Some time has passed since we published news of the bytemine manager, but we try hard to invest more time in this project. To prove this we recently added some features and improvements to the bytemine manager:

• Update bouncycastle library from 1.4.4 to 1.4.5.
• On SSH connections after 3 false login attempts the connection gets aborted.
• Windows executable file is delivered for easier startup on Windows systems.
• The panel widths in the server/user overview can be changed by the user. This setting is saved and restored on every startup of the application.
• For new users and servers an individual expiration period can be specified.
• Users are no longer imported from the passwd file on synchronisation. Only users existing in the manager connected to the server are exported into the passwd file. Use the global import function to import users from a passwd file.
• Revoked users are better visible on first sight.
• Client certificates are no longer copied to the concentrators.
• New function to renew existing, non-revoked certificates.

Since we open sourced the bytemine manager a while ago you can checkout the latest stable version from github: bytemine manager on github.

Please feel free to report bugs and errors, ask for new features, or simply give us feedback on how you like that software.

Now that CeBIT 2010 has started, we finally can announce the things we have planned for quite a while. The first big news (and there is more to come!) is:

bytemine-manager is now open-source!

bytemine-manager is the only cross-platform OpenVPN-administration software and we’ve completly released it under the BSD license.

You can get the source from here on github! Along with the bytemine-manager we also open-sourced a piece of software for multiplexing uni-/bidirectional streams onto stdin/stdout (called ut). Typically used via the secure shell protocol, it provides a means to, e.g., simultaneously control multiple OpenVPN servers via their management interface using one secure channel. You can find the source code to ut here on github as well.

Binary packages for the bytemine manager are linked from our download page. Packages for ut are going to be released within the next days.

You can find us at the CeBIT 2010 in Hall 6, Stand A36. We are looking forward to meet you there!

Last week we released the new version of the bytemine manager. We’ve been working on the new manager release since our bytemine hackathon in the beginning of november.

Main focus of the development was to greatly enhance usability. Furthermore we’ve added features and followed up on feature requests we got from our customers. One of the most visible changes is the new tab in which we display users and servers in a tree like structure:

A toolbar has been added to the control center. Furthermore informations like the IP address of the client within the VPN.

Already an extract from the changelog reads quite impressive:

• Tree based configuration and assignment of users to servers (and vice versa)
• Simplified configuration
• Dialogs became more explicit
• Behaviour of User and Server handling has been made more alike
• A toolbar has been added to the control center
• For each connected user, the IP within the VPN is now displayed. In case of bridged users the Virtual MAC is displayed
• It is now possible to print tables and user data
• One-click synchronization of all configured servers added
• The manager does an automatic restart after changing the database.
• Certificate Revocation List (CRL) can now be opened in a separate tab
• The importer has turned into a real import wizard
• Add the option to re-enable a revoked certificate.
• Allow spaces in username in update validation.
• Menu item for exporting all certificates into the EXPORT_PATH.

The eval version is available through our Online Shop (for free of course), as well as through our product portal.

During our bytemine hackathon at the north sea, I gave a talk on the history of the company, the way bytemine has developed over the years and our current development culture. During this presentation we came to the conclusion that we follow the ‘evolution, not revolution’ paradigm, just like OpenBSD does.

This is also the paradigm of this bytemine manager release. Of course the bytemine manager had its fair-share of focus during the hackathon, after all it is, what we think the future in OpenVPN administration. But all the ideas we had and also the outcome of a user-interface-usability session, will not become alive over night.

The bytemine manager 1.2 brings a lot of fixes and smaller features, that have been added in the last five weeks to the codebase of the manager. Among other things the following items can be found in the ChangeLog:

• Many smaller UI fixes, the tables now grow upon resizing the main window, etc.
• CN and usernames do not have to be the same, eg. decoupled.
• Each controlcenter tab can now send custom commands to the OpenVPN server
• Updated bouncycastle provider jar (3rd party crypto library)
• External db can be passed on the commandline
• Extract the username out of X509 subject when revoking a certificate

and many more changes.

Of course we’ve also worked on improving the documentation. The manual for the bytemine manager is now also available in english. Direct links to the manuals: english manual, german manual.

The evaluation version of the bytemine manager can be downloaded for free from our eval version.

Daniel is actively working on a much improved user-interface, so stay tuned for further updates to the bytemine manager.

Alongside with the new bytemine manager, we’ve setup a new mailinglist. The mailinglist products-discuss is meant as a direct feedback channel for you. Not only for feedback, but also for technical (and philosophical) discussions around and about our products.

Enjoy!

It is time to announce a new version of the bytemine manager. Version 1.1 has just been released and is ready to be downloaded for evaluation:

Throughout the development towards 1.1 we added quite a few new features and, for good measure, fixed some small and even smaller bugs ;) .

Highlights: an update mechanism which enables the manager to auto-update, a much simpler x509 configuration dialog, and the option to switch to an external database. This implies the option to store the database at an external location – in a crypted container, for example, or at a place you have included in your backup strategy. Furthermore, after downloading a new version you simply specify the location of your database on startup of the new application, and it is automatically updated and used as default at every startup.

The interaction with the OpenVPN servers over ssh (via our Socket-Wrapper) has become much more robust as well.

We rounded out the bytemine manager by improving handling and stability. You should definitely give it a try!

Last but not least, we’ve opened up our portal to the public. After a self-registration you can access the eval version of the manager as well as the issue-tracker and help us with your feedback to further improve the bytemine manager.

We’re back from FrOSCon 2009 and had a fabulous time. Previously we have heard, that FrOSCon is a very well organized conference and we can definitely confirm that. Already prior to the event, the communication with the FrOSCon team went well.

We arrived Friday evening around half past eight and the whole FrOSCon team was in action to build up the event. This gave us the chance to have our booth set up by friday evening already. With each iteration of ‘bytemine on tour’ we worked on improving the presentation concept for our booth and yes, we came pretty far. The outcome of this can be seen in the picture. Wow!

We’ve presented the newest of our products, with software versions we’re releasing this and the next week. The visitors had a chance to take a peak at the upcoming bytemine openbsd appliance software version 1.2 as well as the beta version fo the bytemine manager 1.1. These will be covered here, once we released the software this and next week. Stay tuned for that!

Holger had the idea to use a table-top rack, usually used for music equipment. The rack is tilted by 15 degree, which gives the visitor the chance to take a look at the display and the appliance without having to bend down.

Both days were filled with lots of interesting conversations. The social event on saturday evening was nicely done and gave the chance to relax a bit.

One of side-effects of FrOSCon is that we will be exhibiting at OpenRheinRuhr this november. I will be talking with their organizers this week.

See you at FrOSCon 2010!

We’ve been deploying OpenVPN installs for a few years now and ever since the administration of the OpenVPN concentrators was something our customers never really liked. For once there is the Certificate Authority and the user management. The scripts provided by the OpenVPN developers, named ’’easy-rsa’’, are nice but not very user-friendly. For another there is always the wish, to see which users are currently connected to the VPN and how much data they shove around.

At the end of last year, I looked around to find a different solution for handling the certificates and the users. While there are some tools out there, none of them really did it. The features we were looking for:

• Easy handling of certificates and users
• Being able to control the VPN Servers and see what was happening

Ain’t a big list. Wanting to handle the Certificate Authority (CA) meant for us, that it had to be a stand-alone application and not a webfrontend on the OpenVPN Servers. Why? Very simple: In most places it is a requirement, that the CA may not be connected permanently to the network or at least not be on the same host who grants access based on certificates that are issued with this CA. The CA needs to be protected. Furthermore I did not want to offer our customers a set of applications to use with the vpn servers, but only one application that would fullfill all their needs in regards to the OpenVPN concentrators.

We came up with what we call the ’’bytemine manager’‘. The ’’bytemine manager’’ is a stand-alone java-based desktop application. Why java you ask? For one very simple reason: it allows you to use the application almost anywhere. Yes, there are tons of possiblities to achieve the same thing with other languages, but java was from our perspective the most simplest one. Mono was another idea, but there is no stable mono environment for OpenBSD, and of course, we wanted to use the application for ourselves on OpenBSD.

Currently we’ve tested the ’’bytemine manager’’ on the following platforms:

• various Windows flavours (XP, Vista)
• various Linux Distributions (Ubuntu, Fedora, Debian)
• OpenBSD

As long as you have access to a Java 6 runtime environment, you should be on the safe side. All libraries needed, are bundled with the application. The contents of the application (certificates, users, configuration data) is stored in a sqlite database.

Coming back to the features of the ’’bytemine manager’’. Currently it brings the following features along:

• user and certificate management
• synchronisation of users and certificates to multiple OpenVPN servers
• import of existing user and certificate data from existing OpenVPN installations
• management of users and certificates stored in LDAP
• users can be assigned independently to servers
• display of currently connected users per server
• display of usage data per user
• termination of connections
• modular design – various modules can be used independently of each other

Users and certificate data is synchronised from within the application to the vpn concentrators via ssh. Of course the application supports the use of ssh keys, so you don’t even have to use password authentication, makes it even more safe. All communication with the vpn servers is done over the ssh connections. The manager application also allows filesystem- and ldap-based export of the user- and certificate-data.

So this is already quite a lot. One of the neat features is, that the ’’bytemine manager’’ is not only for use with out bytemine openbsd appliance, but can be used with any OpenVPN server. The only requirement is, that if you want to use the controlcenter, you will need at least OpenVPN 2.1rc14, since that version introduced the unix domain socket for the management interface. For security reasons, we decided not to support the cleartext telnet interface. However, the socket-wrapper interface, will be covered in an upcoming blog article by Holger.

More (german) information on the bytemine manager, can be found on the corresponding product page.

There is a trial version of the application available: bytemine-manager-1.0.1-trial.zip.