rejetto forum

Portable sHFS : HFS via Stunnel with configuration GUI [english]

AvvA · 46 · 81024

0 Members and 1 Guest are viewing this topic.

Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
Sujet français ici !

January 30, 2011
Portable pack - (3540 Ko) - (MD5 : 6829421d4ba6e48945740d5a83389a5f) - auto-extractible 7zip archive.
GUI v0.7 (Français/English) - HFS 2.3 beta Build #273 Français & English - stunnel 4.35b1 - openssl 1.0.0c 32bits - C++ 2008 dll 32 bits

This should work on Windows NT and above, on 32 and 64 bits versions.

Sources (AutoIt 3)
(MD5 : c530a16b27a5b658c4fd32e68d20820d)


 



Hello :)

First, native english people, please forgive my dirty english ;D (well, non-native : just suffer the poor quality :p)

This project purpose is to quickly have a safe way of transfering files.
I created nothing but the GUI, all the flowers should and will go to rejetto for his HFS server, Stunnel team for their great tunnel and OpenSSL for their greats keys et locks. Some will go to ~GeeS~ and SilentPliz, who made the tutorials that guide me to make the GUI, and to the documentation writers of Stunnel and OpenSSL who's have made things quite good.  :-*
I just made some little modification when coding according to ~GeeS~'s tutorial, because you don't want to fill certificate information in a dos box, hum well... I guess ^^'
I also decided to leave you free of changing almost anything in it, but it's not necessary :)

As a legal notice, OpenSSL ask to include the following :
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)


Tested on these systems
32 bits
- XP SP2,SP3
- Vista Premium SP1
- Seven Pro
64 bits
- Vista Ultimate SP1
- Seven Pro
*A small answer here, saying your OS and if its 64 or 32 bits, and if it works or not, will always be welcome in here :)*

archive contents :
- HFS beta 242 and HFS beta 242 FR
- STunnel
- OpenSSL 32 bits
- confmakr.exe : the GUI
- confmakr.ini : contains language options for confmakr
- confiles folder : contains ini et language files
- DLL C++ 2008




Portable Application
I use this word but I can't assure you that it won't write anything in registry or elsewhere (if someone up to test...)
Portablility is here fonctionnal, that mean you can execute from USB stick, or anywhere on your fixed hard drive, it'll work.
*This should be better, as I included the necessary dlls files*

How to use :
  • unzip archive
  • launch confmakr.exe,
  • Fill certificate fields (only Common Name really require, red field),
  • fill your public IP (also called external IP),
  • If you're behind a router, fill the right listening port for Stunnel,
  • Everything else is facultative, as it's already configured as ~GeeS~and SilentPliz recommand it (& also Stunnel and OpenSSL documentations).
  • Click "make files" button, check what's showed in the "progression" tab,
  • eventually, look at the files created, and/or delete what's proposed,
  • click the shortcut creator button, if you want
  • Click on "launch and quit".

Rappels :
  • If you're behind a router, you'll have to redirect a port to the computer that is running sHFS, and define it as the Stunnel listening port.
  • If you're behind a firewall, you must allow STunnel, but not necessarily HFS.
  • If you use HFS with HTTP on you're local network and sHFS for distant HTTPS, you'll also have to allow HFS on your local network.

What files are created by confmakr.exe (with the default confmakr's configuration)
confmakr.exe create : X:\your folder\sHFS\hfs.ini
confmakr.exe create : X:\your folder\sHFS\hfs.events
confmakr.exe create : X:\your folder\sHFS\stunnel\hfstunel.conf
confmakr.exe create : X:\your folder\sHFS\stunnel\pem.conf
openssl.exe create   : X:\your folder\sHFS\random.rnd
openssl.exe create   : X:\your folder\sHFS\stunnel\hfstunel.pem

stunnel.exe by running will create : X:\your folder\sHFS\stunnel.log
hfs should modify : X:\your folder\sHFS\hfs.ini and create all files that you order it to :)


