Adito (Now called OpenVPN ALS)

Help me to help you
By buying a cert together Adito will be alive much longer!
Please see this post to understand and how to donate!

About

Adito is an open-source, browser-based SSL VPN solution. It’s a remote access solution that provides users and businesses alike with a means of securely accessing network resources from outside the network perimeter using only a standard web browser.

Background

This is the open-source clone of SSL-Explorer after it went biz-o-matic.

Windows installer (download links below)

My contribution to this project is a Windows-installer, check old version here, if you are looking for the updated SVN-version download here

Please note that the SVN-version is only supported on Java run time 1.8! Older version require Java run time 1.7 or older.

Step-by-step guides

There are now three guides written by me on the topic.

  1. Scroll down on the installer page for installation-tips

  2. Scroll down on this page for a simple demonstration of a port-forward

  3. NEW! Practical RDP guide here

  4. Read the guide on running the Java 7 version 51

What the buzz about?

Pictures says more than words so please take a look in the pictureseries with description below.

You are first presented with a login window:

Login window

After successfully logging in you are at the main window

Main Window

Usally the SSL Tunnel are common used. This technique open a port locally and forward it throught the server and to your destination.

In this example we create a port forwarding on port 4040 locally requests to google.com on port 80 (www-default-port)

Create SSL Tunnel

After the creation we start the Agent. This is the software you run in the remote location straight from the browser. Since it uses default-java you would find access almost everywhere.

My rule is; if you can connect to your bank you can use Adito πŸ˜‰

Agent launching

When it has launched you got a new little man-like icon in your sys-tray

Agent in systray

By right-clicking on the agent you will find items you have configed on the server. In our case the tunnel “Test” is available

Agent options

When the tunnel is activated the agent notify you and we are ready to use it

Agent SSL Tunnel open

Now for some magic πŸ™‚ Connect to google through your server

Surfing through SSL Tunnel

As you can see this is pretty easy to use and manage a great product!

Check out the new guide on setting up RDP here

0 Replies to “Adito (Now called OpenVPN ALS)”

  1. Hello

    Starting Adito service using wrapper
    El servicio de Adito estÑ iniciÑndose…
    El servicio de Adito no ha podido iniciarse.

    Error de sistema.

    Error de sistema 1067.

    El proceso ha terminado de forma inesperada.

    Presione una tecla para continuar . . .

  2. My spanish does not really exists πŸ˜‰ But I guess the Adito-service using the Wrapper did not work for you.

    Try using it without the wrapper and see if it works. If so, write me the java-version and paste the wrapper.log file

  3. What should the destination host be if I want to pass all of my web traffic through the SSL tunnel not just one particular website like google.com?
    Or should I use some other feature of Adito like Web Forward? Reverse Proxy?
    Thanks!
    Don

  4. Earlier I used a SOCKS proxy on the Agent, running on the client machine. But the plugin is unsupported and does not work any more πŸ™

    My temporary solution is to create a Application using putty-application and create SOCKS on client. The connection goes like this: Web browser w/SOCKS -> Putty -> Adito-Client <-> SSH-Server <-> Internet.

    If you are running Windows you could use the CopSSH-server (great package): http://www.itefix.no/i2/copssh
    In linux you have to google it πŸ˜‰

    The cool thing with Adito is that you don’t need to show the SSH-server to the world. That would be considered safe since the Adito doesn’t have any known security-breaches so far…

  5. I installed Putty as an application in Adito. I can connect with Putty inside Adito to my OpenSSH server on my desktop machine…I get a DOS prompt. I then set my proxy settings in Firefox to Socks5 with 127.0.0.1 using port 7070. Then trying to surf the web with this setup. I get no connection to any website using this proxy on Firefox.
    I have set the SSH/tunnel option in Putty to dynamic port 7070 (D7070) with auto set and Dynamic. I am clearly missing a piece of this puzzle to tunnel my web traffic over an SSH connection using Putty. Any ideas on what I am missing?
    Thanks!

  6. Don Screen:
    Make sure that the ssh-config have the ForwardAgent=yes (default is no). Then it will start resolving & forwarding πŸ™‚
    The putty-setup can be copied off this guide: http://securitymusings.com/article/462/how-to-set-up-a-socks-proxy-using-putty-ssh

    I also made a SOCKS-setup for a friend that didn’t want the CopSSH package installed on his server. The simple solution was Sockspuppet: http://socks.pendulus.net/
    It was simple, and gets the job done. Best of all it works as a service πŸ˜‰ Just forward all trafic to the Sockspuppet-port and it will simply work. By blocking incomming connections from others (through sw/hw-firewall) or a user&pass setup you’ll be safe that no one else sees the socks server.

  7. Thank you! I found the problem. I am using FreeSSHd and did not have the Tunnel option set to Allow Local Port Forwarding.
    Adito now gets the job done without having to open another port on my router.
    I would like to get TightVNC working via Adito. Not sure how to run the viewer from Adito….
    Finally got the hang of Putty with the different settings available.
    Don
    PS. I really appreciate the time you took to get the answer to me. I spent a week with Adito figuring there had to be a way to tunnel all of my web traffic. Your solution was perfect!

