Skip to content

Instantly share code, notes, and snippets.

@volhovm

volhovm/citrix-gentoo.org

Created August 28, 2016 16:17
Show Gist options
  • Save volhovm/76759f111f3f913f11e59b7bc2b1334f to your computer and use it in GitHub Desktop.
Save volhovm/76759f111f3f913f11e59b7bc2b1334f to your computer and use it in GitHub Desktop.
Download ZIP
A short manual on establishing citrix VPN connection on Linux Gentoo
Raw
citrix-gentoo.org

A short manual on establishing citrix VPN connection on Linux Gentoo

Problem

My company provides access to inner services, like test servers, database servers, etc. via Citrix VPN solution, which’s not developed for linux.

Here we use setup, that routes packages to VM Windows 7 (Virtualbox) guest with Citrix Adapter installed. Windows is used like NAT-modem here, or whatever.

Hardware/software

  • Linux avishai 3.18.16-gentoo #3 SMP Thu Jul 30 12:52:08 MSK 2015 x86_64 Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz GenuineIntel GNU/Linux
  • Networkmanager installed (disabled, but I’m not quite sure isn’t affecting anything)
  • dhcpcd client used for getting settings via DHCP
  • wired interface enp0s25
  • portage 2.2.20
  • VirtualBox bundle
    1. app-emulation/virtualbox

      Installed versions: 4.3.28(07:23:18 AM 07/30/2015)(additions alsa opengl pam pulseaudio qt4 sdk udev -doc -extensions -headless -java -python -vboxwebsrv -vnc ELIBC=”-FreeBSD” PYTHON_TARGETS=”python2_7”)

    2. app-emulation/virtualbox-additions

      Installed versions: 4.3.28^m(07:03:41 AM 07/30/2015)

    3. app-emulation/virtualbox-modules

      Installed versions: 4.3.28(09:17:30 AM 07/30/2015)(-pax_kernel KERNEL=”linux”)

Manual

  1. Install all the software that’s listed above, substitute your-cool-interface instead of enp0s25.
  2. Create new Virtualbox image and install Windows 7 on it.
  3. In Virtualbox File/Preferences/Network/Host-only-networks tab create new host-only network.

    My current settings are:

    192.168.56.1/24 (mask 255.255.255.0), fe80:0000:0000:0000:0800:27ff:fe00:0000/64 (I don’t really care about IPv6 functionality here).

    DHCP on the second tab is disabled at all.

  4. Make sure there’s new adapter showing up in “ipconfig -a”, currently (everything is set up already) it looks like this:

    vboxnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.56.1 netmask 255.255.255.0 broadcast 192.168.56.255 inet6 fe80::800:27ff:fe00:0 prefixlen 64 scopeid 0x20<link> ether 0a:00:27:00:00:00 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 92161 bytes 13360413 (12.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

  5. Open your virtualbox image settings/networking and enable two adapters. First is host-only (vboxnet0), second is bridged to enp0s25.

    Adapter types are Intel PRO/1000 MT Desktop (82540EM), promiscuous mode is disabled for both, cable is connected for both.

    Port forwarding is default, I suppose. Seems like there shouldn’t be anything by default, but not sure.

  6. Start your Windows 7, make sure that adapters are detected
  7. Make sure you can access internet or whatever you want to access via bridged adapter, it should be configured by windows with help of dhcp or whatever your cable connection is (static routing may be needed here, if your provider requires it).
  8. Better rename them on this stage to not confuse anything later.
  9. Second adapter (host-only) should be configured to use static routing.

    I use these settings: 192.168.56.2, 255.255.255.0, default gateway is 192.168.56.2 too, DNS is 8.8.8.8 (not used). (configure it in panel/network settings/adapter settings, right click on adapter/settings)

  10. Configure linux routing.

    Disable any kind of networking managers (rc-config stop NetworkManager && killall dhcpcd).

    Remove all routes, that are currently installed (“ip r”; then “ip r delete ROUTE” for every item in “ip r” that looks like “default” or “ip/mask”). 127.0.0.1-localhost may be left.

    Add static routes:

    ip r add 192.168.56.0/24 dev vboxnet0 src 192.168.56.1

  11. Try to ping your guest from host, that should work now, as everything belonging to 192.168.56.X is routing via vboxnet0.

    ping 192.168.56.2

  12. Also try to ping your host from guest, that should work too.
  13. On your Windows box, open settings of bridge adapter and switch to second tab (It should be named “access” or something, I’m using non-english locale in Windows).
  14. Enable ICS (Internet Connection Sharing) there, I also disabled second option (let others to rule this connection). Not sure if the following makes any sense, but I also enabled all services in “settings” menu (button on the “access” tab), except skype.
  15. Make sure you can still ping anything from your guest.
  16. Remove all routes from host (not sure if needed), launch “dhcpcd vboxnet0”, it will set up new routing settings. Mine are these (different from what we set up before, maybe step 10-11 aren’t needed: default via 192.168.137.1 dev vboxnet0 metric 206 127.0.0.0/8 dev lo scope host 192.168.137.0/24 dev vboxnet0 proto kernel scope link src 192.168.137.81 metric 206
  17. Now you should be able to ping internet from your host. Try it out. It’s also should be possible to ping internet from guest.
  18. Enable your Citrix on Windows.
  19. Check, if you’re able to ping anything behind VPN from guest (I’m testing it on 10.2.134.* inside servers). It should be working from host too.
  20. Step 19 is unobvious. Sometimes Citrix fails to enable, sometimes it takes about some minutes for him to start working. I’m not sure how does that work. Stopping Citrix Adapter at all and then logging back helps sometimes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment