Installing OpenVPN-ALS Java Application Server on Compact Flash Linux

Printer-friendly versionSend by emailPDF version

This is the third of the series on Compact Flash Linux. In the first part of the series, we have shown how to install Debian Linux on a compact flash in one of our systems: the OpenBrick-E 600Mhz Celeron-M. In the second installment, we have shown how to configure Linux to minimize the "wear-and-tear" of a compact flash. Basically, we have changed the compact flash Linux into an embedded Linux. In this third part, we will show how to set up a Java Application Server. We will use the OpenVPN-ALS, used to be called Adito, which provides the SSL VPN services.

What is OpenVPN-ALS?

"OpenVPN ALS is a web-based SSL VPN server written in Java. It has a browser-based AJAX UI which allows easy access to intranet services. OpenVPN ALS is a direct descendant of Adito, which was a fork of SSL-Explorer..." As described on Sourceforge.

Installing the OpenVPN-ALS Server

Since the Compact Flash Linux is based on Debian Lenny Linux, the current stable release, we will follow closely the instructions provided by Jared Heinrich's How to install openvpn-als on Ubuntu Linux SSL VPN. We will add some customizations to make it run smoother on a compact flash.

First, we have to make changes to the apt source to indicate additional repositories we want to get our packages from.

Following is a screenshot of the /etc/apt/sources.list: mainly adding the main, contrib and non-free repositories.

Then, we use apt-get to install the following packages: sun-java6-jdk ant junit subversion.

#apt-get install sun-java6-jdk ant junit subversion

The next step is to grab the current svn trunk version of the ALS:

#svn co https://openvpn-als.svn.sourceforge.net/svnroot/openvpn-als/adito/trunk /opt/openvpn-als

Customization for Compact Flash Linux

Our Compact Flash Linux does run a little differently from a hard drive. The main concern is to minimize the number of "un-neccessary" writes onto the flash memory. The following is an attempt to move some of the frequent written files of OpenVPN-ALS to the "standard" /var/log directory.

First, let's move to the openvpn-als directory.

#cd /opt/openvpn-als/

Make the log file area for Adito.

#mkdir -p /var/log/adito

Change the logs directory into one on the /var/log directory.

#sed -i.bak -e 's#dir=\"logs\"#dir=\"/var/log/adito/logs\"#g' -e 's#dir=\"${dist.dir}/logs\"#dir=\"/var/log/adito/logs\"#' adito/build.xml

#sed -i.bak -e 's#File=logs/adito.log#File=/var/log/adito/logs/adito.log#' adito/conf/log4j.properties

The following change passes two paramaters to the OpenVPN-ALS server program, through the wrapper.conf configuration file:

  1. --jettyLog=/var/log/adito/logs/yyyy_mm_dd.request.log
  2. --temp=/var/log/adito/tmp

#sed -i.bak -e 's#logfile=logs/wrapper.log#logfile=/var/log/adito/logs/wrapper.log#' -e 's$^#wrapper.java.additional.2$wrapper.java.additional.2$' -e 's$^#wrapper.app.parameter.1=$wrapper.app.parameter.1=--jettyLog=/var/log/adito/logs/yyyy_mm_dd.request.log\nwrapper.app.parameter.2=--temp=/var/log/adito/tmp$' adito/conf/wrapper.conf.base

Put the PID file in the /var/run directory. This is the "standard" Debian behavior!

#sed -i.bak -e 's$PIDDIR=\"tmp\"$PIDDIR=\"/var/run\"$' adito/install/platforms/linux/adito

Then, run the install command

#ant install

The configuration is web-based. Following is a screenshot of the web page.

Continue with the installation of the agent and the service.

#ant install-agent

#ant install-service

Once the installation is completed, further setup can be done at the web GUI.

OpenVPN-ALS Log Files

Following are the log files that we have moved from the "default" OpenVPN-ASL area to our ramdisk based /var/log directory. The atido.PID is also in the /var/run directory.

What Next?

The OpenVPN-ALS conf and deb directories should be moved to /etc as in a "standard" Debian system.

As installed, the Adito server should run fine, as it is on a magnetic media. However, it has to be shutdown properly, or the filesystem may experience corruptions. The next step would be to make it like an embedded system. The filesystem should be converted into a firmware. The OpenVPN-ALS server should become an appliance.