Tuesday, April 5, 2011

Getting Novell SSL VPN working on Windows 7

I use the Novell Access Manager SSL VPN to connect to one of my customer's networks. It is a browser-based VPN client which means that you have to login via the browser and then keep the browser window open to maintain the VPN connection.

According to the documentation it will work with both Windows and Mac, and with IE, Firefox and Safari. Well it doesn't for me! Initially the only combination I could get working was IE under Windows XP. With a bit of fiddling I've finally managed to get it working for Windows 7. I write these notes for when I need to set this up again!

Attempting to launch the VPN client from IE on Windows 7 initially gives this error message:

AM.1804 : Connection to service failed.


Consulting the Novell Access Manager SSL VPN manual says that you should watch the <Users> folder. If you are quick enough, you'll see these files appear:


novl-sslvpn-service-install.exe
cacert.pem
openvpnclient.msi
PrivilegeDetector.exe
vplogin.dll


...along with a few log files. You do have to be quick though because they are deleted almost immediately.

The manual instructs you to shutdown your browser, run the novl-sslvpn-service-install.exe EXE manually and then start the browser and all should be working.

Instead, I took a simpler (and probably far less secure) route. I removed the User Account Access Control restrictions. I changed them from "Notify me when programs try to make changes to my computer" to "Never notify me". This can be done via Control Panel-User Accounts-Change User Account Control Settings

User Account Control Settings

Change from Default to "Never Notify" and click OK. After confirming this change you will be prompted to restart your computer. Once it has restarted, the SSL VPN should work! Note that it does take a while to connect and you'll have to confirm to install some insecure driver software, but it works.