Remote Network Connection Installation And Administration Guide For Linux Mac OS
User Manual:
Open the PDF directly: View PDF 
.
Page Count: 27
| Download | |
| Open PDF In Browser | View PDF |
[Type here]
Remote Network Connection™ Installation
Guide for Linux
Remote Network Connection™ Installation and Administration Guide for Linux
Remote Network Connection™ Installation and Administration Guide
for Linux
Product version: 2.0.1
Documentation version: 5
This document was last updated on: March 28, 2019
Legal Notice
The Remote Network Connection™ name and associated trademarks, logos are registered trademarks
of CloudTrust Ltd. Copyright © CloudTrust Ltd. 2006-2019. All rights reserved.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be reproduced in
any form by any means without prior written authorization of CloudTrust Ltd. and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE
EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. CLOUDTRUST LTD. SHALL NOT BE
LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS
DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
CloudTrust Ltd.
http://cloudtrust.solutions
2
Remote Network Connection™ Installation and Administration Guide for Linux
Technical Support
For information about CloudTrust’s support offerings, you can visit our website at the following URL:
http://cloudtrust.solutions/support/
All support services will be delivered in accordance with your support agreement and the then-current
enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support information at the following
URL:
http://cloudtrust.solutions/support/
Before contacting Technical Support, make sure you have satisfied the system requirements that are
listed in your product documentation. Also, you should be at the computer on which the problem
occurred, in case it is necessary to replicate the problem.
When you contact Technical Support, please have the following information available:
Product release level
Hardware information
Available memory, disk space, and NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
o Error messages and log files
o Troubleshooting that was performed before contacting CloudTrust
o Recent software configuration changes and network changes
3
Remote Network Connection™ Installation and Administration Guide for Linux
Contents
Remote Network Connection™ Installation and Administration Guide for Linux .................................... 2
Legal Notice ......................................................................................................................................... 2
Technical Support .................................................................................................................................... 3
Contacting Technical Support .............................................................................................................. 3
Installing Remote Network Connection™ ................................................................................................ 6
Planning the installation ...................................................................................................................... 6
Plan your installation structure ........................................................................................................ 6
Prepare for and then install Remote Network Connection™ ........................................................... 6
System requirements for Remote Network Connection™ ................................................................... 7
Internationalization requirements ....................................................................................................... 8
Product license requirements .............................................................................................................. 8
Supported virtual installations and virtualization products ................................................................. 9
Network architecture considerations .................................................................................................. 9
Installing Microsoft .NET Core ............................................................................................................... 11
To install Microsoft .NET Core for Linux............................................................................................. 11
Installing Remote Network Connection™ .............................................................................................. 12
Running Remote Network Connection™ as a Linux daemon ................................................................. 14
To run Remote Network Connection™ as a Linux daemon ................................................................ 14
Configure SystemD ............................................................................................................................ 14
Stopping and restarting the service ................................................................................................... 15
Cleaning up ........................................................................................................................................ 16
Viewing logs ....................................................................................................................................... 16
Remote Network Connection™ and IP Masquerading ........................................................................... 17
Remote Network Connection™ and Internet Connection Sharing..................................................... 17
Fine-tune Remote Network Connection™ logging ................................................................................. 19
To fine-tune Remote Network Connection™ logging......................................................................... 19
Running multiple Remote Network Connection™ as a Linux daemon ................................................... 20
To run multiple Remote Network Connection™ as a Linux daemon.................................................. 20
Product updates .................................................................................................................................... 22
Prerequisites for .NET Core on Linux ..................................................................................................... 22
Interconnection with other networks .................................................................................................... 23
Remote Network Connection™ by default enables split tunneling........................................................ 24
4
Remote Network Connection™ Installation and Administration Guide for Linux
What is split tunneling? ..................................................................................................................... 24
Identity authentication with Remote Network Connection™ ................................................................ 25
Remote Network Connection™ in Docker Container ............................................................................. 26
Create a Dockerfile for Remote Network Connection™ application .................................................. 26
Build and run the Remote Network Connection™ Docker image ...................................................... 27
List Docker images ............................................................................................................................. 27
Remove Remote Network Connection™ Docker image ..................................................................... 27
5
Remote Network Connection™ Installation and Administration Guide for Linux
Installing Remote Network Connection™
Planning the installation
Plan your installation structure
Before you install the product, consider the size and geographical distribution of your network to
determine the installation architecture. To ensure good network performance, you need to evaluate
several factors. These factors include how many computers need networking, whether any of those
computers connect over a wide-area network, or how often to works.
If your network is small, is located in one geographic location, and has fewer than 500 clients,
you need to use only one Remote Network Connection™ server.
