprietary
add-ons without going against the spirit of the license, e.g by trying
to circumvent the GPLv2 limitations in "NVIDIA style". I can't think of
any other commercial business model that would work for this particular
project. I don't think there has been any significant demand for
commercial support services, even though they've been available for a
long time now:

*


To make things worse, the project is ill-suited for a community-driven
project. There are quite a few reasons for this:

* There's very little high-level documentation available
* Codebase is very large and the components are tightly integrated,
meaning that
  - nobody really knows the codebase inside out well enough to help new
developers
  - the barrier to entry for new developers is _very_ high
  - application maintenance is very costly
* The application is built on a semi-obsolete JavaEE framework (Struts
Classic), which means that
  - big parts would have to be rewritten soonish, probably in a couple
of years
  - the code is very difficult to understand unless you know Struts
Classic conventions
* The scope of the application is very narrow which means that
   - it can't be used as a building block for other projects (which
would increase development effort)
   - the userbase (=number of potential contributors/developers) is
pretty small

Earlier I tried to organize s.c. "Joint commercial development" without
any success:

*


The problem is that the companies that have SSL-Explorer/Adito/OpenVPN
ALS customers seem to be small and either don't have JavaEE programmers
on the payroll or can't allocate them to the project even part-time.
This prevents any developers ever reaching a level of skill which would
enable them to develop ALS itself, rather than just extensions. I have
to assume that the lack of skills in community-driven OSS development
also plays a part in this, so even if there are competent developers out
there, they do not participate in the project.

Now, what can we do? Personally I can only see three ways forward for
the project:

1) Discontinue the project and let it die slowly
2) Get a single entity to create a commercial version and give them our
full support
3) Get a single entity to support the community version, but gather
funding from the users

Currently we're clearly heading towards 1). Option 2) would probably
require circumventing the GPLv2 license and proprietary add-ons to make
commercial sense. I don't know of any company interested in that option,
either.

I think 3) is least unrealistic, but would be very difficult to organize
and manage. It's also quite difficult to make people pay for something
they get for free - it's much easier to just have a nice ride and jump
off when boat starts sinking. From Extension Store statistics I know
that there are ~1700 Adito/ALS installations out there. However, I
assume many/most of those are used by private persons who are unlikely
to fund the project. Companies and other organizations might, if
contributing is easy enough. I personally don't want to take
responsibility for organizi

Re: [Openvpn-als-devel] [Openvpn-als-user] Future of Adito/OpenVPN ALS

2010-04-08 Thread samuli.seppa...@gmail.com 
>> As you may have noticed, ALS has not been developed actively since last
>> summer. So what do _you_ think we should do with our project?
> 
> First let me thank you for the excellent mail. The status of the
> project is important to me. I am also sorry to hear the project is
> currently dying slowly. The thing I can do for the project is a small
> donations around 100 Euro for either migration support or continuation
>  of the development.

Thanks for you mail, Jelle! We'll have to wait and see if others are
willing to shell out some cash to support the project.

I think the core problem with ALS is that it was originally (as
SSL-Explorer) developed as a _product_, not as a OSS project. Many of
the design decisions in SSL-Explorer reflect this; unfortunately what
makes sense for a company-led project does not necessarily make sense
for a community-driven project. A few examples:

- integrating everything into big, complex blob (Jetty, HSQLDB, webapp,
  agent, webdav servlet, etc.)
- adding many (unnecessary) layers of complexity (dynamic extension
  system, extension store, etc.)
- lack of (public) developer documentation

The most successful community-driven projects are relatively small and
simple (which makes barrier to entry low) and pretty general purpose
(which allows for a large user/developer base).

> As a customer/user of OpenVPN-ALS I have the following needs; I need a
> reverse proxy solution that can use Microsoft Active Directory for
> authorisation with the access controls features available in OpenVPN-ALS.
> 
> I can also make my needs more basic, security is king and
> maintainability and sustainability is second. (OpenVPN-ALS currenlty
> has issues on this)
> 
> I have several Intranet websites, (wiki's, e-hours, device interfaces,
> medical portals etcetera) that needs to become available trough one
> singe portal system that can handle individual access controls.
> Currently OpenVPN-ALS provides this.
>
> I would be said if OpenVPN-ALS discontinues, but I would really like
> to be supported in a functional migration to an other solution. A
> _migration_ how to for Squid or Pound as the "webforwarding"
> replacement for OpenVPN-ALS would be appreciated!

