TurnKey Linux Virtual Appliance Library

HOWTO Guide? LiveNet Rescue? Router/VPN?

I like the overall idea here.  It reminds me of the Gibralter (router/VPN) "appliance on a CD" (which I had deployed at a set of customer sites for a few years).  Unfortunately the free versions of Gibralter weren't well maintained (I don't know if they even still exist).

One application I'd love to explore would be to create an image similar to one of these Turnkey products which would be used as a router/VPN appliance.  In my case I'd want to have a kit which took the base packages, patched in a peer list, a set of pre-shared keys, passwords/passhrases, and some trusted router access lists ... then built the ISOs with those coded into it.

Here's the usage scenario:

I work for a company which has a significant number of small and home offices.  I'd love to have a generic PC deployed to each ... with our custom TurnkeyVPN discs sent to them.  Put in the disc, boot the system and leave it running in a closet.

The pre-shared keys and other data automatically connect the user to the corporate VPN.  sshd is running on the router/appliance with pre-shared keys in the ~root/.ssh/authorized_keys file to facilitate remoe troubleshooting, etc.

And there's one other very important feature I'd add to this.  The Turnkey node should also function as a server for a LiveNet rescue image!  In other words it should be possible for anyone on its LAN to boot over PXE into a live image ... with its own ssh and other remote  troubleshooting facilities started!  Thus the home office user could, when is or her production desktop or laptop fails, boot over the local network and see a screen informing them that messages have been dispatched to the corporate help desk and someone will be logging in to assess the situation.

This should, of course, support remote re-imaging.  That would not be directly part of the TurnkeyVPN/Rescue image.  However, the TurnkeyVPN would provide the features necessary to support it.  (In my case the recommended implementation of this other feature would be to trickle a full image of the user's desktop/laptop OS to the hard drive on the appliance node ... and to make it into a Kickstart/Partimage server as well as the VPN node.  The data is trickled over slowly and updated during low utilization times while the user's desktops are functioning.  So when they have a failure everything is already stage out there for a re-image.  Naturally we'd sometimes have to send a new hard drive and rely on the end user to physically get it installed on the target.  Also sometimes we might have to have them replace the hard drive on the TurnkeyVPN node as well.

It's also possible that we'd want to create three different Turnkey images from the foregoing requirements: TurnkeyVPN, TurnkeyRescueServer, and TurnkeyVPN+Rescue.

Anyway that's my idea.  I'd love to see a HOWTO guide describing how these Turnkey images are created (the parts that they all have in common, of course).

(I've done the PXE LiveNet rescue images on a few occasions already, using KNOPPIX and Ubuntu has the base for variation iterations of this.  So I am quite familiar with that process).

Liraz Siri's picture

Very interesting idea

Hi Jim,

Your idea for a VPN type appliance is really very interesting. It sounds like something that could be extremely useful in the specific usage scenario you describe.

Unfortunately, we currently have quite a bit on our plate in terms of new appliances (lots of low hanging fruit to tackle first) so it's unlikely that we'll be getting to something like this in the near future without significant outside help.

If you have the skills and are willing to hack TurnKey Core into a prototype that would be a huge step forward. If you haven't already take a look at Developing Live CDs on our development wiki. It currently contains a list of existing remastering tools that you might find helpful. BTW, feel free to expand it!

In general, improving the documentation is high on our todo list. Hopefully we will get to writing helpful development HOWTOs in the future and lower the bar a bit, but development will always require quite a bit of technical skill and the ability and willingness to experiment and find what works for you. We'd also like to develop an easy customization mechanism (also described in the wiki), to make this process even easier.

If you get to the point where you have managed to hack TurnKey Core into a working prototype of the VPN/router appliance we would be very interested in collaborating with you further (and anyone else) to add another appliance to the roster!

If possible, it would be very helpful to the project if you show the development wiki some love while you are hacking out this project.

Alon Swartz's picture

Customization Mechanism (TKLPatch)

We have just released TKLPatch, which would be of interest to anyone wanting to customize a current appliance, or create a new one.
Ric Moore's picture

I'm in sore need of a vpn appliance, too!

I'd love to see one, or a brief how-to on what deb packages could be safely added to a container, through apt-get, without blowing up the container itself. Any thoughts are greatly appreciated! Ric


Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)