If the network is very large, you can install additional sites. To provide additional redundancy,
you can install additional sites for failover or load balancing support.
If your network is geographically dispersed, you may need to install additional servers for load
balancing and bandwidth distribution purposes.
Prepare for and then install Remote Network Connection™
Make sure the computer on which you install the management server meets the minimum system
requirements.
To install Remote Network Connection™, you must be logged on with an account that grants local
administrator access.
Install Remote Network Connection™.
Decide on the following items when you configure the Remote Network Connection™:
A Remote Network Connection™ server address, which may be needed depending on the
options that you select during installation
A Ticket ID, which may be needed depending on the options that you select during installation
A Passphrase, which may be needed depending on the options that you select during
installation
A local internet connection proxy settings, proxy server address, username and password
6
Remote Network Connection™ Installation and Administration Guide for Linux
System requirements for Remote Network Connection™
Component
Processor
Physical RAM
Hard drive
Operating system
(server)
Graphical desktop
environments
Requirements
64-bit processor: 2 GHz Pentium 4 with x86-64 support or equivalent
minimum (x86-64 or amd64), ARM (armhf)
512 MB (1 GB recommended), or higher if required by the operating system
60 MB of available hard disk space for the installation; additional space is
required for content and logs
Red Hat Enterprise Linux 7
CentOS 7
Oracle Linux 7
Fedora 25, Fedora 26
Debian 8.7 or later versions
Ubuntu 17.04, Ubuntu 16.04, Ubuntu 14.04
Linux Mint 18, Linux Mint 17
openSUSE 42.2 or later versions
SUSE Enterprise Linux (SLES) 12 SP2 or later versions
You can use the following graphical desktop environments to view the
Remote Network Connection™ for Linux client:
KDE
Gnome
Unity
Remote Network Connection™ client for Linux system requirements
7
Remote Network Connection™ Installation and Administration Guide for Linux
Internationalization requirements
Certain restrictions apply when you install Remote Network Connection™ in a non-English or mixedlanguage environment.
Component
Computer names, server names, and
workgroup names
English characters
Requirements
Non-English characters are supported with the following
limitations:
Network audit may not work for a host or user that
uses a double-byte character set or a high-ASCII
character set.
Double-byte character set names or high-ASCII
character set names may not appear properly on the
Remote Network Connection™ client user interface.
A long double-byte or high-ASCII character set host
name cannot be longer than what NetBIOS allows.
English characters are required in the following situations:
Deploy a client package to a remote computer.
Define the installation path for Remote Network
Connection™.
Internationalization requirements
Product license requirements
If you want to use Remote Network Connection™ after the trial period expires, you must purchase and
then activate a product license.
A trial license refers to a fully functioning installation of Remote Network Connection™ operating within
the free evaluation period. If you want to continue using Remote Network Connection™ beyond the
evaluation period, you must purchase and activate a license for your installation. You do not need to
uninstall the software to convert from trialware to a licensed installation.
The evaluation period is 1 day from the initial installation of Remote Network Connection™.
8
Remote Network Connection™ Installation and Administration Guide for Linux
Supported virtual installations and virtualization products
You use the Remote Network Connection™ clients to protect the supported operating systems that run
in the virtual environments. You can also install and manage Remote Network Connection™ on the
supported operating systems that run in virtual environments. You install Remote Network
Connection™ on the guest operating system, not the host.
Component
Remote Network Connection™
components
Virtualization product
Windows Azure
Amazon WorkSpaces
VMware WS 5.0 (workstation) or later
VMware GSX 3.2 (enterprise) or later
VMware ESX 2.5 (workstation) or later
VMware ESXi 4.1 - 5.5
Microsoft Virtual Server 2005
Microsoft Enterprise Desktop Virtualization (MED-V)
Windows Server 2008 Hyper-V
Windows Server 2012 Hyper-V
Windows Server 2012 R2 Hyper-V
Citrix XenServer 5.6 or later
Virtual Box, supplied by Oracle
Supported virtualization products
Network architecture considerations
You can install Remote Network Connection™ for testing purposes without considering your company
network architecture. You can install Remote Network Connection™ with a few clients, and become
familiar with the features and functions.
When you are ready to install the production clients, you should plan your deployment based on your
organizational structure and computing needs.
You should consider the following elements when you plan your deployment:
Remote console: Administrators can use a remote computer that runs the console software to
access Remote Network Connection™. Administrators may use a remote computer when they
are away from the office. You should ensure that remote computers meet the remote console
requirements.
Local and remote computers: Remote computers may have slower network connections. You
may want to use a different installation method than the one you use to install to local
computers.
Portable computers such as notebook computers: Portable computers may not connect to the
network on a regular schedule.