I would not say OpenVPN ALS gets discountinued - slowly fading away
would be more proper way to put it. There is simply not enough interest
and/or resources for developing it in purely community-driven fashion.

I discussed the relative merits of application-layer and data link /
network-layer SSL VPN's with James (CEO of OpenVPN) a while back. We
concluded that the main advantage of an application-layer SSL VPN (such
as ALS) is that it does not require a separate client installation
(besides a web browser). Pretty much everything can be easily
accomplished with a data link/network-layer SSL VPN such as OpenVPN:



For example, you can easily limit which user (=IP) has access to which
servers (=IP). The application itself needs to take care of access
control and authorization. Many things such as drive mapping can be
taken for granted when VPN operates on data link layer, whereas they are
_very_ complex when operating on application layer, see



In some environments OpenVPN (=the original one) may be somewhat
difficult to configure properly. In most cases, however, it's at least
as fast to setup as ALS. I managed to set up a simple VPN in ~6 hours
with no prior experience. OpenVPN's user and developer communities are
_very_ active and helpful in case you get stuck.

I think writing migration guides (e.g. to OpenVPN (AS), Squid, Pound)
would make sense. This is where our Wiki comes handy:



> Also remember that users can have large investment in excising
> OpenVPN-ALS in both time as money. I know of installations that have
> very expensive SSL certs for OpenVPN-ALS, lot of man hours to
> configure OpenVPN-ALS with for example user access controls and
> webforwardings, and all the time for the project management politics.
> (this can sum op to more then two full months of work)

True. However, there's nothing I can do about this. I don't have the
skills, time or interest to maintain the project myself and
unfortunately the community-driven development model does not seem to
work for ALS (for reasons stated above).

Samuli

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] [Openvpn-als-user] Future of Adito/OpenVPN ALS

2010-04-09 Thread samuli.seppa...@gmail.com 
Hi Arne,

Yes, the client/driver installation on OpenVPN is tedious. I agree that
 this is the strong point in web-based offerings such as ALS. Perhaps a
 good overall solution would be to combine a simple web-based reverse
proxy / replacement proxy service with full network-layer solution such
as OpenVPN. There are quite a few reverse proxy solutions around:

<http://nginx.org/en>
<http://wiki.squid-cache.org/SquidFaq/ReverseProxy>
<http://www.apsis.ch/pound>

I don't know if they can be used to replace ALS' reverse proxy
functionality completely, though.

I feel the core problem with ALS' codebase (for us) is that instead of
integrating existing OSS components 3sp reinvented the wheel on many
occasions. This means we were left with a big, complex, tightly
integrated and hard to understand codebase which can't be easily used by
other projects (which would get external developers interested).

An entirely separate approach is beneficial for community-driven
projects. For example, Linux distributions such as Debian are extremely
complex. However, instead reinventing the wheel (=applications) Debian
developers just integrate stuff together, thus limiting the effects of
complexity. Most of the maintenance overhead is taken care of by
external developers, not by Debian project itself. Similar approaches
can be used for commercial OSS applications, but 3sp did not go that
route - probably for reasons that made sense for them.

> I don't have much to add to the discussion but I just wanted to make one
> point of why a web-based SSL VPN is useful. In my experience OpenVPN is
> easy to setup and works pretty well. My main problem is the
> administrative overhead when trying to distribute logons for all the
> users. Having 500+ (new comming in all the time) mobile users and then
> distributing them is such a mess. A web based solution that integrates
> with RADIUS or Active Directory is so much easier and also easier for
> the end-user. 
> 
> That being said, I think it's sad that the project is fading away.
> Commercial alternatives are so expensive. Like $100-200 per user. Sadly
> our economic situation is not so good that we can afford to support this
> project, then it would just be cheaper to go commercial. I think a
> project of this magnitude needs at least $150 000 to get started again
> and attract new developers.
> 
> 2010/4/8 [email protected] <mailto:[email protected]>
> mailto:[email protected]>>
> 
> >> As you may have noticed, ALS has not been developed actively
> since last
> >> summer. So what do _you_ think we should do with our project?
> >
> > First let me thank you for the excellent mail. The status of the
> > project is important to me. I am also sorry to hear the project is
> > currently dying slowly. The thing I can do for the project is a small
> > donations around 100 Euro for either migration support or continuation
> >  of the development.
> 
> 
> In some environments OpenVPN (=the original one) may be somewhat
> difficult to configure properly. In most cases, however, it's at least
> as fast to setup as ALS. I managed to set up a simple VPN in ~6 hours
> with no prior experience. OpenVPN's user and developer communities are
> _very_ active and helpful in case you get stuck.
> 
> I think writing migration guides (e.g. to OpenVPN (AS), Squid, Pound)
> would make sense. This is where our Wiki comes handy:
> 
> <http://sourceforge.net/apps/trac/openvpn-als/wiki>
> 
> > Also remember that users can have large investment in excising
> > OpenVPN-ALS in both time as money. I know of installations that have
> > very expensive SSL certs for OpenVPN-ALS, lot of man hours to
> > configure OpenVPN-ALS with for example user access controls and
> > webforwardings, and all the time for the project management politics.
> > (this can sum op to more then two full months of work)
> 
> True. However, there's nothing I can do about this. I don't have the
> skills, time or interest to maintain the project myself and
> unfortunately the community-driven development model does not seem to
> work for ALS (for reasons stated above).
> 
> Samuli
> 
> 
> --
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high m