Voilà :)
If you see a problem, or have a difficulty understand a translation i've made, please, tell me :)
« Last Edit: January 30, 2011, 01:03:03 AM by AvvA »


Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
So, as I like you to know what you're doing, here is the way to take Stunnel, OpenSSL and HFS from the originals site, and rebuild this pack from scratch.
*Folder structure must be like below if you use my GUI*
X:\your folder\confmakr.exe
X:\your folder\confiles\languages.lng files and confmakr.ini
X:\your folder\sHFS\hfs.exe
X:\your folder\sHFS\stunnel\stunnel.exe
X:\your folder\sHFS\stunnel\openssl.exe

- Create a folder called as you want,
- copy confmakr.exe and confmakr.ini and also \confiles folder, you can take this alone with the source archive. (or you can bypass this step and follow the great ~GeeS~'s tutorial ^^)
- Create a subfolder \sHFS, copy inside hfsXXXXX.exe (XXX is the Build number XX language "code", actually #242 FR or EN).
*If you plan on using another language than French or English, check the confmakr.ini file.*
- Create \stunnel subfolder, download Stunnel windows binaries in it, right click on stunnel-X.XX-installer.exe, unzip here.
Quote from: obsolete at v0.7]- Create a subfolder [b]\openssl[/b],
- Download and install [b]OpenSSL[/b], and perhaps also the redistribuables C++, at the same address, only if needed (if it is required, you'll get an error during OpenSSL installation, so to know if you need it, just try to install OpenSSL first without the redistribuables ;) ).
- [b]Copy[/b] the content of the [b]bin[/b] folder from [b]OpenSSL installation[/b] and [b]paste it to[/b] X:\your folder\sHFS\stunnel\OpenSSL, you should have the same folder structure as the one in the begining of this post now.
- Uninstall [b]OpenSSL[/b].[/quote]
[quote="from v0.7
- take openssl.exe from here(take the last version), a miror given on Stunnel website.
- copy it in stunnel folder, next to stunnel.exe.
you can still take C++ redist files from slrproweb if you need them (from the previous quote). (I have to test if OpenSSL compiled on Stunnel site requires them, for now I keep them).


About the redistribuables, it's not because you had to install it in order to install OpenSSL that it means that you need them to use OpenSSL. I suggest you just try it out :)
Uninstall them in all cases, and try to make a key and a certificate (either with my GUI or with the command line given by GeeS)

From there, execute confmakr.exe and follow the classic steps, summed up in the first post, without unzipping, implicitely ^^.


Now, here's the last changelog :

v0.25
- re-re-do the language system :
Create an ini file to store "language code = language filename" and the default language,
confmakr will check your current windows country code (hexadecimal), if found apply, if not, keep the default file (english by default, can be changed in the confmakr.ini file.)
- languages are stored in a folder called conflang, instructions on how to add a language include in infos.txt in this folder.
- re-do the way hfs.ini is processed : Keep all settings and change only the ones from confmakr that are checked, or filled for the fields.
- include HFS french (hfs242FR.exe) and original english version (hfs242EN.exe) in archive, GUI copy/rename appropriate one as hfs.exe, according to the language in use and ini file. The purpose is to have only 2 archives, one 32 bits other 64 bits.
-  removed shfs.exe and add a shortcut creator button that will make shortcut on the desktop to shfs.bat (it launches STunnel then HFS).
- all IPs are determined with windows WMI, local network adress is calculated with the subnet mask (AND)
- add 3 options relative to key et certificate in advanced tab
- add a kind of scheme in advanced tab, purpose is to make you understand the routes taken, it's in work state and don't include HFS local HTTP sharing.


If you want the whole changelog, download the sources files, it's in there :)

As he says, enjoy  ;D !
« Last Edit: January 30, 2011, 01:11:18 AM by AvvA »


Offline TCube

  • Tireless poster
  • ****
    • Posts: 440
    • View Profile

AWESOME WORK !!!!


