SubVS.co.uk

You have your SSL-explorer running and all your users are using their remote desktops (http://www.subvs.co.uk/ssl_vpn_on_ubuntu ), but there are a couple of neat things to do after that as well, like web forwarding, file management and port forwarding:

Internal web site through SSL explorer

If you have any external websites that external users will need, replacement proxy is what you want. This proxies the site through ssl-explorer, and you can add a link for it to the users favourites so they have everything available from their ssl-explorer portal. It can be done in a few simple steps:

• Log on as an admin
• Click "Web Forwards"
• In the top right, click "Create replacement proxy"
• Give it a name and description, and if you want it on the user's portal, tick "add to favourites", then click next
• Type in the destination url as a full url (ie http://intranet.localdomain.local) - This can also be dynamically set from user attributes (so set a "intranet address" attribute for a specific user as http://intranet/username for example)
• Leave the category and encoding as is, and if you want to restrict access, enter the hosts that can use it, then click next
• On the next page, you can set authentication options. If you need the users to authenticate automatically, you can do it here by either typing in values or using user attribues.  Once done, click next
• Now to assign the web forward to a policy. You have the option to configure policies as well, so if you want only certain groups or users to have use of the web forward, create a policy for them, and assign the forward to this policy, otherwise just choose the built in "Everyone" policy.
• Click next and then finish, and its all systems go.

Port forwarding with SSL explorer

You can also forward ports with the SSL-explorer agent, we used this for opening the ip camera ports to admins from the outside, but you could use it for anything that would normally need port forwarding.

• Log in as an admin
• Click SSL Tunnels
• In the top right, click "Create tunnel", give it a name, description and add to favoroites if needed
• Leave source interface as 127.0.0.1 unless you only want to listen on a specific interface
• Add source port, destination port and destination host, leave type as Local
• Tick auto start if you want this to auto start with the ssl explorer agent (this is really useful when you want to open up more than one port. You can add a tunnel with the name "camera ports" for example, as a favourite, then create the other ports you need forwarding and configure them to auto start. The user will then just need to click the one in favourites - this will start the agent and thus auto start all the other tunnels). Click next
• Assign the forward to a policy, then click next, then finish.

Access to files through SSL explorer

You can allow access to a file server for your external users as well, there are a selection of file server types available, eg smb, ftp, nfs etc. This will give users a web based interface which they can use to upload, download, copy, paste and zip files from the file server.

• Log in as an admin
• Click "Network places" then in the top right, "Create network place". Give it a nam, description and favourite if needed.  Click next.
• Choose the type, for this example, windows network. Put the file server name in "host" and either the shared folder name or just "\" as the path. Username and password can be taken from user attributes, so if you are using AD authentication, choose session:username and session:password to fill in those fields. You can also choose to make things read only, not deletable etc. Its a nice idea to tick "show folders". Click next.
• Assign a policy to the network place, click next and then finish.