February 17, 2019

eBox Packages Linux LAN Services in a Friendly Bundle - page 2

Complexity Made Manageable

  • September 1, 2009
  • By Paul Rubens

To get an idea of how eBox can simplify what would otherwise be fairly complicated configuration routines, let's take the example of OpenVPN, the open source VPN system which is famously tricky to set up manually .

The first step is to create a couple of certificates, which is handled by eBox's Certificate Manager module. All that's needed is to fill in a couple of text boxes and click on the "Issue" button to issue the appropriate certificates.

Then it's on to the VPN module to set up OpenVPN. (Thanks to the integration and error handling built in to eBox, if you try to set up OpenVPN without first setting up the certificates you need you'll be directed to the Certificate Manager module before you can go any further.) Setting up the eBox machine as an OpenVPN server is a simple matter of providing a few details such as a port number and subnet to work on and adding checks to a handful of options (such as allowing client-to-client connections, or eBox-to-eBox tunnels) if you want to activate them.

To make things even easier, eBox creates Linux (and OS X) or Windows bundles which can be used to install OpenVPN client software plus all the necessary configuration files onto the external computers which you want to be able to use the VPN.

And that's pretty much it. eBox completely shields the administrator from the underlying OpenVPN software, making configuration deceptively simple. Each time you save the changes you have made in the eBox GUI, the configuration changes are made to the underlying applications or services which are then restarted.

This simplicity does come at a cost, however: eBox doesn't provide control over every configuration parameter that an application or service offers, and this could be frustrating to experienced administrators. Having said that, eBox can be customized fairly easily to overcome this: the software is written in Perl, and modules can be modified or new modules added by anyone with appropriate skills.

So how does eBox differ from unified threat management (UTM) appliances and software, such as those supplied by Astaro or Smoothwall?

Firstly, eBox is a free management application which runs on an Ubuntu server, while both Smoothwall and Astaro offer paid-for standalone appliances and charge annual subscriptions. And while eBox offers some security features, the emphasis is more on network services than security. (For example, it does not include an intrusion detection module whereas both Smoothwall and Astaro use Snort to provide this type of security.)

The main downside to eBox is its poor documentation. There's a developers guide, a user's guide and an installation guide, but these have been translated from Spanish into fairly basic English. Here's an example: "It may be needed to route explicitly traffic by a certain gateway, to do so, you should use the multigateway rules which mark the packets to be delivered through the gateway selected." This isn't intended to be a criticism of the volunteers who give their time to translate the document - but it's worth bearing in mind because reading software documentation can be a struggle at the best of times, and poor English only compounds the difficulty.

If you are interested in trying eBox out you can install the packages on an existing Ubuntu box from Synaptic, or download the eBox installer, which installs Ubuntu Hardy Heron plus eBox and all its dependencies onto a bare machine. There's also an eBox live CD which enables you to test out eBox without installing any software.

Article courtesy of Enterprise Networking Planet

Most Popular LinuxPlanet Stories