  8. Don Screen:
    Glad to help πŸ™‚

    To setup VNC (In this case UltraVNC viewer) download & install this extension: http://lars.werner.no/adito-application-ultravnc.zip
    All the parameters ect should be pretty the same IF you absolutly have to use TightVNC. Change the extension.xml to fit your needs.
    I prefer UltraVNC because they have integrated the fullscreen-tool-bar-thingy that I made some years ago: http://lars.werner.no/?page_id=16

    With the screen-hook-thingy the polling are just as quick as M$ Remote Desktop (As I usally prefer). That extension can be downloaded here: http://lars.werner.no/adito-application-advancednativerdpwin32.zip (if you make that a go, Remote desktop is enabled with just a hookoff in the System-tab :))

  9. I installed the UltraVNC server on the desktop…and installed the UltraVNC extension into Adito as an application. When I click on it…it says “Application UltraVNC” launched but nothing else happens. No viewer…no login box. How do I get the viewer to run inside Adito?

    The viewer does work and connects outside of Adito if I open port 5900 on my router.

    Don

  10. It looks like the extension file for just the UltraVNC viewer is not uploading to Adito.
    I tried it several times ..using the upload..XML file…
    It does not show up in installed applications in Adito.

    Don

  11. You are using the (Configuration) Extension Manager -> (Actions) Upload Extension , right?

    Adito manage the whole *.zip file, not just the XML. Download and save adito-application-ultravnc.zip then upload the zip-file

    Edit:
    UltraVNC server goes one the machine that Adito is running on, so you don’t need to forward anything.
    That way you can contact that machine remote.
    If you are using linux a repack of the zip might be needed… Not so linux-clever yet πŸ˜‰

  12. Yep..finally read page 126 of the manual! The whole zip file..not just the XML file like I was trying to do… DOH!!!

    Thanks again…for solving both of my issues with Adito!
    Don

  13. You only change the XML-file inside the zip-file if there are fields / parameters that are wrong for the app you want to run.

    If you have other programs you can create your own packages… I have modified a Firefox-portable to work with Adito. That way if a public / work computer don’t have Firefox I can download it through adito with my socks settings & extensions installed πŸ™‚

      1. Hi Albert

        I usually have a USB with FF-Portable on it, so I don’t use the plugin atm.
        When looking into the archive, I last used it on SSLExplorer actually.
        Here you go, http://adito.werner.no/sslexplorer-application-firefoxportable.zip

        Try to install it as it is.
        If it doesn’t work, change the “extension.xml” to adito where it says sslexplorer.
        To update the FF to latest version, follow instructions in the extension.xml (using 7-zip) to make an exe of it.
        You also have to run a SOCKS proxy or simular to make the browser go through your SSL-tunnels.

        1. Hello thanks for the link πŸ™‚

          i’ve repacked firefox v11 and run OK but proxy setting are incorrect πŸ™ port is not OK have you an idea for fix it ?

          Thanks

          1. Sure, in the “prefs.js” file you have 2 generated values.
            user_pref(“network.proxy.socks”, “${tunnel:firefoxportable.hostname}”);
            user_pref(“network.proxy.socks_port”, ${tunnel:firefoxportable.port});

            This “old” prefs.js file is from an old firefox installation, so I guess you need to update.
            Setup your locally installed Firefox with socks proxy.
            Go to %userprofile%\Application Data\Mozilla\Firefox\Profiles\
            Replace the prefs.js in the archive and update the two lines as shown above.

            (Btw: The extension.xml have the tunnel-parameter “

            The pref.js dont change at all just few line added.

            but after analyse, the port is from the tunnel created during app launch, but i think that tunnel dont support socks proxy if anyone can confirm me that.

            at this time i use a ssh connection with a tunnel on D8080 and i replace {tunnel:firefoxportable.hostname} by {param:proxyhost} and {tunnel:firefoxportable.port} by {param:proxyport} work great, but if it’s possible to directly make a tunnel without opening a putty session : i need πŸ™‚

            i continue to test some config πŸ™‚

            i’ve also made a “supercopier2” application and work great πŸ™‚ if someone want it… ask it πŸ™‚

          2. Hi, you have to run a SOCKS service to the port you’re using.
            If you’re on Windows a simple http://sockspuppet.com/ or http://www.handcraftedsoftware.org/index.php?page=download on the server-side does the trick πŸ™‚
            That way the port opened gives you a direct connection to the socks-service and then the software will forward you out.

            Though; SSL Explorer had SOCKS in the early stages, but the extension was removed.

            If you manage to update the extensions correctly, please mail me them lars@werner.no
            I’ll put them on adtio.werner.no “appstore” later on.

          3. i have made some test to run a dante-server on my linux but no succes at this time.

            for manage and update extension : supercopier : no update before a long time (i’m not sure but i think that the devel of this app is off)

            and for firefox portable : yes no problem i can update it πŸ™‚

            i say you when i have a good configuration that work great πŸ™‚

            Thanks for your help πŸ™‚

          4. Hello !!

            Firefox 12 OK

            i have dante-server work on my server (but i need to secure that ^^)

            and firefox with socks proxy work great, i have make a package with english version of android (i’m french so.. i use the french version^^)

  14. I got the UltraVNC viewer working in Adito! One thing I had to change was the setting on the UltraVNC Server Property Page. I had to check the box to Allow Local Loopback Connections.

    Not sure I want to tackle creating my own package for an Adito application install. πŸ™‚
    I used your Adito Installer recommended by Darren Kitchen at Hak5.

    Thanks again,
    Don
    PS. Merry Christmas….

  15. Great Don, glad it worked!

    I didn’t know that Hak5 made a reference to this, that is pretty cool πŸ™‚

    I’ll put up the show on a post here too, that way people can see it in action.
    Edit:
    Merry Christmas to all πŸ˜‰

  16. I have installed adito on XP machine, able run services like VNC and web fowarding. When i setup network places I am able to access the shared drive and see the doc. But when I trying opening the doc, I get an error 500 from the server. Any suggestion what i have miss out.

    Thanks in advance
    P.S – I m using freenas

  17. Hello,
    Great product thx.
    But I’ve a little problem. I must install Adito in a DMZ but the internet access is not allowed from my Adito server.
    How can I install Adito Extensions without online connection to the Extension Store ?

    Thanks

  18. Vince:
    You don’t need to DMZ the Adito installation. Forward the port 443 to your Adito machine (based on default installation) and you’re good to go.

    The Adito Extension doesn’t require online access.
    On the right side in the “Actions” window you have a “Upload Extension” function, upload the zipped package. (Do not extract!)

  19. Hello Large,

    How do I create my own extension package? Lets say I want to use a program like dameware, can I create an extension for it?

    Thanks

  20. hello Large,

    Thanks for your swift response. So i have a portable application like Clamwin Virus scanner. How do I install that into Adito. Also, how do i use the winutil you provided? sorry i’m a noob at this.

    thanks

  21. Also Large,

    How do I configure Adito to require clients to have a certain kind of USB token before accepting connections. That is a user must have some kind of security token on a USB stick besides regular password authentication.

    thanks

  22. Gconcepts:
    After you install the extension it becomes available as a application to deploy to users. The WinUtil app was made as an example for how you can manage the XML-file. You have todo xml-editing and do some testing to make the extension work as you like.

    As for the USB-token thingy you are speaking of, it is unknown to me. But the SSL Explorer Enterprice had a one-time-code by SMS (cellphone) system. That worked quite good. Since Open VPN ALS is based on SSL Explorer community edition non of these features are present.

    You can turn on the 5 questions after password was written as a extra “security”.

  23. Lars,

    Do you have or can you make an installer that has a version of openvpn-als compiled with agent timeout bug fix (the one in src\com\adito\properties\forms\AbstractPropertiesForm.java)?

  24. Brian:
    Sorry no, I don’t have time to mess with java these days. So I’ve made the installer scripts public to everyone. If someone picks up the ball and create a build of the svn-release the timeout bug will be fixed.

    Meanwhile you can reinstall to reset it (without generating new certs ect).

  25. Hi,

    Is there a full SSL-VPN extention like a network connector or agent that provides full access to connected user to the LAN? or how do I configure a full tinnel not a single port ot port.

    2nd On SSL-Explorer there was a Network Map Drive (when user logs in a network drive is automatically mapped like X: that points to an internal Server share)extention does somebody knows if it’s still out there somewhere?

  26. Sadly,
    it looks as though this great piece of software is gonna slowly be laid to rest. openvpn have made no attempt to bring the project forward and have decided to concentrate on their openvpn access server (which involves and openvpn client being installed from a web portal)
    I will cling onto adito (nee sslexplorer) for as long as i can as it’s got me out of a mess on many occassion and has gone through every corporate firewall i have tried and didn’t upset any installation policies.
    i do hope that somebody takes this great piece of software on and brings it more forward than it is (perhaps to the point it was in sslexplorer with drive mappings etc)

  27. Hi
    I am looking for similar requirement Paul had mentioned. I need to have a full access to the LAN using adtio ssl access. Could any one suggest me how to do this or any other open source free software?
    Please reply
    Thanks,
    Siva

  28. Thank you so much for this application.
    I had a problem with a machine that refused to install SSL EXPLORER.
    Then i found this software.
    Excellent stuff man. Thank you !

  29. I’m completely stumped on this one. I need to set up someone else as SUPERUSER besides myself. I’m at a complete loss. I’m sure it is in a config file somewhere or something, but for the life of me, I cannot find it.

    We’re using AD integration, and my login is fine as SuperUser, but I need to get my boss as that as well (in addition to me). Is this even possible?

    Thanks in advance

  30. Michael:
    You should install the adito-server on a “dummy computer” and play around with it. Trial and error is your friend πŸ˜‰

    The system only has one “superuser” as far as I know. But hey I’m not a superuser, hehe

    Here is how I’ve done it for other admins (without AD):
    1. Create a Policy called “Admins”
    2. Do not add superuser, but all other admins to the policy
    3. Go to the “Access Rights” tab and create a new “Resource Right”
    4. Add all available rights
    5. Add “Admins” policy in the “Policy” tab and save.

    Please let us know if that also works with the AD integration.

    gconcepts:
    You are not the first one to ask that question, please see http://sourceforge.net/projects/openvpn-als/forums/forum/824507/topic/3492047

  31. Works a charm, apart from…. I cannot get the Adito Agent to launch from a client. If I use 127.0.0.1 on the server then the agent does launch but fail to connect after “synchronizing”. If I use the server name or IP on the server then it fails in the same way as if I was on a client.

    Java error:

    load: class com.adito.agent.client.launcher.AgentLauncher not found.
    java.lang.ClassNotFoundException: com.adito.agent.client.launcher.AgentLauncher
    at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: java.io.IOException: open HTTP connection failed:https://10.1.1.253:8443/fs/apps/adito-agent/com/adito/agent/client/launcher/AgentLauncher.class
    at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source)
    at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    … 7 more
    Exception: java.lang.ClassNotFoundException: com.adito.agent.client.launcher.AgentLauncher

    Any ideas? Ive had a hunt around google but I havent found anything yet.

  32. Hello KK20,

    Did you check to make sure the setting “INVALID HOSTNAME ACTION” is not set to close connection immediately?

  33. I have it set to “allow connection” – purely because I didnt want to lock myself out before I got everything working!

    The actual login and “network places” links work perfectly internally I can use the IP address, netbios name or go external with the external domain name and all will work. It works external to the building (via 3G disconnected from the local network). Integration into active directory works perfectly. It is the “launch adito agent” that wont launch – which is a pain since that is the main reason for me wanting this (I plan to map drives somehow).

    Anyway, I will continue and if I find a solution post it here. Thanks for the help in any case!

  34. Under Resources (under the management console) I only have Network Places and Profiles. There is no Web Forwards, Applications, or SSL Tunnels. I have tried uninstalling and reinstalling several times. I would appreciate any help.

  35. Robert:
    Make sure that you make a clean install into a new directory.
    The uninstall does not handle Adito-directories in “policies directories” etc, so a search for adito after uninstall could be needed.

    Make sure that you login to the system as superuser (first user you created through config). Check also “Access Rights” tab for “Resource right” policy, you could “lock” superuser out of creating stuff through that.

  36. Sorted my problem out. Originally I had published the website using ISA (2006) as a web server on port 8443. I have 3 SSL websites running on my external IP 443, 444 and 8444 (all going to the same webserver too – you *CAN* do this with M$ but that is another story…) Anyway, It seems that I needed to create a non-webserver rule with a new filter type that listened only on port 8443 (inbound TCP only). This has cured the agent launching – I can now launch internal or external.

    The problem with this approach is that the JAVA agent throws up an issue saying that the *.mydomain.net is an invalid certificate. Obviously it isnt and I suspect that this has to do with the nonwebserver forward not carrying the original client domain request through (hence the webserver will only see the ip address forwarded by the ISA server). I may make a man-in-the-middle type certificate between the ISA server and webserver based on its IP address to see if this cures it.

    Now onto mapping drives (if it can be done).

  37. Any update on how to get the agent to work with Windows 7 64 bit? The agent works fine for me using any 32 bit Windows OS. W764 still fails to launch the agent.

  38. I have had trouble when people try to access the site using Internet Explorer 8. Works fine with firefox. Any idea on how to fix it?

  39. I get this error in my adito.log:

    30-07-2010 09:24:47 [FeedManager] INFO Feed – Retrieving RSS feeds from http://download.localhost/feeds/.xml
    30-07-2010 09:24:49 [FeedManager] ERROR FeedManager – Failed to load feed.
    com.sun.syndication.io.ParsingFeedException: Invalid XML: Error on line 13: The reference to entity “ts” must end with the ‘;’ delim
    iter.
    at com.sun.syndication.io.WireFeedInput.build(WireFeedInput.java:174)
    at com.sun.syndication.io.SyndFeedInput.build(SyndFeedInput.java:122)
    at com.adito.rss.Feed.load(Feed.java:149)
    at com.adito.rss.FeedManager.retrieveFeeds(FeedManager.java:254)
    at com.adito.rss.FeedManager.run(FeedManager.java:161)
    at java.lang.Thread.run(Thread.java:636)
    Caused by: org.jdom.input.JDOMParseException: Error on line 13: The reference to entity “ts” must end with the ‘;’ delimiter.
    at org.jdom.input.SAXBuilder.build(SAXBuilder.java:468)
    at org.jdom.input.SAXBuilder.build(SAXBuilder.java:851)
    at com.sun.syndication.io.WireFeedInput.build(WireFeedInput.java:170)
    … 5 more
    Caused by: org.xml.sax.SAXParseException: The reference to entity “ts” must end with the ‘;’ delimiter.
    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)
    at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:391)
    at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1390)
    at com.sun.org.apache.xerces.internal.impl.XMLScanner.scanAttributeValue(XMLScanner.java:844)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanAttribute(XMLNSDocumentScannerImpl.java:436)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:253)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScan
    nerImpl.java:2723)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:624)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:116)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:4
    86)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:810)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:740)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:110)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1208)
    at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:525)
    at org.jdom.input.SAXBuilder.build(SAXBuilder.java:453)

    Apparently, something with RSS is causing the adito service (running on ClearOS 5.2) to throw an exception. What is RSS doing here? I don’t see any way to configure this via the gui. I can restart the service and it runs fine for a while.

    BTW, Adito is great. I’ve suggested to the ClearOS group that they try to incorporate portal functionality. It’s too bad Adito isn’t still in development. It works very well. I’ll continue to use it anyway.

  40. Thanks for keeping this going!

    I just installed a new Adito setup on to my vmware esxi home server via turnkey core.

    The only gotcha with the numerous directions on the web was related to the Java steps due to Ubuntu moving the repository. Google got me past that and once again Adito is running at home.

    Please ClearOS, rescue this wonderful application. I use OpenVPN when I have Adito problems. However Adito is always the preferred solution.

    ClearOS (Clarkconnect’s future) can and should save this project!!

  41. yes, it’s a shame. but when you read the reasons, it’s a fairly complicated piece of code that turns things on their head. i do hope it’s revived as x64 isn’t going to play nicely with adito. but as you say, i will continue to use it. it has got me out of so many situations in the past and has never failed yet to get through a firewall on 443.

  42. David:
    Why don’t you make a default ClearOS ESXi image for people to use?
    A small guide & lists of usernames & password into a txt and the vmdk-file is all that is needed.

    I can ofcourse host it here…

  43. large,
    I use ClarkConnect as my Gateway on the ESXi box. I am in the process of installing ClearOS 5.2 as a standalone ESXi image as I type this. Once I find that stable on my hardware, I will take the ClarkConnect off-line and change the ClearOS install to a Gateway configuration.

    The process is pretty straightforward, so I am not sure there is much value in creating the ClearOS ESXi image. The iso image is uploaded to the ESXi datastore and then the new virtual machine is configured to boot from this iso image.