Re: [Openvpn-als-devel] [Openvpn-als-user] Future of Adito/OpenVPN ALS

2010-04-09 Thread samuli.seppa...@gmail.com 
Interesting post, kontro! So we have several alternatives. If the
project goes down the drain (as it seems to), I think as a last effort
we should document the alternatives which current Adito/ALS users have.

Anyways, perhaps 3sp did the right thing when they sold themselves to
Barracuda Networks - they can now relax and concentrate on milking money
from their customers ;). Somehow I have a feeling they won't be
aggressively developing the SSL-Explorer codebase now that it's as
closed as it can be.

I don't think 3sp benefited much from SSL-Explorer being OSS, besides
good publicity and easier marketing. Also, the code that Adito / ALS
community has provided (LDAP, RADIUS, clientcert and pam auth) would
have just sabotaged 3sp' "Enterprise" sales.

> Good mail from Samuli. I were interrested about contributing adito some
> time ago. But when I dig deeper into source I did find same problems.
> 
> Most discouraging experience were when I was studying Erlang programming
> language same time with Adito and found out how easily same problems
> could be solved with Erlang.
> 
> Actually I think that Nortel built their own similar solution top of Erlang 
> OS web server called YAWS (http://yaws.hyber.org/contribs.yaws). 
> YAWS has ssl support, integrated json support and 
> Linux-PAM authentication - so it supports any authentication Linux supports.
>
> I did check out YAWS source code and found out that turning it to
> Adito replacement would be quite simple (at least when comparing to JEE
> solution). Actually there is already yaws_revproxy.erl module in 
> YAWS git tree. As usual nice gui would be the biggest job. Agent of course
> needs to stay JAVA.
> 
> So I am happy about Samuli's new job and agree with his opinnions, but
> maybe questioning Arne's view about 'project magnitude' :)
> 
> (Not that I am going to start such Erlang project, just being smart ass and
> sharing my findings.)
> 
> -kontro-
> 
> --
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> ___
> Openvpn-als-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel


--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] [Openvpn-als-user] Future of Adito/OpenVPN ALS

2010-04-09 Thread samuli.seppa...@gmail.com 
Hi Russell,

Simple SSL tunnels using the Agent are really useful and much more
user-friendly than use of SSH + port forwarding. In fact, I read and
documented (see javadocs in "nonembedded") the client part of the Agent
pretty thoroughly a few months ago. It was pretty nice code with
separate threads for heartbeat and similar. From what I learned it
should be possible to write a replacement for the server component.
There did not seem to be anything Java-specific (e.g. RMI, object
streaming) in the client-side Agent implementation, so  the server part
could be written in any language. That said it might be just as easy to
start from scratch, perhaps borrowing some ideas from the Agent.

So there are several alternatives and lots of building blocks that could
be used in a community-driven ALS replacement. If the amount of code is
kept to the minimum by reusing existing components, the replacement
might even be sustainable as a community-driven project. Something that
would combine network-layer connetivity (e.g. OpenVPN), a reverse proxy
and application-level tunneling would be pretty neat indeed.