AvvA ... one of the few   8)

Make it idiot-proof and I will make a better idiot



Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
Thanks :)

And also I have forgotten, if you want a feature, need help to understand how to translate, or anything else, ask in there, i'll try to answer you with my best :)


Offline TCube

  • Tireless poster
  • ****
    • Posts: 440
    • View Profile
"... need help to understand how to translate, or anything else, ask in there, i'll try to answer you with my best :)..."

SP and "me-self" could give U an hand anytime (we've done it together age ago for the HFS VF first release )
Make it idiot-proof and I will make a better idiot


Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
First, I would like to apologize for those of you who test the sHFS confmakr v0.25 and end up with an error 0 or error -1, it was a basic coding error, it's now gone :)

Download stats about v0.25 gives 12 downloads for the 32 bits version and 3 for the 64 bits, also 4 peoples find interest in downloading source files.


I've got time part

Well, this release is late, because I was fighting against wind mills, in others words, I tried to implement some functionalities impossibles to achieve with AutoIt... So, once discovered, I re-oriented my walk to present you this... sorry for the long changelog...

Code: ("confiles/versions.txt") [Select]
sHFS confmakr v0.45 ERWG

correction of bugs introduced with v0.25  :
- local network in a HFS ban rule must be network.* (ie : 192.168.1.*), the base routing address (192.168.1.0) do not work properly.
- Resolve the bug stopping confmakr.exe from running if your local IP was the last one.
- Resolve the wrong parsing of the unban line when local network allowed on HTTP.

more functionality :
- add facultative hfs.events lines :
   * launch Stunnel with HFS
   * quit Stunnel with HFS
   * del stunnel.log on quit
- remove SHFS.bat (as it becomes useless with changes up there), change the shortcut made with the button (now point to hfs.exe),
- add easy and advanced mode, easy mode automaticaly using pre defined options (switching between mode keep easy mode's visibles parameters)
- remove the scheme thing as I add a probe port button ( \o/ ), with error handling on listening (wrong IP, wrong port, port in use), and to connect to the listening port (unreachable, timeout, and all others as I link the error code to the windows error page).
- the "get my ip" button now check on avva.3ka.fr, alternative stays on whatsmyip.com
- add stunnel log level adjustment, and no stunnel log checkbox.
- add possibility to watch configurations files maded.
- add possibility to wash unnecessary files.

less schism :
- add fields characters limits, according to RFC-3280 (http://www.ietf.org/rfc/rfc3280.txt).
- insert blank lines between key and certificate, as said in Stunnel documentation.
- correct the way Certificate CN was handled with HFS custom-ip. Now, it asks to add the port to HFS's URL bar if it's determined as necessary, if you cancel you'll get exactly what was written in the domain field.
- re-arrange GUI :)

need to be tested more widely before certifying :
- I think I handle the x64/x86 problem, only one version for all Windows systems :)
- also in the same vein, searching more deeply into VC++ redist and watching dlls used by openssl.exe, I think I found all necessary dlls. \o/

That leads to a real portable version ! (But only leads not reaching, for now :)
Well I hope so, and count on all of you to tell me if I'm wrong :)

This release change some basics functions, I'll edit the first and second post to reflect this (screenshots, folders, needs...)
But as this version seems (at least ^^) to be independant of the Windows OS that runs it, there is no urge :p

In the meantime, the major thing to know is that I isolate the VC++ dlls, and discover with pleasure that they were compatibles with 64 bits versions of Windows (Vista & XP, I don't test Seven for now). I don't know what wasn't right in the firsts releases for me to think I need to make à 64 and 32 bits versions :/
But well, it seems to be resolved, and I thank I to try it again, without another throw at it, I still be compiling in 64 & 32 bits ;D
nomade apps perhaps this time :)
These improves justify it's name part WG ;D

The second real change is the easy/advanced mode switch, there are still some bugs, but they concern the guys (and girls) that will search to make my GUI crash, as it concerns the advanced/easy mode switch after having created the configurations files (this is not the normal way of using my GUI, as when files are created you just eventually create a shortcut and quit the GUI).
Anyway, they won't be here anymore in the next release.