    Now if you are asking for a ClearOS 5.2 configured with OpenVPN ALS/Adito, I don’t think I would do it that way. I like to use OpenVPN and OpenVPN ALS/Adito sharing the 443 port. I am not sure how one would do that on the same machine.

    With ESXi, it is much easier for me to create very small Linux installations and use port forwarding to add features as experiments and/or final implementation.

    FYI: My ESXi4 is on a powerful quad core desktop. That was a $700 investment that has worked out to be a wonderful way to make my home office ‘green’, save money on power, provide a (thus far) very dependable solution for family computing needs, my endless experiments, and my personal world wide access solution. Over the years I’ve played with VMplayer, VMserver, and now am a believer in this ESXi. Nothing against the many other fine products and other vendors, just where I am at the moment….

  44. Hi Lars

    Thanks to your work I got up and running the SSL-VPN Server on WinXP very well in just a few minutes! Now I like you to ask, if you know someone who translated the pages to german?

    I try to find out how to do, but as I am no programmer, I gave it up after 3 hours of searching through the files…

    Any help is appr.

    regards,
    Marius

  45. KK20 & other that hate the timeout!

    I found a easy solution for the timeout-problem people have with the adito client shutting down after.

    This is actually the session stored in the webbrowser, so if you use firefox (like I do) just do this:

    Rightclick on page and select Reload Every -> 2 minutes.

    That kept me signed in whole day@work πŸ™‚

  46. Since I moved my servers to 2008 over the summer I have now gone back to webdav as 2008 webdav is a lot more configurable than the old 2003 “webdav the lot” option. Since my clients all run a map drive script it will work in XP or W7. It was easier to create a VPN via ISA again and make a dialup script for remote users as educating them how to use adito was a pain (users eh?). Still, I had a lot of fun setting adito up and it worked a treat in the end.

  47. KK20:
    I would never use Adito “in production”… That is just a tool for you to get through every possible firewall known πŸ™‚

  48. looks like Ironport proxy is able to detect the Adito trying to get through on port 443. Is it possible for Adito to get through Ironport proxy in some way?

  49. Good morning Lars.
    I use Adito to as a sys adm, lookng after my servers from where ever I am. It works great!! πŸ™‚
    Now I would like to start a program om a server that is called superoffice. I’d like to open it in a browser window. I have tried a few setups , but can’t seem to break the “code” and get it running. Any suggestions would be appreciated!

  50. Hmm.. reading my post is sad.. misspelling and confusing info..
    I would like to star ta program calles superoffice on a server and have it pop in a browser window.. so any help would be appreciated! ..

  51. Hi Lars,

    At first, Thanks for the application and effort you have done.

    I am now trying to enter the system but forgot the password.
    After trying few times, the message comes up and told me that account has been locked.
    Is there any way to unlock my account from local?

    Or, is there any other ID which can use for administrator login?
    e.g., Administrator, root.etc

    Your help would be greatly appreciated.

  52. HI guys..please help me with this..i install the adito successfuly,but my prolem is the port forward part.i did port forward the 443 and open windows/3rd party firewall,.ive done so many port forwarding w/ out any trouble..but for some reason adito wont work behind the router.

    router:att 2wire
    firewall:windows
    OS:windows xp

    thank you

  53. For AD integration it says it needs Read and Write access to AD. What exactly is it wanting to write? Without knowing what it whats to write to AD I am reluctent to turn it on. Can anyone shed some light?

  54. The timeout value can somehow be found in the file
    webapp/WEB-INF/classes/META-INF/profileProperties-definitions.xml

    Example:

    1. TightVNC (Java) extension should work on a Mac, but I haven’t tested it myself
      The ProperJavaRDP extension should work good against windows boxes too…

  55. Hello Lars,

    Thanks for adding new features for adito.
    I have one question ?
    Do you have a RDP client for MAC to go to a windows box ?, because the Proper JAVA RDP is slower then you use RDP for MAC.

    Thanks for your help.

    Roel

      1. hey thanks for the quick reply i’ll have a good read through it and hopefully all will be well

        many thanks

        hans

  56. Hello again.

    Maybe someone here can help : I got a free certificate from startssl.com and I was able to install it by stopping the service and re-running the installer.bat script. It worked and I was able to connect to my Adito box without my browser complaining.

    However, none of the applications would work anymore, the java tunnel is not being created, java now complains that it can’t connect and hints at a bad certificate…

    Any thoughts? How can I update the certificate that the java tunnel part of Adito is using?

    Thanks!

    1. Hi Stanelie

      I would not recommend to install it by the “installer.bat” function.
      It was stated earlier by the developers on Sourceforge.org that it could mess things up.

      Since you still got access to the webpage, try this: https://www.startssl.com/?app=25#4
      1. Export your *.p12 key (filename and same password you did before)
      2. Export the StartComCertificationAuthority.crt
      3. Export the StartComClass1PrimaryIntermediateClientCA.crt

      Now try to add the StartComCertificationAuthority.crt and StartComClass1PrimaryIntermediateClientCA.crt through the wizard using the “A root certificate for your web servers certification authority.” method.

      But keep in mind that the “Class 2” level is the one that should be used… Through a corporate network still could be blocked if the personal info isn’t validated (good admins does so).

      I don’t know it will work, but worth a try! πŸ™‚

      1. Thanks for the tips, I will try them.

        I reverted back to an earlier snapshot after messing things up, I’m not taking any chances.

        πŸ™‚

        1. Since you running virtual, then trial&error is your friend πŸ™‚

          I guess the StartComCertificationAuthority.crt is defined as “root”
          The StartComClass1PrimaryIntermediateClientCA.crt is “A reply from a certification authority”.
          Then add your privat p12-key as “A key for a server that requires client certificate authentication.”