Samuli

> Hi,
> 
>  
> 
> I agree with many of the comments posted so far, and in particular the
> note from Sammuli about the barrier to entry with the current SW - I
> tried to help fix some bugs, but it really is hard to find a way through
> the current code ... :-(. I forsee this going downhill unfortunately,
> but I do see a few advantages to OpenVPN-ALS also ...
> 
>  
> 
> - configuration: for basic usage, setting up port forwarding for a few
> ports is easier than the network configuration that has to be done with
> OpenVPN
> 
> - distro compatibility: I am running SuSE (for HW compatibiltiy reasons,
> no other distro would install on my old HW) ... but OpenVPN Access
> Server is not available on this platform (however OpenVPN-ALS runs on
> basically any platform).
> 
> - VPN-over-VPN: I am unable to get OpenVPN working over top of a (Cisco)
> VPN link, but OpenVPN-ALS works just fine (because it provides local
> port access).
> 
>  
> 
> So it is too bad to see OpenVPN-ALS go this way - it definitely has some
> advantages (for me, and I'm sure other users).
> 
>  
> 
> Thanks!
> 
>  
> 
>  
> 
> 
> 
> On Thu, Apr 8, 2010 07:11 AM, [email protected] wrote:
> 
> On Thu, Apr 08, 2010 at 12:23:03PM +0200, Arne Morten Johansen wrote:
> > That being said, I think it's sad that the project is fading away.
> > Commercial alternatives are so expensive. Like $100-200 per user.
> Sadly our
> > economic situation is not so good that we can afford to support this
> > project, then it would just be cheaper to go commercial. I think a
> project
> > of this magnitude needs at least $150 000 to get started again and
> attract
> > new developers.
> 
> Good mail from Samuli. I were interrested about contributing adito some
> time ago. But when I dig deeper into source I did find same problems.
> 
> Most discouraging experience were when I was studying Erlang programming
> language same time with Adito and found out how easily same problems
> could be solved with Erlang.
> 
> Actually I think that Nortel built their own similar solution top of
> Erlang
> OS web server called YAWS (http://yaws.hyber.org/contribs.yaws
> 
> ).
> 
> YAWS has ssl support, integrated json support and
> Linux-PAM authentication - so it supports any authentication Linux
> supports.
> 
> I did check out YAWS source code and found out that turning it to
> Adito replacement would be quite simple (at least when comparing to JEE
> solution). Actually there is already yaws_revproxy.erl module in
> YAWS git tree. As usual nice gui would be the biggest job. Agent of
> course
> needs to stay JAVA.
> 
> So I am happy about Samuli's new job and agree with his opinnions, but
> maybe questioning Arne's view about 'project magnitude' :)
> 
> (Not that I am going to start such Erlang project, just being smart
> ass and
> sharing my findings.)
> 
> -kontro-
> 
> 
> --
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> 
> 
> ___
> Openvpn-als-devel mailing list
> [email protected]
> 
> https://lists.so

Re: [Openvpn-als-devel] [Openvpn-als-user] Future of Adito/OpenVPN ALS

2010-04-14 Thread samuli.seppa...@gmail.com 
> On 04/12/10 10:41, Andrew Schulman wrote:
>> Thanks very much for this discussion, Samuli.
>>
>>
>>> I discussed the relative merits of application-layer and data link /
>>> network-layer SSL VPN's with James (CEO of OpenVPN) a while back. We
>>> concluded that the main advantage of an application-layer SSL VPN (such
>>> as ALS) is that it does not require a separate client installation
>>> (besides a web browser).
>>>  
>> This is indeed, for our site, a key advantage.  I and several of my users 
>> work
>> on locked-down systems at work, where we don't have privileges to install
>> software, nevermind to install and configure (virtual) network interfaces.  
>> But
>> we are able to browse HTTPS sites and run Java applets within our browsers, 
>> and
>> this allows us to get complete connectivity through ALS.  For us, that's 
>> where
>> the value is.
>>
>> Andrew.
>>
>>
>>
> Hi,
> 
> First, thank you Samuli, for all that work you have done to manage 
> Adito/ALS and keep it as a free project.
> 
> Same for us : The value in Adito/ALS stays in its "client free" 
> solution. The signed pre-configured java applet is the main reason why 
> int the past we chose sslExplorer and migrated to Adito/ALS.
> 
> Jacques Landru

Thanks for your comments, guys! Running the Adito/ALS project has been
fun and _very_ educational.

Now we'd need somebody to start work on a similar project done with an
eye for the community-driven development model. Probably the only part
of Adito/ALS that could be reused is the Agent - either client part
(incl. the applet) or both client and server parts. The second option
would provide SSL-tunneling and would be simple enough to maintain as an
OSS project. Also, it would not be tied to the obsolete Struts Classic
framework as it operates outside the scope of the webapp. However, even
separating the Agent would be a lot of work due to tight integration of
all components in ALS.

Samuli


--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] [openvpn-als - Open Discussion] Future of Adito/OpenVPN ALS

2010-04-14 Thread samuli.seppa...@gmail.com 
> (sorry for this post is not in tread as I just subscribed to this list)
> Date: 2010-04-09 12:15:34 GMT  Samuli wrote:
> 
>> Interesting post, kontro! So we have several alternatives. If the
>> project goes down the drain (as it seems to), I think as a last effort
>> we should document the alternatives which current Adito/ALS users have.
> 
> On my previous work at the university of Copenhagen we were using SSL-
> Explorer. I guess we had some 20 - 40 users logging in on a daily basis, 
> using 
> different features in SSL-explorer.  The use base was growing until 3sp 
> pulled 
> the plug and we stopped promoting SSL-explorer.
> 
> I''ll state where SSL-explorer made a difference for us (most point has been 
> mentioned by other posts):

---

> Proxy access to other websites is currently provided by  
> http://sourceforge.net/projects/poxy/ on our web server.

Interesting project, have not seen that one.

> For Linux users to access network drives I've successfully tested drive 
> mapping over ssh (sshfs) on Linux. But in many cases Dolphin, Nautilus or 
> just 
> plain shell are sufficient. Many of our Linux users is powerusers anyway and 
> is not scared from using the shell

If SSH access is available then I think Nautilus + gvfs-fuse works great.

> I'm unsure about MAC users.
> 
> On the remote desktop side we have not decided yet. NX machine look 
> promising, 
> as it runs over ssh. But it has some issues with key mapping is f*-up on 
> non us keyboards.

I've used NX successfully over the last few years. It does indeed have
some keymap/language setting issues. Perhaps most annoyingly running a
local Gnome session and _then_ connecting via NX causes problems as
Gnome acts weird if more than one session is running for a user.

> Luckily over time more and more services is moved to being web based, which 
> solves many of the above problems.
> 
> Still sometimes we have users ending up behind firewalls which do not allow 
> ssh, imaps or smtps. Here some kind of tunneling would be nice. Something 
> like 
> http://ace-host.stuart.id.au/russell/files/http-proxy-tunnel/ 
> might be able to solve the problem. But it seems not easy to configure on the 
> client machine.

Looks a little "hackish" :).

> Sorry this became a little long - I guess i just used this to summarized my 
> own thoughts on the subject.

Well, my initial post was even longer ;).

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] [openvpn-als - Open Discussion] Future of Adito/OpenVPN ALS

2010-04-14 Thread samuli.seppa...@gmail.com 
This mail came from an old Adito/ALS user, Silvan M. Gebhardt, but was
rejected by SF.net. So here it comes:

---

If I may also contribute

I have just found the solution to replace the remaining functionality of
adito for me: The Kind-of-single-signon for the user.

I have just found http://sumoam.sourceforge.net/


I might be able to plug some of my existing apps onto that - then
everything works on a login. perhabs we can add some more functionality
like SMS token



personally, I'm starting to think about bilding some kind of appliance
on top of apache, consisting of openVPN, Apache Proxy, and this thingie
here, and some more stuff  ;)



I run OpenVPN and an Apache ReverseProxy simultaneous on one Port btw.
The Portsharing Feature is one thing that we should point out. I have
used sslexplorer once when I only had port 80+443 available and I was
not able to have more than one IP Address. Portsharing of OpenVPN is
Really, Really incredible  ;)
I'm thinking about suggesting the openvpn people the following


currently the openvpn daemon proxies (layer4) to the HTTPS server
running e.g on localhost. so it looks at the traffic if it looks like
openvpn or HTTPS. do you folks think if there is a way to also detect
SSH? So three services could share that port?



lg
Silvan

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] [openvpn-als - Open Discussion] Future of Adito/OpenVPN ALS

2010-04-15 Thread samuli.seppa...@gmail.com 
>> If SSH access is available then I think Nautilus + gvfs-fuse works great.
> sshfs is fuse based as well I think. On my daughters little netbook I made a 
> simple solution by placing a sshfs connect script in the folder which is the 
> mountpoint. So when she enters the folder and the ssh file system is not 
> mounted, well the script is right there to be launched ;-)
> 
> But in many cases a Linux desktop user dont need mounting the filesystem at 
> all. At least KDE Dolphin can handle files directly over ssh by typing 
> fish://u...@server in the path (I think Nautilus can do equal by typing 
> ssh:... in the path line). 

