Linux rdp with gateway

GO Remote Desktop Gateway

⭐ Star us on GitHub — it helps!

RDPGW is an implementation of the Remote Desktop Gateway protocol. This allows you to connect with the official Microsoft clients to remote desktops over HTTPS. These desktops could be, for example, XRDP desktops running in containers on Kubernetes.

RDPGW aims to provide a full open source replacement for MS Remote Desktop Gateway, including access policies.

Multi Factor Authentication (MFA)

RDPGW provides multi factor authentication out of the box with OpenID Connect integration. Thus you can integrate your remote desktops with Keycloak, Okta, Google, Azure, Apple or Facebook if you want.

RDPGW wants to be secure when you set it up from the beginning. It does this by having OpenID Connect integration enabled by default. Cookies are encrypted and signed on the client side relying on Gorilla Sessions. PAA tokens (gateway access tokens) are generated and signed according to the JWT spec by using jwt-go signed with a 256 bit HMAC. Hosts provided by the user are verified against what was provided by the server. Finally, the client’s ip address needs to match the one it obtained the token with.

How to build & install

By default the configuration is read from rdpgw.yaml . Below is a template.

A convenience docker-compose allows you to test the RDPGW locally. It uses Keycloak and xrdp and exposes it services on port 443. You will need to allow your browser to connect to localhost with and self signed security certificate. For chrome set chrome://flags/#allow-insecure-localhost . The username to login to both Keycloak and xrdp is admin as is the password.

Point your browser to https://your-gateway/connect . After authentication and RDP file will download to your desktop. This file can be opened by one of the remote desktop clients and it will try to connect to the gateway and desktop host behind it.

The gateway exposes an endpoint for the verification of user tokens at https://yourserver/tokeninfo . The query parameter is ‘access_token’ so you can just do a GET to https://yourserver/tokeninfo?access_token= . It will return 200 OK with the decrypted token.

In this way you can integrate, for example, it with pam-jwt.

Integrate Open Policy Agent
Integrate GOKRB5
Integrate uber-go/zap
Research: TLS defragmentation
Improve Web Interface

About

Remote Desktop Gateway in Go for deploying on Linux/BSD/Kubernetes

Источник

Thread: Remote Desktop Connection and RD Gateway

Thread Tools

Display

Remote Desktop Connection and RD Gateway

Hello, trying to find a way to connect to my Windows machine at work.

Looked for help with Remote Desktop Connection and RD Gateway but found nothing.

Anyone has a tip or guide that would be great.

Thanks for the help.

Re: Remote Desktop Connection and RD Gateway

I have been struggling with this myself for the last six months; here is my experience. The TL/DR version is that I’ve yet to find a way to get a working connection in Linux and am currently connecting using a Windows 7 virtual machine. That being said.

Freerdp is supposed to support RD gateway connections, but I’ve yet to connect for more than a minute or two without a crash. It is possible that our vendor is at fault (I use an RDP-connected virtual workstation at my office), but they will not work with me on their configuration since they don’t support Linux. If you would like to try you’ll want to install the latest version of freerdp from the remmina-next repository (https://launchpad.net/

remmina-ppa-t. u/remmina-next). After installing, open a terminal and try running the following command:

I’ll be following this thread with interest to see if you (or anyone else) is successful in getting a crash-free connection.

Last edited by PhilGil; January 4th, 2015 at 06:37 PM .

Re: Remote Desktop Connection and RD Gateway

As far as I know, rdesktop doesn’t support RD Gateway.

Re: Remote Desktop Connection and RD Gateway

If anyone is still following this thread.

Just received an update to freerdp this morning from the remmina-next repo. The new version is: 1.2.0

Tested it this morning and was able to successfully connect via the gateway and maintain a stable connection for the 15 minutes or so I kept it open. Based on this I’m cautiously optimistic. On Monday I’ll put it to the test and try using it for a full workday.

Re: Remote Desktop Connection and RD Gateway

If anyone is still following this thread.

Just received an update to freerdp this morning from the remmina-next repo. The new version is: 1.2.0

Were you able to test this update out on a full day’s worth of work? If so, how did the connection go? Thanks!

Re: Remote Desktop Connection and RD Gateway

Unfortunately not, I’m still unable to maintain a stable connection. My current experience is this (running the latest freerdp build from the remmina-next repo):

Office PC, Ubuntu 14.04, low bandwidth ethernet connection with many dropped packets:
Will not stay connected for more than a few minutes, bombs with error message «Failed to check FreeRDP file descriptor»

Home PC, Ubuntu 14.10, high bandwidth, low latency wireless connection:
Will stay connected for 15 to 30 minutes then bombs with error message «Failed to check FreeRDP file descriptor»

Bottom line is I still have to use a Windows virtual machine to connect. Sorry I don’t have better news to report.

Re: Remote Desktop Connection and RD Gateway

Hi, I’ve been trying to setup a connection for my partner to connect in to her works RD server from our Ubuntu machine. What I came across was the exact above solution however it came up with a security protocol error along with a «destination path» error. The 2 questions I have ATM are:
— Does the /v flag require an fqdn? Or should logging in to the gateway with the /g /gu /gp flags direct me to the correct rd server on their local network?
— What could cause the security protocol error? I’ve tried forcing TLS/NLA/rdp/ext with the /sec flag and I’m using /ignore-cert as I believe certificate errors pop up when people use rdp to connect normally.

