1.5.3


Old Stuff

 www.your-freedom.net
 www.secure-tunnel.com

AlmostVPN FAQ

As a brand new product, AlmostVPN does not have any customers yet who might ask any questions. Below, is a list of questions I think customers would like to know answers for. If you have a question you can ask it by mail. or you can open new ticket.

Contents

1   What are system/user requirements for AlmostVPN?

AlmostVPN requires Mac OS X 10.3.x or better (Every build is tested on latest version of Panther and Tiger). It most certainly will NOT work on 10.2.x so do not even try. There is no particular hardware requirements, so as soon as you can run 10.3.x on the box, you should be able to run AlmostVPN.

AlmostVPN employes sudo to be able to build tunnels to privileged ports, so you need to be able to use sudo in order to be able to use AlmostVPN (Either your account should be marked as "Allow user to administer this computer" or system administrator needs to add you to list of sudoers)

As of 0.9.11 AlmostVPN shipped as a Universal Binary. So if you a lucky enough to have one of these new Intel Based Macs, you will have no problems with Almost VPN.

2   Why would I want to use AlmostVPN?

AlmostVPN provides simple to use alternative to "real" VPN. It allows you to gain access to computers and services on your private network via single secure connection. You can use it to access your private e-mail server while you enjoy your favorite caffeinated drink and WiFi connection courtesy of Starbuck. You can use it to mount volume from your office computer while you are at customer site to be able to get that latest fix you were working on until 3am last night (but consecutively forgot to bring with you). You can use it to run VNC session to computer of your less tech savvy coworker from your favorite vacation spot, to help him/her to conquer yet another problem with MS Office (poor soul...). So the real question is why would NOT you want to use AlmostVPN?

3   How does it work?

AlmostVPN employs Secure Shell (SSH) to create one or more tunnels. Also it uses launchd to control SSH sessions.

4   Where does it stores all passwords?

AlmostVPN creates private keychain "AlmostVPN" to store all passwords. You can inspect it with "Keychain Access" tool (can be found in Applications/Utilities folder).

5   Why does it need to know my local password?

AlmostVPN configures SSH to create tunnels. In a nutshell it makes "port" on your local host to act as a teleportation point, so when you access it all data gets transfered to remote server on the other end of SSH tunnel. Each "port" has well known number (HTTP - 80, SMTP - 25, ... ). From very early days of Unix it was decided that you need to have very special privileges to "use" ports with numbers below 1024. Unfortunately, most of "interesting" ports fall into this category. As a result, AlmostVPN needs to be able to gain such privileges which it does by using sudo command which requires your password.

6   Is it possible to use AlmostVPN with key based (password less) access

In short, answer is yes. As of 0.9 Beta 2 it is possible to explicitly control use of "-i" option and specify particular key file to be used with it. AlmostVPN is looking for ~/.ssh/id_dsa, ~/.ssh/id_rsa and ~/.ssh/identity files ( in this order ) to define default value for this option.

7   How can I mount AFP drive with AlmostVPN?

  1. To mount volume from the server you are SSH'ing to. If your server "private" IP address is different from the "public" IP address (like in case of NAT going on), then you have to specify "private" address in the account definition. You need to use "private" IP address (or host name RESOLVABLE to private IP address) when you define you drive.
  2. To mount volume from the server other than the one you are SSH'ing to.You need to use "private" IP address (or host name RESOLVABLE to private IP address) when you define your drive.

8   How can I mount SMB drive with AlmostVPN?

You MUST use server NAME when you defining your drive AND server you are trying to mount volume from should recognize this name as his own AND this NAME should be resolvable to "private" IP address of the server (see FAQ about maintaining server name to address mapping ). Take a look at this how-to for more details

9   My DNS Server can not resolve "private" names to IP addresses. What can I do?

AlmostVPN maintain its own list of server name to ip address mappings. Each time it needs to get IP by name or name by IP it will look into this list first and use OS services only if it does not know about this particular IP/name. You can manage these mappings with "Known Servers Manager" pop-up accessible via small "wrench" icon next to any "server related" combo boxes.

10   How AlmostVPN plays with SOCKS proxies?

Very nicely :-). For details go to AlmostVPN and SOCKS.

11   How can I see AlmostVPN logs?

Click 'Debugging Dialog' Button (DebugDialogButton). Following dialog will appear:

http://www.leapingbytes.com/downloads/almostvpn/cookbook/images/DebugDialog.png

It is good idea to enable extra logging. Click on Open Log to see Almost VPN log file. Click on Open plist to see Almost VPN preferences file. Click Ok to dismiss this dialog.

12   I really need to connect to SSH v1 server

First of all, you really need to think about upgrading this server to SSH v2. SSH v1 has too many security holes to be used by anyone for any purpose. Secondary, when AlmostVPN v 1.0 will come, the answer to the same question will be "No you can not".

Meanwhile, you will need to use ~/.ssh/config file. If you want to connect to server with name XYZ and IP address 1.2.3.4, you will need to enter following two lines:

Host 1.2.3.4
Protocol 1

Simplest way to add these two lines is to run following two command in terminal:

echo "Host 1.2.3.4" >> ~/.ssh/config
echo "Protocol 1" >> ~/.ssh/config'

13   My SSH server uses RSA card for authentication

Type "@ask@" in password field and you will get nice dialog to enter password each time AlmostVPN needs one. This function was implemented for 0.9.3 in response to Ticket #55

14   AlmostVPN crashed and now my configuration is all "funny", how can I "cleanup" after AlmostVPN?

In rear situation when AlmostVPN crashed (or was forced to quite), you may end-up with some artifacts of special network configuration employed by AlmostVPN. You can use Cleanup.AlmostVPN application to remove all traces of such configuration from your system.