VPNC members | VPN technologies | Mailing list | Join VPNC Interoperability testing | Documentation profiles | IPsec archives VPN standards | IPsec features chart | SSL features chart | VPN white papers VPN conferences | IPsec bakeoff | Definitions | HIPAA | VPNC home

VPNC SSL Portal Test

The SSL Portal test assures SSL VPN users that a particular SSL gateway system will work correctly as a front end for a typical corporate portal application. To pass, the SSL gateway system has to correctly allow a user outside the corporate firewall access to many linked internal web sites. This involves rewriting the URLs that appear on web pages so that the remote user's experience is similar to an internal users experience on the same web sites. The SSL Portal test mirrors typical use of SSL gateways in remote access VPNs.

An SSL gateway that does not do URL rewriting will cause errors for users accessing sites behind the SSL gateway. This is particularly true for companies who use private, non-routable addresses in their protected networks. If those addresses appear in URLs on a corporate portal, it would work fine for internal users, but external users would only get dead links. Thus, the SSL gateway has to read every page served from behind it and rewrite the URLs to pass through the SSL gateway.

There are many ways that URLs point to internal and external sites, and the SSL Portal test exercises all of the most common ones. This includes:

• Links to pages on the same internal site
• Links to pages on a different internal site
• Links that use relative URLs
• Links to pages that are not on the main user portal page
• Links using IP addresses instead of domain names
• Links from pages that include mixed content (text and graphics)
• Links to sites that redirect to other sites
• Links to internal SSL servers
• Links to external web and SSL servers

For the test, up-to-date versions of Microsoft Internet Explorer was used. Both IE 6 and and IE 7 are tested. Each link was tested to be sure that it led to the expected location. Each tested page has a server-side include that shows the current time to be sure that no pages were cached in the browser. Because all the internal sites use private network addresses, it showed that all internal links were rewritten by the SSL gateway. Every SSL gateway in the test is tested for proper handling of every link on every internal and external web page in the test.

The web sites used for the SSL Portal test run on Apache version 2. A copy of the test setup is available here. Note that this test setup is probably not useful to most users because it requires extensive setup for the network; however, it is probably useful to those who want to verify that the tests exercised all of the common link types described above.

If you have comments or questions about VPNC's testing, please feel free to send them to Paul Hoffman, VPNC's director, at paul.hoffman@vpnc.org.