How to backup and restore an Access Manager SSLVPN server

  • 3502469
  • 18-Jan-2007
  • 05-Jun-2013

Environment


Novell Access Management 3 SSLVPN Server
Novell Access Management 3 Access Administration
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Linux Novell Identity Server

Situation

After Restoring a backed up SSLVPN server configuration, all users accessing that service were able to connect but no longer able to access any applications despite all the entries in the Access Administrator UI being correct. Looking closely at the TCP and UDP listeners on the SSLVPN server, it appeared that the service was listening on the default SSLVPN port of 7777, and not the 443 that the administrator had defined in the backed up configuration.

Resolution

The option to backup the configuration will only backup the entires in the configuration store. SSLVPN, or the stunnel service, takes it's configuration information from a combination of local file system configuration files, and the configuration store. Backing up and restoring the configuration files only will not be enough to restore the service to it's working state - certain file system files will need to be backed upa nd restored too.

To backup an SSLVPN server completely, administrators will need to

a) run the /opt/novell/devman/bin/ambkup.sh script on the Access Administration workstation and backup the configuration store and certificates
b) backup the /etc/opt/novell/sslvpn/stunnel.conf file on the SSLVPN server


To restore an SSLVPN server completely, administrators will need to

a) run the /opt/novell/devman/bin/amrestore.sh script on the Access Administration workstation and restore the previous configuration store and certificates
b) copy the backed up stunnel.conf file and place it in the /etc/opt/novell/sslvpn/ directory on the SSLVPN server
c) restart tomcat on the SSLVPN server (/etc/init.d/novell-tomcat4 restart)
d) restart the sslvpnc services (sslvpnc --down and then sslvpnc --up)


Feedback service temporarily unavailable. For content questions or problems, please contact Support.