[SLUG] Linux client for Citrix Access Gateway?

79 views
Skip to first unread message

Sridhar Dhanapalan

unread,
May 31, 2008, 10:55:55 PM5/31/08
to SLUG list
We're trying to deploy a Linux server into an all-Windows company. Our client
is actually quite happy with this solution, but we were informed a couple of
days ago that they have a Citrix Access Gateway VPN server that we must go
through in order to interact with their network.

I can't seem to find any clear information on how to connect to the VPN with
our Linux server. The client Citrix refers to appears to be for remote
desktop use through a Web browser, and is hence useless for a server.

In a cruel twist of irony, I discovered that the Citrix device is essentially
a Supermicro rackmount unit loaded with RHEL, with the proprietary Citrix
software running on top.

So despite our client being happy with a Linux-based solution, they seem to be
locked into Windows by their VPN.


--
Need to fork out $$$ for the next software upgrade? Break the cycle!
http://www.linux.org.au/linux

signature.asc

Daniel Pittman

unread,
Jun 1, 2008, 2:09:42 AM6/1/08
to sl...@slug.org.au
Sridhar Dhanapalan <sri...@dhanapalan.com> writes:

> We're trying to deploy a Linux server into an all-Windows company. Our
> client is actually quite happy with this solution, but we were
> informed a couple of days ago that they have a Citrix Access Gateway
> VPN server that we must go through in order to interact with their
> network.
>
> I can't seem to find any clear information on how to connect to the
> VPN with our Linux server. The client Citrix refers to appears to be
> for remote desktop use through a Web browser, and is hence useless for
> a server.

Sadly, I think you are out of luck. My understanding is that the Citrix
Access Gateway "VPN" server is actually a browser hosted RDP-over-SSL
solution.

Since there isn't, as far as I know, any functional RDP server for Linux
available you are not going to have an easy path to getting this
working, as I understand things.

This may help, though: http://support.citrix.com/article/CTX109043

> In a cruel twist of irony, I discovered that the Citrix device is
> essentially a Supermicro rackmount unit loaded with RHEL, with the
> proprietary Citrix software running on top.
>
> So despite our client being happy with a Linux-based solution, they
> seem to be locked into Windows by their VPN.

Depending on how much this is worth you /may/ find that one of two
options suits:

Option one, install PuTTY or another SSH client on a Windows system
within their network. Use RDP to access that system and then SSH to
connect to your Linux server.

Option two, pay for a commercial RDP server for Linux.

Regards,
Daniel

You could also resurrect http://xrdp.sf.net/ -- but that doesn't look
fun to me.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Gonzalo Servat

unread,
Jun 1, 2008, 2:51:33 AM6/1/08
to SLUG list
(sorry Sridhar, replied to you directly instead of the list)

On Sat, May 31, 2008 at 11:55 PM, Sridhar Dhanapalan <sri...@dhanapalan.com>
wrote:

> We're trying to deploy a Linux server into an all-Windows company. Our
> client
> is actually quite happy with this solution, but we were informed a couple
> of
> days ago that they have a Citrix Access Gateway VPN server that we must go
> through in order to interact with their network.
>
> I can't seem to find any clear information on how to connect to the VPN
> with
> our Linux server. The client Citrix refers to appears to be for remote
> desktop use through a Web browser, and is hence useless for a server.
>

I don't know much about Citrix so I could be suggesting something silly, but
I searched a bit of Google and found references to some Linux "ICA Client"
that apparently connects to the Citrix Access Gateway. Have you used it? Is
this the software they currently use on Windows desktops to connect to the
access gateway?

Failing that, maybe the Citrix Access Gateway VPN Server can be configured
to allow other protocols? (like IPSec, and use something like FreeS/WAN to
connect)

Just throwing some ideas.

- Gonzalo

Sam Lawrance

unread,
Jun 1, 2008, 3:38:16 AM6/1/08
to Daniel Pittman, sl...@slug.org.au

On 01/06/2008, at 4:09 PM, Daniel Pittman wrote:

> Sridhar Dhanapalan <sri...@dhanapalan.com> writes:
>
>> We're trying to deploy a Linux server into an all-Windows company.
>> Our
>> client is actually quite happy with this solution, but we were
>> informed a couple of days ago that they have a Citrix Access Gateway
>> VPN server that we must go through in order to interact with their
>> network.
>>
>> I can't seem to find any clear information on how to connect to the
>> VPN with our Linux server. The client Citrix refers to appears to be
>> for remote desktop use through a Web browser, and is hence useless
>> for
>> a server.
>
> Sadly, I think you are out of luck. My understanding is that the
> Citrix
> Access Gateway "VPN" server is actually a browser hosted RDP-over-SSL
> solution.
>
> Since there isn't, as far as I know, any functional RDP server for
> Linux
> available you are not going to have an easy path to getting this
> working, as I understand things.

There is xrdp.sourceforge.net (a friend told me about it - I have not
tried it). Alternatively there are commercial packages available.

I'm not sure this helps if the server is on the evil side of the
network and needs to VPN in.

Dave Kempe

unread,
Jun 1, 2008, 4:22:48 AM6/1/08
to Sridhar Dhanapalan, SLUG list
Sridhar Dhanapalan wrote:
> We're trying to deploy a Linux server into an all-Windows company. Our client
> is actually quite happy with this solution, but we were informed a couple of
> days ago that they have a Citrix Access Gateway VPN server that we must go
> through in order to interact with their network.
>

You might be able to convince them to let your server 'phone home'
through an OpenVPN tunnel, https if need be and get back into it that way.
We have done that successfully in the past

dave

Martin Visser

unread,
Jun 1, 2008, 7:39:11 AM6/1/08
to Sridhar Dhanapalan, SLUG list
Sridhar,

Not sure exactly which version of the CAG your customer has - but it sounds
like an older version. The newer Citrix Access Gateway Enterprise Edition
(version 8.0 and up) is built on the Netscaler platform (which is BSD
based). This does have a Java client which will run under Linux to give
transparent access. I have a deployment of this under my belt (though the
customer isn't using the Java client - I did verify that it works.)

Martin

On Sun, Jun 1, 2008 at 12:55 PM, Sridhar Dhanapalan <sri...@dhanapalan.com>
wrote:

> We're trying to deploy a Linux server into an all-Windows company. Our

> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>

--
Regards, Martin

Martin Visser

Ken Foskey

unread,
Jun 1, 2008, 8:28:22 AM6/1/08
to sl...@slug.org.au
On Sun, 2008-06-01 at 03:51 -0300, Gonzalo Servat wrote:

> I don't know much about Citrix so I could be suggesting something silly, but
> I searched a bit of Google and found references to some Linux "ICA Client"
> that apparently connects to the Citrix Access Gateway. Have you used it? Is
> this the software they currently use on Windows desktops to connect to the
> access gateway?
>
> Failing that, maybe the Citrix Access Gateway VPN Server can be configured
> to allow other protocols? (like IPSec, and use something like FreeS/WAN to
> connect)

I did that for my old company very often. Not an issue really. There
was a Java client and a built in client. There are instructions on the
internet for installing Linux versions. Trick was installing the
certificates properly.

Ken

Reply all
Reply to author
Forward
0 new messages