The third improvement concerns the test phase.
The "Get my IP" button now points to one of my server, and assure you it will respond because there is no check, it only returns your public IP. The "Probe port" button also link to one of my server and just try to connect to the port given.
The scheme is as this :
- The GUI tries to open the port in TCP in listening mode, if not possible it informs you.
- If possible it sends a request to my server with the port number.
- my server reads the port, and uses the IP that makes the call to respond.
- it just does a PHP TCPconnect, with some errors handling.
- it sends the result to the requesting IP, after 10 seconds of trying to connect, with the error code if I didn't handle it (there are too many...)
- GUI shows the server answer and close the port.

Well, that's the majors things about this release, others are in the versions infos in the quote.


For those who will want to test this one, I have to inform you of an error you could fall on :
I found that sometimes, an error popup, but without crashing the GUI, still didn't found the sourcebut I have some clues..., also, if you change mode after having created the conf files, you'll have some visuals incoherences in the GUI, because of tab pos, this won't break the config files creation, it's just visually messy.
To summarize, this version won't be tolerant after configurations files are created, I still don't resign to lock the mode switch after configuration maded, I'm on it, and I'll find what's wrong for the next release. In any case, don't worry, it's not an important error, as all configurations files will be created/modified before, and your sHFS server will work.
These bugs justify it's name part ER ;D


I've got no time part

Well, just download the archive, eventually check the MD5, then decompress the archive.
You'll be with a sHFS v0.45 ERWG folder, open it.
Launch confmakr.exe.
- Fill in your public IP or Domain name, a free (and redirected if behind a router) port to listen on, and click the large button at the bottom.
or - You also can click on the upper right button to switch to advanced mode, wich will show you the default values that I use in easy mode, and leave you free of modifying any of them.

Normally, you'll end up with a functionnal HTTP server wrapped HTTPS via Stunnel.
Connection info to give to your visitors will be visible in HFS URL's bar.


So, let's try it :)

PS : All files linked in the first post for convenience :)


@TCube : I self would appreciate any help with my own english translations, because I know I'm far from a good translator :)


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13520
    • View Profile
i found the time just for a quick look (also because i don't need SSL myself),
but this looks like a major project and i forgot to express my congratulations!


Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
Thank you, this goes to my heart ;)
I didn't congratulate you for your HFS but i don't think differently, it is a real easy-to-go HTTP server, and cherry on the top of the cake, customisable !
I really like a lot programs that bring hard and tricky things diluted to the point that novice or non-informatician can understand.

So, Thanks to you Mr rejetto, you're one of the great soul of this world :)


ElSid

  • Guest
AvvA,
This appears to be an interesting project.  I have a question that was not apparent ...
Does this work with DYNDNS or any other service that redirects your IP address if it is dynamic?
Thanks


Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
Yes ElSid :)
The next version of this GUI will be more explicit about this, but for now, you just have to fill your domain name, and listening port. Fill in External IP isn't necessary as you'll update it via DynDNS (NoIP, Afraid...).

Next, you'll have to configure your username, password and update url into HFS, here  is the wiki link, but it's really light :)
I found this tutorial, but I wonder if it really use all HFS possibilities, as they say that you'll have to run a program from your DNS updater service...
As you give to HFS the user, pass and update url, I can't see the necessity of another program to update...


After this, don't forget that even with a domain name, your visitors have to explicitely give the port number in called URLs.
If your (dynamic/static) domain name is : mydomain.org
your HFS listening port is : 44300
your Stunnel listening port is : 555
your HFS's custom-ip should look like : mydomain.org:555 (that's what you put in the domain name field of my GUI)

your visitors can log at : https://mydomain.org:555/

Of course if you use your CSU/DSU in modem mode (your computer's IP is your external IP), you can listen on port 443, as it's the official HTTPS port you won't have to put it in the domain name field.


