locked
Network Connector support on linux RRS feed

  • Question

  • Hi,

    We are running IAG 2007 SP2 and have configured what seems to be all the components required for the endpoint client to function properly.

    the problem we have is that when the SSL Application Java wrapper comes up the network connector application "VPN Acess" comes up with an error of this application can only be run on a windows operating system. Is the IAG able to create a proper VPN tunnel for linux?

    All help appreciated.
    Thursday, July 23, 2009 3:21 PM

Answers

  • Hi Amigo. The way to force the Java Wrapper client is to select the "Disabled" option when specifying the socket forwarder working mode in the "client settings" tab of the published application. Java client is an alternative to ActiveX for client-server applications handling (encapsulation) when the operating system or the browser are not Microsoft´s technology. Java Wrapper is not an alternative to the network connector, is a way to tunnelize the traffic of client server applications but not a "network-level-VPN" as the network connector is Hope it helps
    // Raúl - I love this game
    Friday, July 24, 2009 9:40 AM

All replies

  • Hi Charles,

    Network Connector is only available on Windows.
    On Linux you can use IAG's Java-based SSL Wrapper.

    -Ran
    Thursday, July 23, 2009 8:40 PM
  • Hi Ran,

    Thanks for your post. I am however still struggling with this one.

    How do you enable the IAG Java based SSL Warapper as it does not seem to be within one of the drop downs when creating an application. Network connector is there but no such luck finding the SSL Wrapper.

    Essentially we are looking to provide linux administration users with full VPN access the same as the functiaonlity of the network connector.

    When using Linux we can access the portal and pass all the endpoint security requriements (AV / Firewall) detection with no problem. The network connector application we have for windows is available and when when we execute it the SSL Wrapper Java Client comes up in portal activity. However no tunnel is created (becuase we need the app to run on the endpoint, which only work on windows).

    Am I missing something here.

    Sorry feeling very dazed and confuzed.

    Cheers
    Friday, July 24, 2009 8:57 AM
  • Hi Amigo. The way to force the Java Wrapper client is to select the "Disabled" option when specifying the socket forwarder working mode in the "client settings" tab of the published application. Java client is an alternative to ActiveX for client-server applications handling (encapsulation) when the operating system or the browser are not Microsoft´s technology. Java Wrapper is not an alternative to the network connector, is a way to tunnelize the traffic of client server applications but not a "network-level-VPN" as the network connector is Hope it helps
    // Raúl - I love this game
    Friday, July 24, 2009 9:40 AM
  • Thank you Raul, for clarifying my too short reply,

    Charles, as Raul mentioned, I should have made clear in my previous reply that the Java SSL Wrapper is not a replacement or an equivalent of Network Connector, so you will not get the same kind of user experience as when using Windows client machines.

    You do not have to specifically enable or force the Java SSL Wrapper. It will automatically be launched whenever there is a need to establish a tunnel between the endpoint machine and the IAG server, in order to allow non-HTTP traffic to flow to some backend application.

    In other words, you need to publish one or more specific applications, as per your needs, to allow access to those apps and backend servers that the linux admins need. You will most probably want to use a Generic Client/Server applicaiton template on the IAG Add Application wizard.

    HTH, regards,
    -Ran
    Friday, July 24, 2009 11:23 AM
  • Thanks Guys,

    So in essence I have to publish a client application e.g. linux terminal "gnome-terminal". This would fire the application on the linux client and tunnel the traffic between the linux endpoint and the server infrastructure behind the IAG.

    Is that the right thinking?

    Does anyone else know if there is aplanned release for a linux network connector?

    Cheers Again

    Friday, July 24, 2009 11:36 AM
  • Hi Charles,

    I am not familiar with "gnome-terminal" application, but you can publish any client-server application.
    Launching it through IAG portal will cause IAG to open the SSL VPN tunnel and the traffic will be tunneled between the Linux client application, over IAG, and to the server application on the server side (that you must configure).

    Regards,
    Gitit
    Sunday, July 26, 2009 8:00 AM
  • Just wanted to clarify slightly more as it was earlier pointed out and now listed as the answer, that the way to force the java ssl wrapper is to select "disabled" on the client settings within the app.   To be a little more accurate, just wanted to make sure all are aware that Socket Forwarder is completely different from SSL Wrapper.  SSL Wrapper is the tunneling component (available in activex or java) that knows how to listen on local client ip's, encrypt/decrypt and communicate with IAG, and in many circumstances modify a client configuration like hosts, ini, registry, etc to "trick" the client appliaction in talking to it instead of directly to internal server.  The socket forwarder when used is an additional "advanced trick" that can be used to divert connections from a client program to the ssl wrapper.  The socket forwarder basically is standard NSP/LSP functionality and therefore sits in the winsock stack and can intercept name lookups or routing decisions.  SO...  disabling socket forward doesn't really have an exact relationship to JAVA version of sslwrapper.    The ssl wrapper is needed whether socket forwarder is used or not, and the decision of whether the client uses the java version or the active x version is independent of the use of socket forward and the "disabled" setting.  In general activex is used for ie on windows, and java is used for everything else. 

    Note that the option of "disabled" or "basic/extended/vpn" for socket forwarder is even slightly more complicated.  Disabled doesn't guarantee that socket forwarder is not used.  It only guarantee's that socket forwarder will not be installed inline, soley because the user clicked on this application.  If the user already had socket forwarder installed (maybe it auto installed up front in iag session, or was installed from some other application this session or another), then in many cases the socket forwarder will still be used even if the "disabled" radio button is selected.  Its dependent on the exact settings in the sslvpntemplate for that particular non-http app.
    Wednesday, July 29, 2009 10:09 PM