Entree F5 Firepass BETA
by: JDH Consulting, Inc. • 8
BETA - F5 Firepass SSL-VPN For ALL Rooted Devices NO KERNEL module Required.
Entrée is a Firepass compatible SSL-VPN client that does not require a Kernel module. That’s right no need for a TUN.KO or any other kernel module. We have taken a completely different approach to the route interception of packet while staying fully compatible with the Firepass on the back end. In addition Entrée works with any rooted android device (from 1.6 DONUT forward) without IPTABLES or other kernel dependencies. In addition Entrée also resolves the issues around split horizon routing, by allowing you to specify only the routes that you want to traverse the VPN tunnel in a concise CIDR block format. All your other routes stay in tact. So you can now continue to take advantage of direct connection to the Internet while automatically back-hauling your corporate traffic to the VPN head-end. The PRO version of the product will support full remote route provisioning via REST API etc. Today you can easily add the routes in a comma delimited list via our Award-Winning glass UI (User Interface).
An SSL-VPN is a very simple concept it is just a standard authenticated SSL connection not unlike a connection to your favorite SSL web server that is used as a tunnel to send and receive packets over. The only real trick to making this work is the ability to obtain the packets to send, and to inject the packets that are received back into the android OS. The most popular approach to this is the tun.ko driver. It provides a method for packets to be read/written via an IOCTL interface in user space.
Entrée takes a different approach that allows it to obtain the packets in user space without the need for this troublesome module (tun.ko). In fact we don't need a kernel module at all to work as an SSL-VPN we leverage driver support that is built into every android kernel. Root is still required to update routing tables, open drivers, etc. That can't be helped do to the security model of Linux that has inherited into Google android.
-Security Countermeasures (Pro Version):
VPN technology is designed to mitigate risks to corporations, especially when content inspection, mail compliance etc. Is enforced by the head-end the challenge is making sure that it is not circumvented in anyway. Entrée is the first mobile client product to actually enforce these counter measures to ensure that the end-user can not just simply turn off the VPN and get around the other measures provided by the corporation. Entrée PRO protects against the following:
1.) Malicious kill using task killer etc. You can’t kill Entrée this way.
2.) Removal – Blocks removal from the device.
3.) Application/Service changes.
4.) Configuration changes are protected local or can be managed remotely.
5.) Protect market application manipulation.
6.) Delete all data. (Stealth Configuration Protection)
7.) Audit trail logging of all events with easy query interface.
8.) Remote access via secured provisioning API.
9.) Multi-User support for different users hoteling or sharing of devices.
-Split Horizon Routing:
Specify which routes you want to traverse the VPN everything else uses
the default route. The routes are shown in a routing table and highlighted in
the color red to differentiate and highlight them. Routes can be updated and managed remotely with the Entrée PRO version.
- Remote Device Provisioning Via External Web Interface
1) Connect to your WIFI assigned IP Address on port 6715 initial credentials (entree/password)
2) You can configure the device remotely with a full browser.
3) Once configured the new user/password will be your VPN user/password
From The Same Team That Brought You Entree AnyConnect.
Questions feel free to firstname.lastname@example.org Enjoy!!!
Tags: firepass , firepass vpn , f5 vpn , entree openvpn , ssl f5 , f5 ssl , ics browser certificate ssl , firepass configuration , f5 ssl androd