Well, I hope this answers you :)


ElSid

  • Guest
I set up my DNS to "webhop".  My ISP blocks port 80 and I opened up port 8080 on my router.
Without webhop:  XXXX.dynYYY.com:8080/
With webhop XXXX.dynYYY.com.
I am interested in the project as I keep my server (still learning to use it) on a flash drive and most of my files are on a portable drive.  When I travel and use another persons computer, I just force my external drive to be drive letter ?.  Viola, my server is up and running
(Very handy when my last computer crashed, I just switched to my wifes laptop while I reconstructed the hard drive)


Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
Hum ^^
In fact i wrote a paragraph about that, but deleted it because I find this is not "transparent" to the eyes of your privacy ^^
But yes, you can do this.
You can also make a classic DNS A record that point to your current IP, and then a Webhob/Web forwarding from this A record to this A record:port (like you do actually).
This way you'll have to update the IP linked to the A record only, the webhop will follow (as it will search for the A record).

This means where ever you launch the server from, you'll be accessible from your domain name, without port.
But perhaps you already do this :)


Why don't you extract this GUI archive directly on your portable drive ?
Then you can make 2 batch files :
The first (assign.bat i.e.)
subst X: %CD%

The second (free.bat i.e.)
subst X: /D

Where X: is the drive letter required. The 2 batches files must be at the root of your portable drive. The first is to launch before HFS, the second when everything HFS related is off, before unplugging the drive.

I didn't test, but this should work as it's a windows basic behavior.
Also, I don't know how you do usually, but I'm interested about :)


Offline AvvA

  • Tireless poster
  • ****
    • Posts: 135
    • View Profile
Well, I asked for all this in the previous post in order to see if I can do something with my GUI to help changing the drive letter, in exemple. But to accomodate, I need to know how users are using this GUI, and more how they use the Stunnel-HFS ensemble.
Anyway, thanks for those infos, i'll try to do something if it cames to my mind ^^


So, today is the release day of sHFS v0.51, here is the changelog :
Quote
bug corrections :
- switch easy/advanced now is clean even after configuration is done.
- asking to read all the files won't do error anymore.
- check existence of a file before trying to read it.
- read key & certificate with OpenSSL when all files are in a folder containing space in his name will now work.

adds/mods :
- reduce test port to 5 seconds.
- redo the easy tab with a kind of interactive scheme
- reading of key and certificate now uses openssl.exe instead of Windows's notepad, This deliver much more informations.
- files tab : erase GUI options added
- add php server side source files into source archive
- "progression" tab become "files" tab and also permanent
- code cleaning...

miss :
- construct the dynamic DNS url for HFS

As written, I need infos about how HFS handle dynamic DNS services, and that will be all for this part.
Next will come the need for a cellphone template, another one for multimedia purposes, and others templates relatives things.

Sorry for the rude scheme, but honestly, I use more time than needed on this in order not to include GDI features. This would have made some better quality graphic possibilities at the cost of a double sized GUI...
...thing that I can't do, as my GUI must not be bigger than HFS himself ! ;D


edit : look at the first post to get links.
« Last Edit: August 01, 2010, 05:10:33 PM by AvvA »


Offline ~GeeS~

  • Tireless poster
  • ****
    • Posts: 269
  • "The web was made for sharing..."
    • View Profile
Hi AvvA,

I'm just passing by and found your excellent work!   8)

I didn't have the time to test and read it all, but from what I can see, you made a big effort.
I hope you enjoyed it. Chapeau & thank you for sharing!

When I started experimenting with Stunnel and HFS about 2.5 years ago with the aim to get a plug & play SSL-HFS on a pendrive, it was just a "hobby" to see whether it was achievable or not.
When it worked, I just put my findings into an essay. I'd never thought, that this would get so much interest.

But finally, "From small acorns to big oaks grow". Thank you again (and the rest of the gang who are still here) for helping thisto  grow.

Best regards,
~gees~

In remembrance "The web was made for sharing ..."
~GeeS~