Environment
Novell Access Management 3 SSLVPN Server
Novell Access Management 3 Access Administration
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Linux Novell Identity Server
Situation
After Restoring a backed up SSLVPN server configuration, all users
accessing that service were able to connect but no longer able to
access any applications despite all the entries in the Access
Administrator UI being correct. Looking closely at the TCP and UDP
listeners on the SSLVPN server, it appeared that the service was
listening on the default SSLVPN port of 7777, and not the 443 that
the administrator had defined in the backed up configuration.
Resolution
The option to backup the configuration will only backup the entires
in the configuration store. SSLVPN, or the stunnel service, takes
it's configuration information from a combination of local file
system configuration files, and the configuration store. Backing up
and restoring the configuration files only will not be enough to
restore the service to it's working state - certain file system
files will need to be backed upa nd restored too.
To backup an SSLVPN server completely, administrators will need to
a) run the /opt/novell/devman/bin/ambkup.sh script on the Access Administration workstation and backup the configuration store and certificates
b) backup the /etc/opt/novell/sslvpn/stunnel.conf file on the SSLVPN server
To restore an SSLVPN server completely, administrators will need to
a) run the /opt/novell/devman/bin/amrestore.sh script on the Access Administration workstation and restore the previous configuration store and certificates
b) copy the backed up stunnel.conf file and place it in the /etc/opt/novell/sslvpn/ directory on the SSLVPN server
c) restart tomcat on the SSLVPN server (/etc/init.d/novell-tomcat4 restart)
d) restart the sslvpnc services (sslvpnc --down and then sslvpnc --up)
To backup an SSLVPN server completely, administrators will need to
a) run the /opt/novell/devman/bin/ambkup.sh script on the Access Administration workstation and backup the configuration store and certificates
b) backup the /etc/opt/novell/sslvpn/stunnel.conf file on the SSLVPN server
To restore an SSLVPN server completely, administrators will need to
a) run the /opt/novell/devman/bin/amrestore.sh script on the Access Administration workstation and restore the previous configuration store and certificates
b) copy the backed up stunnel.conf file and place it in the /etc/opt/novell/sslvpn/ directory on the SSLVPN server
c) restart tomcat on the SSLVPN server (/etc/init.d/novell-tomcat4 restart)
d) restart the sslvpnc services (sslvpnc --down and then sslvpnc --up)