vincentkong.com

In my previous blog I talked about setting up a HTTP tunnel using BoutDuTunnel. To setup the server-side, a command line application was used: BdtServer. BoutDuTunnel also provides a web application solution BdtWebServer which lets you host the application inside a web server. To host BdtWebServer in Ubuntu, BoutDuTunnel recommends to use Apache/mod_mono, however I decided to use an alternative approach.

Configuring BdtWebServer

Mono XSP is a lightweight and simple webserver written in C# which runs run ASP.NET applications.

To install Mono XSP run the following:

$ apt-get install mono-xsp2
$ apt-get install libmono-system-runtime2.0-cil

To ensure that XSP is properly installed you can install the ASP.NET 1.1 and 2.0 demo pages.

$ apt-get install asp.net2-examples
$ xsp2 --applications /:/usr/share/asp.net2-demos

When the server has successfully started, point your browser to http://localhost:8080 (the default port for XSP web server is 8080) to display the web page below:

ASP.NET Examples

If the following error is encountered:

System.InvalidOperationException: Standard output has not been redirected or process has not been started.

Run the following command to address the issue:

ln -s /usr/bin/gmcs2 /usr/bin/gmcs

Now the BdtWebServer is ready to be started:

xsp2 --port 8080 --nonstop --applications /:/opt/bdt.bin.1.4.3066.mono/BdtWebServer

--nonstop don’t stop the server by pressing enter. Must be used when the server has no controlling terminal.

Configuring BdtClient

Setting up the BdtClient to establish a connection to BdtWebServer is similar to BdtServer with the exception that the name attribute is set to BdtServer.soap in the service tag of the configuration file.

<service name="BdtServer.soap" .../>

Security Issue

When hosting the BdtWebServer application in a web server the BdtServerCfg.xml (which contains the username and passwords) will be exploit when you point the web browser http://my.server:8080/BdtServerCfg.xml.

To address this issue I setup XSP to integrate with Apache/mod_proxy by configuring the following Apache configuration to forbid access to BdtServerCfg.xml

    <Location /BdtServerCfg.xml>
        Order deny,allow
        Deny from all
    </Location>

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    ProxyRequests off
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

Finally, I setup a firewall to block port 8080 from public access.

About a year ago I wrote about creating a HTTP tunnel through a HTTP proxy server using GNU HTTP Tunnel.   Unfortunately if the proxy server was run by a ISA server then GNU HTTP Tunnel would not work since it doesn’t support NTLM authentication.

BoutDuTunnel is an open source project written in C# and is compatible with HTTP proxy servers, even if they use NTLM authentication (like ISA Server) and even if they prohibit the “connect method”.

To setup BoutDuTunnel on Ubuntu I had to install Mono.  When using Mono 2.0.1 or 2.4 an error occurred Unexpected binary element: 21 when running the BdtClient.exe. Therefore I installed Mono 1.9.1 by building it from the source.

Instead of installing the latest version of BoutDuTunnel, I installed 1.4.3066 because an error would occur on the BoutDuTunnel server moments after the BoutDuTunnel client connected to it.

Unhandled Exception: System.MethodAccessException: Method `Bdt.Server.Service.TunnelSession:CheckTimeout (Bdt.Shared.Logs.ILogger)' is inaccessible from method `Bdt.Server.Service.TimeoutObject:CheckTimeout (Bdt.Shared.Logs.ILogger,System.Collections.Generic.Dictionary`2)'

Setting Up the HTTP Tunnel

Setting Up BdtServer (on the home computer)

The BdtServer can be setup through the command line or hosted inside Apache/mod_mono.  To setup BdtServer with the command line extract the BoutDuTunnel and modify the BdtServer configuration file.

$ unzip bdt.bin.1.4.3066.mono.zip
$ cd bdt.bin.1.4.3066.mono/BdtServer
$ nano BdtServerCfg.xml

The configuration file is well commented and should be similar to the following:

Configure binary stream/HTTP as the communication protocol to be used.

<service
name     = "BdtServer"
protocol = "Bdt.Shared.Protocol.HttpBinaryRemoting"
port     = "8080"
/>

Require user be authenticated before establishing a communication.

<users>
<username
enabled  = "true"
password = "password"
/>
</users>

To start up BdtServer execute the following:

$ cd bdt.bin.1.4.3066.mono/BdtServer/
$ mono BdtServer.exe

Setting Up BdtClient (on the office computer)

There are two types of client available for BoutDuTunnel:

• BdtClient run by the command line
• BdtGuiClient which provides a GUI interface

To setup BdtClient modify the BdtClientCfg.xml configuration file.

Configure hostname and communication protocol for server with BdtServer.

  <service
    name     = "BdtServer"
    protocol = "Bdt.Shared.Protocol.HttpBinaryRemoting"
    address  = "my.server"
    port     = "8080"
    username = "my.username"
    password = "my.password"
  />

Configure the proxy/ISA server to be used.

  <proxy
    enabled  = "true">
    <authentification
      auto     = "false"
      username = "proxy.username"
      password = "proxy.password"
      domain   = "proxy.domain"
    />
    <configuration
      auto     = "false"
      address  = "proxy.hostname"
      port     = "proxy.port"
    />
  </proxy>

Configure the ports to be forwarded.

  <forward>
    <port22
      shared  = "false"
      enabled = "true"
      address = "my.ssh.server"
      port    = "22"
    />
  </forward>

Run the BoutDuTunnel client to establish a tunnel connection to the BdtServer.

C:\bdt.bin.1.4.3066.mono\BdtClient>BdtClient

Now a SSH connection can be establish to your home computer by connecting through localhost:22

Installing  Mono on Ubuntu is easy:

$ apt-get install mono-2.0-devel

Unfortunately even the latest version of Ubuntu 9.04 only comes with Mono 2.0.1.  To install a newer (or different) version a solution would be to build Mono from source.

Download the desire version from the Mono website and extract the packaged file.

$ wget http://ftp.novell.com/pub/mono/sources/mono/mono-2.4.tar.bz2
$ tar -xf mono-2.4.tar.bz2

To compile and install Mono execute the following

$ cd mono-2.4
$ configure --prefix=/opt/mono-2.4

Where --prefix option indicates which directory to installation should be; for more option run

$ configure --help

If anything is missing from the system, configure will throw an error, install the missing package with apt-get and try running it again.  Then execute the compilation and installation to complete the build.

$ make
$ make install

Compiling Error with Mono 1.9.1

If you are compiling Mono 1.9.1 the following error might be encountered:

wapi_glob.c: In function 'globextend':
wapi_glob.c:303: error: 'ARG_MAX' undeclared (first use in this function)
wapi_glob.c:303: error: (Each undeclared identifier is reported only once
wapi_glob.c:303: error: for each function it appears in.)

The problems is due to the newer versions of GLib no longer defines ARG_MAX. To fix this issue, add the following to mono/io-layer/wapi_glob.c in the Mono source directory:

#include <unistd.h>

#if defined(_SC_ARG_MAX)
# if defined(ARG_MAX)
#    undef ARG_MAX
# endif
# define ARG_MAX sysconf (_SC_ARG_MAX)
#endif

#include "wapi_glob.h"