Those 2 questions *should* address the errors I get when attempting to connect. In the mean time, I guess I’ll have to set up a Win7 VM for my partner.

Re: Remote Desktop Connection and RD Gateway

Those 2 questions *should* address the errors I get when attempting to connect. In the mean time, I guess I’ll have to set up a Win7 VM for my partner.

Before I try to help please understand that I am in no way an RDP expert, just an ordinary user trying to figure this stuff out.

The answer to your first question is, yes, I’ve always needed an fqdn (server.domain.suffix), but the remainder of your first question really depends on how the admin has set up the RDP connection.

In answer to your second question. I’ve never used the ignore-cert flag as I was asked to accept a cert during the initial login and haven’t has a problem since.

Some general, unsolicited, thoughts on freerdp’s gateway support:

RD gateway support is broken in the regular Ubuntu repository versions of freerdp, even in 15.10. The version I referenced in an earlier post (from the remmina-next repo) is also stale, dating back to February 2015. It may work for you. It was not production-ready for me.

I have been using nightly builds of freerdp from this repo successfully for several weeks. It still crashes two or three times a day, but that is much improved over the February build. There has also been an on and off memory leak, but things seem to be slowly improving. Most days I’m able to use the nightlies for regular production.

For what it’s worth, here is the script that I use to open my RDP session. When called from a terminal it opens a freerdp-nightly session and prompts for my RDP password (which is the same as my gateway password):

TL/DR version: Things are much, much better than they were a few months ago, but don’t get rid of your VM yet

Источник

FreeRDP – RD Gateway client for Linux

If you are Googling for software that allows you to use remote desktop from a Linux OS through a RD Gateway to another server – Stop! I spend hours doing the same with no luck. I tried out a bunch of tools with no luck either. Here is some of the tools I tried, which does NOT support this function:

I have previously used iTap Mobile to set up connections through a Remote Gateway (also known as RD Gateway or TS Gateway) from a Mac. I read this could also be used for Linux OS’s. But when I went to their site, it turns out that iTap mobile has been discontinued because Microsoft released a new Microsoft Remote Desktop app. This Desktop App works for Windows, Mac and Android, but Linux is not mentioned anywhere. So I wrote the iTap team asking them for advice:

I’m looking for software which can connect me through an RD Gateway
(or TS gateway) to a terminal server. I can see you are referring to the new “Microsoft Remote Desktop app”
for Macs and Android.

But what about Linux users like myself, is there an alternative to iTap now that you guys discontinued iTap?

This was their reply:

Thank you very much for your interest in iTap mobile RDP.
Unfortunately, not that I know of. As far as I know iTap mobile RDP was the only RDP client for Linux that offered RD Gateway support.

We are very sorry for the inconvenience.
Best regards,
Stefan

So what did I do ? turned to the wonderful world of opensource software. FreeRDP is an awesome project started by Awake Coding aka Marc-André Moreau. It is still in development so bugs and missing documentation is to be expected. This tutorial will show you how to compile and use FreeRDP to connect to through a RD Gateway to a terminal server from Ubuntu 13.10 32 bit.

First thing is to install Git, if you already have this installed you can skip this step.

1. Open a terminal an type sudo apt-get install git

Ones we have Git installed, let?s get the source files from GitHub

2. Type git clone git://github.com/FreeRDP/FreeRDP.git

3. Type cd FreeRDP

We also need a bunch of dependencies for compiling and running FreeRDP

4. Type the following and press Enter

sudo apt-get install build-essential git-core cmake libssl-dev libx11-dev libxext-dev libxinerama-dev \
libxcursor-dev libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev libcups2-dev libxml2 libxml2-dev \
libxrandr-dev libgstreamer0.10-dev libgstreamer-plugins-base0.10-dev

Now that we have all we need, the makefile must be generated.

5. Type cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON .

Finally start the build

6. Type make

Ones the installer had been build we can start installing the software itself

7. Type sudo make install

It will take a while to install but hopefully will without any errors. Ones FreeRDP is installed, there is just a little tweaking needed. We need to create a config file for FreeRDP which tells it where the FreeRDP library is placed.

8. Type sudo nano /etc/ld.so.conf.d/freerdp.conf

9. Inset the line /usr/local/lib/freerdp

10. Save and exit the file

We need to check that the line we inserted is read correctly by the system. For this we start the ldconfig function, and check the path with the which command.

11. Type sudo ldconfig

12. Type which xfreerdp

13. Start FreeRDP by typing xfreerdp

FreeRDP should now be installed correctly. If you have any problems doing this, please check the wiki a GitHub.

Let’s try using FreeRDP to connet to a terminal server though a RD Gateway server. The syntax is like this:

But since I?m using then same account to identify myself to the RD Gateway, and the terminal server I only need to give one username and password.

14. Type xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY

15. When asked if you trust the certificate press y

So I get error that the Gateway certificate has changed. Someone has suggested that it is a bug in FreeRDP, because it has to handle both the RD gateways certificate and the terminal servers certificate. Anyway it is an easy fix since we can just use the /cert-ignore option.

16. Type xfreerdp /cert-ignore /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY

Success ! we have connected though the RD gateway to a Terminal server in a protected environment. Remember though that FreeRDP is still in development, so it might be buggy. If anybody knows other software or an easier way to connect to a Terminal Server though an RD Gateway please let me know.

Источник

Linux rdp with gateway

Jon Witts’ Blog

Posts about EdTech and other IT / Education related things…

RD Web and RD Gateway through Ubuntu