SSL VPN

John Priddy jpriddy at redhat.com
Thu Jun 19 04:09:13 UTC 2008


The short answer:
Talk to your IT staff first to see what kind of solution they are using
and if its possible to use a third party client, if so will they even
provide you the shared key, group name, etc.  There are some reverse
engineering ways of determining some of these depending on
versions/vendors...


Long answer:
If your talking about some of the big name vendor VPN concentrator
products that your company may using for vpn access it may not be
possible.  This completely different from the openvpn project mentioned
below.  For these vendors (cisco, juniper, etc) the term 'SSL VPN or
WebVPN' is 'clientless'.  You basically just go to an ssl web page
(https://webvpn.mycompany.com) , it asks for a username/password, and
then pushes down and installs some java applet from the concentrator,
opens this and connects with your credentials you provided, and then
sets up a tunnel such that all traffic bound for your workplace tunnels
through port 443.  

Chances of this working on a non windows system are slim to none for
various reasons, most notably the vendors dont write java applets to run
under anything other than windows.  I am not even sure this would be
possible due to permissions needed at the network level on linux to do
so.


On Wed, 2008-06-18 at 18:42 -0400, Rick Bilonick wrote:
> On Wed, 2008-06-18 at 17:58 -0300, Itamar - IspBrasil wrote:
> > openvpn
> > 
> > 
> > Rick Bilonick wrote:
> > > Could some one point me in the right direction for installing and using
> > > ssl vpn? I've been using ssh to connect to my server but now it's going
> > > to be behind a firewall that uses ssl vpn for connections.
> > >
> > > Rick B.
> > >
> > >    
> 
> Thanks. I'm not familiar (yet) with exactly how vpn works. Will this
> work with access via a web page? (I'm always worried that IT here will
> make it virtually impossible to use Fedora or any Linux.) Plus I want to
> be able to connect from my Linux laptop and other Linux computers.
> 
> Rick B.
> 




More information about the fedora-list mailing list