(7 November 2009) Following are notes on how I set up OpenVPN-ALS (formerly known as Adito). Hak5's notes were a little sparse, so I've built on them here (filling in on the install part).
1) Use Synaptic or apt-get to install the following:
- ant (and its dependencies)
2) Switch to root via "sudo -s".
3) Add the following to .bashrc in /root:
Note: "java -version" is not actually required. It just gives you a nice indicator (when shifting to root) that the java binary can be "seen".
4) Type "exit" to leave root and switch back to root via "sudo -s". This reloads the root environment, including the changes you just made in #3.
5) Download the most recent version of OpenVPN-ALS from SourceForge. (Note: Instead of clicking on the big green "Download" button, click on the "View all files" next to it. The idea here is you want to download the .tar.gz version, not the .zip.)
6) Move the file into /opt and untar the file. It will create its own working directory.
7) cd into the resulting directory.
8) You should see a file called "build.xml". Install the program by running "ant install". This will grab "build.xml" and perform a couple checks and then start the installation wizard. It should look something like the following (Don't panic if it doesn't come up right away. Depending on your machine, it may take a few seconds to get going.):
root@desk:/opt/adito-0.9.1# ant install
[echo] Couldn't find tools.jar from $ADITO_HOME/adito/lib
[echo] Copying the tools.jar from your JDK
[copy] Copying 1 file to /opt/adito-0.9.1/lib
[java] Starting installation wizard.....Point your browser to http://desk:28080.
[java] Press CTRL+C or use the 'Shutdown' option from the web interface to leave the installation wizard.
9) Point a browswer at http://localhost:28080 (or, in my case, http://desk:28080). You should see something like the following:
10) Unless you already have a SSL certificate (or purchased one), you'll need to create one. Make sure that "Create New Certificate" is selected and click "Next". Enter a passphrase in each field and click next.
11) The next screen will probably come up with "localhost" in the "Host name" field. Recommend changing this to whatever you're using as an external host name. (I use DynDNS's service.) Fill in the remaining entries and click "Next".
12) Step 2 in the Installation wizard is entitled "Configure User Database". This is a decision point. Choose one of the authentication methods offered. If this is your first time, I recommend using "Built-In". Click "Next".
13) Fill in the information needed for "Superuser" and click next.
14) The next screen is for configuring the web server. Except for the port number (ISP's tend to block this inbound), I recommend leaving the entries as is. Change the port number to something memorable and click "Next".
15) If your system resides behind a proxy, you'll need to enter the appropriate values for "Step 5 - Configure Proxies". I'm not, so I didn't. Click "Next".
16) This should land you on the "Summary" page.
17) Clicking "Finish" will cause a progress bar to pop up and then push you to the exit page. Click on "Exit Install".
18) Once the web page says it's okay to restart the service, go back to the termainal window and run "ant install-service" to set up the start script in /etc/init.d and the associated rc folders. The output should look something like:
root@desk:/opt/adito-0.9.1# ant install-service
[echo] Installing Adito as Linux service
[exec] Detecting Java
[exec] Using /usr/lib/jvm/java-6-sun-18.104.22.168/jre
[exec] Detected OS debian (x86)
[exec] update-rc.d: warning: /etc/init.d/adito missing LSB information
[exec] update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
[exec] /opt/adito-0.9.1/install/platforms/linux/install-service: line 12: /opt/adito-0.9.1/conf/wrapper.conf: No such file or directory
[exec] Adding system startup for /etc/init.d/adito ...
[exec] /etc/rc0.d/K20adito -> ../init.d/adito
[exec] /etc/rc1.d/K20adito -> ../init.d/adito
[exec] /etc/rc6.d/K20adito -> ../init.d/adito
[exec] /etc/rc2.d/S20adito -> ../init.d/adito
[exec] /etc/rc3.d/S20adito -> ../init.d/adito
[exec] /etc/rc4.d/S20adito -> ../init.d/adito
[exec] /etc/rc5.d/S20adito -> ../init.d/adito
[exec] Service installed
[echo] Adito installed as Linux service
Total time: 0 seconds
19) Start the service by running either "ant start" or "service adito start". If you use ant, the output should look something like:
root@desk:/opt/adito-0.9.1# ant start
[copy] Copying 1 file to /opt/adito-0.9.1/conf
[echo] Creating wrapper configuration dynamically
[echo] Java executable: /usr/lib/jvm/java-6-sun-22.214.171.124/jre/bin/java
[echo] Wrapper directory: install/platforms/linux/x86
[exec] Starting Adito...
[echo] Adito started
Total time: 1 second
20) Point a browser at the port you configured in step # and log in as your superuser. This will get you to the "System Configuration" page.
From here, as stated on the Hak5 page, it is recommended that you follow the Admin Guide to configure available services. I will add more notes in this wiki as I figure things out.