          But it has been a while, so please give feedback if that worked πŸ™‚
          The root & CA has to be inplace to actually work for the private-key import, that isn’t stated so clear in the help text.

          Also try another browser afterwards (lik IE/FF/Chrome) where the cert isn’t installed.
          You can also check the certs installed by Java (locally) in the Controlpanel -> Java (32 bit) -> Security -> Certificates

  57. I need to move the ADITO VPN from one computer to another. What is the best way to do this and keep all the settings? Can I just install adito on the new computer (win2003R2) and then just copy the whole adito folder and subfolder from the old comptuer (XP) to the new one?

    Would appreciate thoughts on this.

    Thank you!

    1. In theory it should work πŸ™‚
      Make sure that you stop the service before you overwrite the existing on the new one.

      If it fails:
      Under the db\ directory you have a HSQL-database that stores everything, you could try to just replace that one (+ the extension files) that you got.
      Make sure that you install in the same directory structure that you did before, eg: C:\Program files\Adito

      Let me know if you got it running. Any errors can be seen by running it directly with java (shortcut is added for that).

      1. That worked.
        -Basically I stopped the service on the XP box, copied the whole Adito folder (from program files) on a USB.
        -Then I stopped the service on the win2003r2 server, and deleted the Adito (well backed it up) folder from program files, and pasted the Adito folder off the USB.
        -Then I restarted the Win2003r2 service.

        All seems good so far, I haven’t tested every single application, and web forward, but the few I tested worked w/o a problem. Even the custome logo is there and all.

        Thanks and cheers, wish all migration could be this easy!

  58. it certainly doesn’t need rw to AD. create a read only account on AD and use that for authentication. it works, i use it.

  59. How I can upload multiple files using network resources ?
    I can do this using a ftp server on the adito server, but how to do the same using CIFS/SMB ?

    Thanks
    Chris

  60. Is there a way to get all web traffic to pass through the SSL tunnel? I have used web forward and setup a replacement proxy. works great for the site setup. and you can edit the link name in the redirect address but would be nice if you could just setup the link then with the open browser type a site or use your favorites.

    1. I suggest that you run a SOCKS server on the Adito server.

      A simple & free one is this: http://sockspuppet.com/
      Remember to block 1080 incomming connections from the internet while using this, it has no security.

      Create a SSL tunnel with following parameters:
      Source port = 1234
      Destination host = localhost
      Destination port = 1080

      Then setup your webbrowser to use socks server with host: localhost and port: 1234.
      (PS: If you didn’t autostart the SSL tunnel, it need to be opened on the Adito client).
      If you don’t know howto, check out this: http://www.ehow.com/how_5598384_configure-browser-use-socks-proxy.html

  61. Hello

    i’ve a question,

    it is possible to open a openvpn connexion using adito ssl tunnels ?

    because i need to sync windows AD through proxy.

    Thanks

  62. 1. what does look like your environment, and where do you place the server wich is running adito.
    (in DMZ,) or is it a domain machine?

    2. is it also possible to use this application to connect to your company network and you can reach shares etc?>
    We are now using a PPTP VPN client wich i want to replace.

    3. what is the best os to install this on? I prefer Windows product, but is see verry often ubuntu/linux?

    1. Hi Hans, I’ll answer briefly:
      1. Server running Adito can be on DMZ or just port 443 (or whatever you like) as a forwarded port. It only require one port.
      2. The Adito-client is a java-based VPN-client, and yes you can reach shares ect…
      But if you want to use it commercial, and need a stable system check out SSL Explorer ancestor: http://www.barracudanetworks.com/ns/products/sslvpn_features.php
      3. Adito is java-based and runs on any x86-java-environment.
      I created the installer because I wanted an easy windows-install, but on high amount of users I prefer to run it in Linux.

  63. Just wondering if anyone has used this with Active Directory? I got it up and running, but when I create new user’s accounts in AD it will not allow them to log in through adito. Gives Invalid Credentials message everytime.

  64. I have been using SSL Explorer for many years, but run into problems with windows7. I have now installed Adito with your installer. First problem is with extension manager: link results in a new window, trying to access ‘localhost’. Where is the URL for the extension manager set?

    Regards, Pete

  65. Do we need to create separate tunnels for each destination port on Adito server. For E.g If i have to accesses my home PC (Adito server) on multiple ports say 2010-2030 using telnet from my office lapy. Do i have to create separate tunnels for each of these ports and open each tunnel from my office Laptop ?

    1. Hi Rahul

      I suggest that you create a SSH-server on your machine and uses Adito to reach that.
      That way you can port yourself out as you like, that requires only one port.

      Adito only needs 1 port open the HTTPS (port 443) or any other port you selected when installed to be reached.
      The client route everything through port 443 afterwards.

      -Lars

  66. Oh boy, I need to move Adito to another machine, however I don’t remember my superuser login password, OR the actual login name. If I recall correctly, the super user account name is “super” and this cannot be changed right?

    I’ve been trying using “super” to log in and several passwords that I thought I used, but it gets locked out and then it says it’s disabled (resetting itself).

    Which is the actual file that contains just the users? I’d like to reinstall and just keep the new users database, that way when I copy all the old files with the settings/plugins/etc.

    TY

  67. Now it’s permanently disabled; I actually opened the db file in Wordpad and saw that I named that superuser “super” and now I remember the password, but it’s too late as the account is disabled. I did see a post on how to remove the lock with sqltool, but it’s way over my head and using HeidiSQL tool I didn’t understand the settings needed to connect to the db and remove that lock.

    Secondly, I tried to install Adito on WHS 2003, and everything seems to work fin until the final push on “NEXT” wher the browser opens, says it’s “installing.. please wait” and it just hangs there. Neither that nor the DOS window ever changes past those prompts and I have to end up hitting a CTRL-C to break out of it, after which the service can’t be started. I have a feeling that some of the services on WHS are interfering or causing a problem..

    1. Hi Teredactle,

      I recently helped a friend out with the exact same problem πŸ™‚
      The site you referred to was this http://sourceforge.net/apps/trac/openvpn-als/wiki/database_management right?
      You can use a GUI that makes this operation much easier.

      Steps for total reset your password:
      1. Download the RazerSQL: http://www.razorsql.com/download.html
      2. While it is downloading, stop Adito and edit %adito_home%\system.properties, set adito.hsqldb.tcpipServer=true
      3. Start Adito, check with “netstat -a” that port 9001 is open (if not, did you save the config before starting Adito?)
      4. In RazerSQL do the following:

      Press: Connections -> Connection
      Select: HSQLDB / HyperSQL
      *JDBC (HSQLDB Server)
      Fill out following
      Profilename: Adito (or whatever you like)
      Driver version: 1.8
      Login: SA
      Host: localhost
      Port: 9001
      Database name: explorer_configuration

      5. Connect, find the “ATTRIBUTES” database and delete any attribute_name=aditoUserEnabled set to false on your username
      6. If you need to update your password execute the following query: update users set password=ENCPASSWORD(‘qwerty’) where username=’yourusername’;

      Hopefully that will get you on-the-go.

      Regarding the installation on a WHS 2003.
      I don’t know why it hung, but try to reinstall java (32-bit) and restart installation.
      It could the restrictive Internet Explorer profile that is enabled by default causing the trouble.
      A good try is to install another browser, Firefox, Chrome etc and set is as default while you install.

      Cheerio,
      Lars Werner
      http://lars.werner.no

  68. Hi, I just installed adito on my win7 x64 box. I canÒ??t get the Adito agent to start getting the error on client browser: Ò??Adito Agent failed connectÒ?. On the adito server Log file I see this error: Ò??ERROR RegisterClientSynchronizationAction Ò?? Registration of agent did not occur when the specified timeout of 60000msÒ?. I get the error when I connect to adito from either my win7 box or my laptop. Windows firewall is turned off on win7 for my tests. I have the same installation on my Win2003 server without any issues on that installation. What is wrong with my win7 adito installation ? How could I resolve the agent? If not possible is there another way with adito to open RDP session without the agent ?
    regards
    Fred

    1. Hi Frederic,

      You need to use a 32-bit browser and 32-bit jvm on the machine you are connecting from (client).
      I have tested Adito on my Win7 x64 box and everything works as expected here (server).

      If you have any 64-bit java installed or similar, please remove it and reinstall 32-bit (both).
      Also try to reinstall Adito on a different port, for instance 8181 and see if you get correct results.

      Regards. Lars

      1. I use 32 bit browser for sure, but how can I make sure I use Java 32 bits? For the moment my 2 client machines have java\jre7 in Program Files (x86) folder , and a Java(32 bits) icon in control panel. which I assume is 32 bit,. What do you mean by reinstall 32-bit (both), both ? You mean on both server and clients ? Is there a diffrence between JRE and JVM ? Thanks Fred

        1. After checking I’m using 32 bits Java and browser. I’m using latest java runtime on both clients and server. I’ve tried reinstalling Adito on 8181 port, I’m still getting Adito Agent Failed Connect error. On server config I’ve tried using IPv6 interfaces along with ipv4, when I select use all interfaces (including ipv6) I can’t even connect to the server it says IP adress is not allowed: so in order to be able to connect to adito I need to select only the 2 ipv4 interfaces 127.0.01 and the 192.168.0.2 which is the adress my router assign to this computer. Maybe my problem is related to that(?) I’m at a dead end right now there is no way I can start a Adito Agent session on that server. This is the last program I need to migrate to my windows box for me to decommission my old win2003 server box. Is there an alternate way I could connect RDP to my private network from the internet with SSL port forwarding.
          regards
          Frederic

          1. If you don’t want to use more time on Adito, then i could suggest Cop Ssh from itfix.no. It will require you to setup a ssh server and use a ssh client like putty and create your own port forwards. It works, but isn’t practical. Maybe check out the java controlpanel and see if there are any options to “looseup” something, since it fails. Did you try to run the adito directly from java (shortcut in startmenu)? It could provide info on what happens on the w7 side. Also try to disable UAC, it could block…

          2. User Access Control cannot be disabled but it’s set to never notify. I tried java security settings in control panel set to low, still same error. As for running adito from shortcut menus, those apps starts comand prompt, then press any key to continue and it closes the prompt. I may look into copssh, but I’m not sure I want to get into those complicated configs. I will try to make Adito agent to work with hopefully some help here, if not I might look into other plans, one of those might be keeping the win2003 box only for my RDP access, which would be quite annoying to me. I really don’t get it why I can make this thing work in win2003 but not in win7. Will try adito server on my laptop to see if my problem is related to Windows7 OS or my Win7 Box installation in my basement,ohh well πŸ™

          3. Same problem on adito server installation on my laptop (win7 x64), so the problem is not related to my win7 box, but it seems with win7 (or 64bits?) – I’m out of clue now

  69. Long time ssl-explorer user, just switched over to Adito.
    I have a problem when I configure the Java Agent Properties, when I set the values for Timeout, Keep-Alive,Shutdown interval etc. they seem to be multiplyed by 1000? Eg I set a value of 10 seconds, when I click save it sets the value to 10000
    Any idea why this may be happening or how to fix, its quite annoying as the agent keep shutting down.