Yep, Nautilus can access directories via SSH using
ssh://u...@server:/path syntax. Alternatively you can create a shortcut
using "Connect to share + Add bookmark". The newer Gnome VFS versions
support fuse, meaning that all mounted remote drives are available under
$HOME/.gvfs/sftp on servername/ or similar.

Samuli

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] ALS support - Java

2010-07-13 Thread samuli.seppa...@gmail.com 
> Greetings...I'm a Java developer and would be interested in helping out. I'd
> need to get trained up somewhat on how to build the system. A co-worker of 
> mine
> uses Adito/OpenVPN-ALS and can help me get things working. As CTO of my 
> company,
> I can offer some part-time expertise (Java, J2EE, etc). It would be good to
> re-vamp the architecture, but first we'd need to get really familiar with it -
> so help would be needed. Let's talk - what's the best way to move forward? 
> I'll
> cross post to other list as well.  Some of the suggested so far sound good.

Hi,

There are a few outstanding issues with Adito/ALS project, which were
discussed in this thread:



In a nutshell Adito/ALS development has stalled and fixing the situation
is exceedingly difficult. A number of companies and individuals have
contributed to the project, but what project needs to survive is core
developers who really know Adito/ALS inside out. Unfortunately there has
only been one (corporate-sponsored) core developer and he stopped
working on the project in May 2009.

Please read the mailing list thread (above) for a much more detailed
analysis of the situation.

Samuli (project manager)

--
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] FW: Project status

2013-06-07 Thread samuli.seppa...@gmail.com 
Short answer: yes, the project is dead. I suggest taking a look at OpenVPN:



That's the "de facto" open source VPN and actively maintained and developed.

Samuli

>  
> 
> Hello,
> 
>  
> 
> Is this project completely dead?  I have seen some posts as recent as
> 2012, any chance of starting this up or is there another similar project?
> 
>  
> 
>  
> 
> Thanks,
> 
>  
> 
> 
> 
> --
> How ServiceNow helps IT people transform IT departments:
> 1. A cloud service to automate IT design, transition and operations
> 2. Dashboards that offer high-level views of enterprise services
> 3. A single system of record for all IT processes
> http://p.sf.net/sfu/servicenow-d2d-j
> 
> 
> 
> ___
> Openvpn-als-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel
> 

--
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel

Re: [Openvpn-als-devel] FW: Project status

2013-06-07 Thread samuli.seppa...@gmail.com 
OpenVPN is not a web-based SSL VPN. I'm also not aware of any new (open
source) web-based SSL VPNs. There should be plenty of commercial,
integrated hardware/software offerings available, but those have their
downsides[1].

Samuli

[1] E.g. what do you do if the one hardware you have crashes and you
can't reinstall/replace it quickly?

> Ok, thank you
> 
> I have used open-vpn for site to site, but have not seen the same 
> functionality mainly web based SSL/TLS with downloadable client.  Did I miss 
> something?
> 
> -Original Message-
> From: [email protected] [mailto:[email protected]] 
> Sent: Friday, June 07, 2013 9:19 AM
> To: [email protected]
> Cc: CARTWRIGHT, CORY C
> Subject: Re: [Openvpn-als-devel] FW: Project status
> 
> Short answer: yes, the project is dead. I suggest taking a look at OpenVPN:
> 
> <http://openvpn.net>
> 
> That's the "de facto" open source VPN and actively maintained and developed.
> 
> Samuli
> 
>>  
>>
>> Hello,
>>
>>  
>>
>> Is this project completely dead?  I have seen some posts as recent as
>> 2012, any chance of starting this up or is there another similar project?
>>
>>  
>>
>>  
>>
>> Thanks,
>>
>>  
>>
>>
>>
>> --
>> How ServiceNow helps IT people transform IT departments:
>> 1. A cloud service to automate IT design, transition and operations
>> 2. Dashboards that offer high-level views of enterprise services
>> 3. A single system of record for all IT processes
>> http://p.sf.net/sfu/servicenow-d2d-j
>>
>>
>>
>> ___
>> Openvpn-als-devel mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel
>>

--
How ServiceNow helps IT people transform IT departments:
1. A cloud service to automate IT design, transition and operations
2. Dashboards that offer high-level views of enterprise services
3. A single system of record for all IT processes
http://p.sf.net/sfu/servicenow-d2d-j
___
Openvpn-als-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel