Howto re-import an SSLVPN server in Novell Access Manager

  • 7003363
  • 27-May-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3 SSLVPN Server
Novell Access Manager 3.1 SSLVPN Server

Situation

SSLVPN server was setup and working fine in traditional (non ESP) mode on a test platform. Administrator wanted to keep the existing SSLVPN server host, but import the device into the production Admin Console. After following the instructions at https://www.novell.com/documentation/novellaccessmanager31/sslvpn_serverguide/index.html?page=/documentation/novellaccessmanager31/sslvpn_serverguide/data/b5nvtfb.html, no SSLVPN server device would appear in the production Admin Console. Administrator could not re-import the device from that point on.

Resolution

Run the following scripts to allow a reimport of the SSLVPN server into another (or existing) Admin Console. Note that the script should be saved, execute rights added, and then run on the SSLVPN server. Note that both ESP and non ESP SSLVPN servers are considered.

1. ESP enabled SSLVPN server

#!/bin/bash
# This script is used to reimport ESP SSLVPN to the new device manager

export DS_ADMIN_DN
export DS_ADMIN_PWD

read -e -p "Enter the configuration store admin DN [cn=admin,o=novell]:" DS_ADMIN_DN

if [ -z "${DS_ADMIN_DN}"]
then
  DS_ADMIN_DN="cn=admin,o=novell"
fi

stty -echo
read -e -p "Enter the configuration store admin password []:" DS_ADMIN_PWD
stty echo
echo

#Bring down all services
/etc/init.d/novell-jcc stop
/etc/init.d/novell-tomcat5 stop
sslvpnc -d
sleep 3

#Configure sslvpn for new admin server. This will update config.xml
sslvpnc -c

#Configure jcc with new set of ips
/opt/novell/devman/jcc/bin/config.sh --two_pass_configure

#Generate new random number for the new device ID.
SSLVPN_UNIQUE_ID=`head -c8 /dev/urandom | od -An -tx8 | tr -d "[:space:]" | tr "[:lower:]""[:upper:]"`

echo "New id $SSLVPN_UNIQUE_ID"


#run configure to update with new set of IDs
               /opt/novell/devman/jcc/conf/Configure.sh  --user "${DS_ADMIN_DN}" --pass "${DS_ADMIN_PWD}" --nespid "esp-${SSLVPN_UNIQUE_ID}" --sslvpnid "${SSLVPN_UNIQUE_ID}" --tomcatdir "/var/opt/novell/tomcat5" --two_pass_configure --no_jcc_configure

#Update the new jcc ID for the ESP
ESPSSLVPN_ID_FILE="/var/opt/novell/tomcat5/webapps/sslvpn/WEB-INF/jccid.dat"
echo "inserving new id ${SSLVPN_UNIQUE_ID}"
echo "esp-${SSLVPN_UNIQUE_ID}"> ${ESPSSLVPN_ID_FILE}
cat $ESPSSLVPN_ID_FILE
chown novlwww: ${ESPSSLVPN_ID_FILE}


#Bring up all services
sslvpnc -u
/etc/init.d/novell-jcc start
/etc/init.d/novell-tomcat5 start


2) Traditional (non ESP) SSLVPN server

#!/bin/bash
# This script is used to reimport traditional (non-esp) SSLVPN to the new device manager
export DS_ADMIN_DN
export DS_ADMIN_PWD

read -e -p "Enter the configuration store admin DN [cn=admin,o=novell]:" DS_ADMIN_DN

if [ -z "${DS_ADMIN_DN}"]
then
  DS_ADMIN_DN="cn=admin,o=novell"
fi

stty -echo
read -e -p "Enter the configuration store admin password []:" DS_ADMIN_PWD
stty echo
echo

#Bring down all services
/etc/init.d/novell-jcc stop
/etc/init.d/novell-tomcat5 stop
sslvpnc -d
sleep 3

#Configure sslvpn for new admin server. This will update config.xml
sslvpnc -c
#Debug :  Check  /etc/opt/novell/sslvpn/config.xml file for /DeviceManagerAddress tag,

#Configure jcc with new set of ips
/opt/novell/devman/jcc/bin/config.sh --two_pass_configure
#Debug : check /opt/novell/devman/jcc/conf/settings.properties file for remotemgmtip tag,

#Generate new random number for the new device ID.
SSLVPN_UNIQUE_ID=`head -c8 /dev/urandom | od -An -tx8 | tr -d "[:space:]" | tr "[:lower:]""[:upper:]"`

#run configure to update with new set of IDs
               /opt/novell/devman/jcc/conf/Configure.sh  --user "${DS_ADMIN_DN}" --pass "${DS_ADMIN_PWD}" --sslvpnid "${SSLVPN_UNIQUE_ID}"  --two_pass_configure --no_jcc_configure


#Bring up all services
sslvpnc -u
/etc/init.d/novell-jcc start
/etc/init.d/novell-tomcat5 start