    Thanks

  70. Hi Lars,

    Thank you for your installer. I have recently begun seeing a Java security warning mentioning that applications by unknown publishers will be blocked in a future release. I was only able to get adito running with an older version of the java runtime on the server (version 6 update 17). If I use the SVN version, will I be able to update the java version on the server and avoid users being blocked when they next update java on their client machines? Any advice would be appreciated and thanks for your hard work.

    Here is more detail on the warning: This application will be blocked in a future Java security update because the JAR file manifest does not contain the permissions attribute. Please contact the Publisher for more information.

    Mike

    1. With the latest Java 1.7.0_51, this went from a warning to actually blocking the applet from running. The only way I could get it working again was to lower the Security level in the Java Control Panel (jcontrol) to Medium, from its default of High.

      1. Hi Lars and Dave,
        I found another way to permit people to connect to adito by adding the complete url of the adito server into java security configuration tab, under the exceptions list.
        A pop up appears but let you to choose to launch or not the applet.

  71. Hi

    hi Lars

    recently my company upgrade primary domain controller (add to older 2003 r2 a new 2012 64 bit pdc); i used adito for years with active directory integration, without no one type of problem, only little friction during active directory initial configuration (upper case DOMAIN.LOCAL and other)

    Now, when i create new user with 2012 server, adito not recognize it, and work only if i set to “simple” the field “user authentication type” during installation, while “service account type” not work at any condition when add user from 2012; the actual administrator works only beacause it’s an old account from 2003 server importend.
    I spend much days and testing for understanding wich is the real problem, adito is configured to connect to 2012 server without backup server: when add user from 2012 not work both auth then service account, when create from 2003 server it works (service and auth); i have also copy the old account administrator to now testind admin with same identical policy and property, from 2012, without success.

    At home i’m trying all type of adito/ssl Explorer windows/Linux and your svn version both version with a 2008 server testing domain, the ldap administrator works fine, adito doesn’t want to work.
    Typilal error is “User database could not be opened. Internal error.”

    I think that the user record in 2008/2012 is differente from 2003, and adito not recognize it or read wrong.

    any ideas?

    thx lot

    p.s. sorry for my english πŸ™‚

    1. Hi Roberto,

      I have very little experience with AD and Adito, so my knowledge is very limited.
      As far as I understand the Win2012 server uses NTLMv2 and the 2003 is using NTLMv1, that might be the issue.
      Check out this reference: http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx
      If you need to get this running in Win2012 you have to use legacy functions to actually get it to work. (Probably not a good idea).
      Adito is not developed any more a change in other systems will cause problems.
      Such problems is why I don’t recommend using Adito in a production environment.

      Sorry for not being more helpful πŸ™‚

      Cheers, Large

      1. Actually, the issue with the 2012 active directory is probably in the gpo’s for the default domain controllers. I was changing my gpo’s to match more of a 2008 r2 install, and it wanted me to enable ldap signing. I found that after I turned that on, both ssl explorer and adito were unable to find the AD and list the users, especially during the installer. So I just reversed the gpo change…. It’s in the same place with the ntlmv2, and the signing smb…..

        1. Hi s1eelra1, thanks for sharing.
          This info is helpful for AD users. Remember though to never use Adito in a production enviroment.
          Code is no longer beeing updated, the compability with new server systems will over time fail.

          Regards. Lars

  72. Hello, i am using Adito for my web application in which we used capcha (jcaptcha-api-1.0.jar) but Adito does not find .jar file of jcapcha when try to compare user input with capcha image. I think Adito is unable to access all libraries. Please help
    Thanx

    1. Hi Usman,

      I’ve never used capcha on Adito before.
      But I believe you need to change the web layout on the login-screen for implementation.
      The reference to the jar there will decide the path of the *.jar loaded.

      Regards. Lars

      1. Hi Lars,

        Thank you for your reply. capcha is not the only problem. Its an old application in which frams are used, when login, some frames does not load properly. I can not compromise on capcha.

  73. Adito needs/uses SSLv3 to work and Firefox won’t allow it. It gives error: ssl_error_unsupported_version
    The POODLE Attack and the End of SSL 3.0
    Can you fix this please???

    1. Hi Ton Dekkers,

      I only provide the installer for Adito and sourcecode will probably not be updated in the future. (project discontinued)
      But I’ve written an post regarding the SSL-error and Firefox-issue, please check out: http://lars.werner.no/?p=1159

      Try to enable / disable the cipher that provide the security you need.
      If you can provide feedback on your result, please do πŸ™‚

      Regards. Lars

      1. Thnx. after upgrade Adito I could not connect to adito website but I adjusted webserver.properties. It works.
        Is it possible to remove the advertisement Help lars.werner.no with new hosting server?

        1. Hi Ton, it is possible to remove the ads, check template in webapp/theme/default

          But i recommend to use the Adito-SVN for 1.8, theme in that has a descrete donation-button. πŸ™‚

          -Lars

        2. Hi Lars I have installed Adito-SVN for 1.8 now and still see the big Donation Ad. Can you please explain how to remove this?
          I have purchased a SSL certificate. Can you explain how to import this in Adito?

  74. Hi Lars I have purchased a SSL certificate and installed it in Adito. this works now! Thnx.
    I have installed Adito-SVN for 1.8 now and still see the big Donation Ad. Can you please explain how to remove this? I have no Java knowledge and cannot find the file where th add is placed.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.