JDPFu.com 2025

So, Adito/VPN doesn’t really like Linux. The installation goes better than expected on 32-bit Linux, but if you change any of the configuration settings, then have the admin web page reset the server, the system won’t come back up. This happens on both 64-bit and 32-bit Ubuntu 8.04.x in my experience.

Initially, I installed Adito on a 64-bit Ubuntu Server, but problems with the startup scripts and/or wrapper, prevented it from working as far as I can tell. I never, never, never got the Adito to work after a reboot on 64-bit Linux. I ended up installing a 32-bit VM under ESXi 4 and loading Adito there. Comments below is for 32-bit Linux, since it was clear that the 64-bit startup scripts/wrapper was beyond my ability to solve.

Even on the32-bit Adito install, the system has never come back up after changing settings that require a reboot for me. NEVER without doing some extra work. After making any reboot-required changes, only the method outlined below has gotten a running Adito system again.

The Fix

I’ve tried a few methods (UTF-8 settings, hacked startup files, hacked config files, swapped versions of libwrapper crap), only the following has actually worked. As root:

1. cd /opt/adito (or whatever directory you used)
2. Delete the conf/webserver.properties
3. ant install
4. Login through the web interface at http://host:28080
5. Step through the install process keeping all the defaults from before. Only the SSL certificate/key will need to be reinstalled.
6. Reboot and all is well.

I’ve not lost userIDs or policies or tunnel settings doing this.

At some point, I’ll need to figure out how to backup just the settings and DB, without grabbing the entire server image.

What’s the issue?

I can only guess, but I believe it is too much of a mix of java and supporting java tools. According to the blueprint going forward, they plan to swap ant for some other tool and remove libwrapper. Ant is used by all java development teams, so I doubt that really is the issue. libwrapper appears to be a lazy way to set configurations for java web applications. There seem to be incompatible versions shipped with Adito as well. The startup process is overly complex too.

/etc/init.d/adito points to /opt/adito/install/platforms/linux/adito which is overly complex and reads a config file /opt/adito/conf/wrapper.conf which figures out which specific version of wrapper to call in /opt/adito/install/platforms/linux/x86-64/wrapper with the appropriate options (more than 3 options for some reason)

/opt/adito/conf/wrapper.conf is rewritten with every run of ant, which means any time you have to modify it to make it work (UTF-8 character sets), then any use of ant will overwrite those settings. CRAP. There are ways to reset everything with ant or just reset parts. The problem is these resets aren’t explicit in the build.xml file – they are implicit. More crap.

Anyway, the levels of indirection are too complex and just make something that should be

java /opt/adito/lib/adito.war

into something really complex. Yes, I know it isn’t that simple, but it should be. That’s the point.

Update a few weeks later

So we’ve been using the VPN for a few weeks and everything is working well. Performance is good. There are a few things lacking that we’d really like to have, but they are beyond our expertise. Since I’m protecting internal web sites, we didn’t want to leverage LDAP authentication. We really want RADIUS authentication with x.509 certificate exchange. That isn’t a built-in option, so I’ve force really, really long and complex passwords and don’t allow users to change their passwords to get into the VPN. Their LDAP passwords are still known only to them, it is just the VPN access which I demand use 60+ characters. I deliver the password to each of them in a KeePass database, further insisting they follow good password management and protection methods.

Deployment to the entire company happened a few months ago. We’ve had no issues and have placed all our applications behind this VPN.

Help Make This Data Better

As I review this post, I can see where it could be confusing. It isn’t particularly well written. Please let me know which parts are too confusing to be useful. Oddly, this is one of the most popular posts on this site.