Computers that are located in secure areas: Computers that are located in secure areas may
need different security settings from the computers that are not located in secure areas.
9
Remote Network Connection™ Installation and Administration Guide for Linux
Communication server ports
Remote Network Connection™ uses the following ports by default. To change the default ports, choose
the custom installation type when you run the Setup Wizard.
All communication over these ports is sent over TCP.
Setting
Remote Network Connection™
server port
Default
443
Remote Network Connection™
LiveUpdate server port
443
Description
Remote Network Connection™ server listens on this
port. The Remote Network Connection™ clients
communicate with the server on this port.
The Remote Network Connection™ clients checks
and downloads the latest client version on this port.
Remote Network Connection™ ports
10
Remote Network Connection™ Installation and Administration Guide for Linux
Installing Microsoft .NET Core
To install Microsoft .NET Core
Note: You must have superuser privileges to install the Remote Network Connection™ client on the Linux
computer. The procedure uses sudo to demonstrate this elevation of privilege.
To install Microsoft .NET Core for Linux
Supported Linux versions
.NET Core 2.0 treats Linux as a single operating system. There is a single Linux build (per chip
architecture) for supported Linux distros. NET Core 2.x is supported on the following Linux 64-bit (x8664 or amd64) distributions/versions:
Red Hat Enterprise Linux 7
CentOS 7
Oracle Linux 7
Fedora 25, Fedora 26
Debian 8.7 or later versions
Ubuntu 17.04, Ubuntu 16.04, Ubuntu 14.04
Linux Mint 18, Linux Mint 17
openSUSE 42.2 or later versions
SUSE Enterprise Linux (SLES) 12 SP2 or later versions
Prerequisites for .NET Core on Linux
https://docs.microsoft.com/en-us/dotnet/core/linux-prerequisites?tabs=netcore2x
NET Core native installers are available for supported Linux distributions/versions. The native installers
require admin (sudo) access to the server. The advantage of using a native installer is that all of the .NET
Core native dependencies are installed. Native installers also install the .NET Core SDK system-wide.
11
Remote Network Connection™ Installation and Administration Guide for Linux
Installing Remote Network Connection™
To install Remote Network Connection™
Note: You must have superuser privileges to install the Remote Network Connection™ client on the Linux
computer. The procedure uses sudo to demonstrate this elevation of privilege.
To install the Remote Network Connection™ client for Linux
Download the installation package. The package is a .tar.gz file.
bash
sudo apt-get install wget
sudo wget https://rnc.services/setup.tar.gz
Copy the installation package that you downloaded to the Linux computer. The package is a .tar.gz file.
On the Linux computer, open a terminal application window.
Navigate to the working directory/installation directory with the following command:
bash
cd $(pwd)
Where directory is the name of the directory into which you copied the .tar.gz file.
Extract the contents of the .tar.gz file into a directory named bin with the following command:
bash
mkdir bin
tar -zxvf setup.tar.gz -C ./bin
Where setup.tar.gz is the full name of the .tar.gz file, and bin represents a destination folder into which
the extraction process places the installation files.
If the destination folder does not exist, the extraction process creates it.
Navigate to bin with the following command:
bash
cd bin
To correctly set the execute file permissions on install.sh, use the following command:
bash
chmod u+x install.sh
12
Remote Network Connection™ Installation and Administration Guide for Linux
Use the built-in script to install Remote Network Connection™ with the following command:
bash
sudo -i # and change directory to $(pwd)/bin again
./install.sh -i
Enter your password if prompted.
This script initiates the installation of the Remote Network Connection™ components. The default
installation directory is as follows: $(pwd)/bin
The installation completes when the command prompt returns. You do not have to restart the computer
to complete the installation.
After the initial installation completes, you configure the Remote Network Connection™ server address
and Ticket ID.
appsettings.json
{
"TicketID" : "",
"ServerAddress" : "services.rnc.services:443",
"NetworkPassphrase" : "",
"MemberID" : "",
"MemberDescription" : "sample description"
}
* Note: Your Ticket ID should be in an email that shows you bought Remote Network Connection™ subscription.
A Remote Network Connection™ Ticket ID is a value consisting of one group of 8 hexadecimal digits, followed by
three groups of 4 hexadecimal digits each, followed by one group of 12 hexadecimal digits - groups separated by
hyphens. The Ticket ID looks similar to this: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
** Note: A Remote Network Connection™ Member ID is a unique value consisting of one group of 8 hexadecimal
digits, followed by three groups of 4 hexadecimal digits each, followed by one group of 12 hexadecimal digits groups separated by hyphens. The Member ID looks similar to this: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Universally Unique ID library (uuid-runtime or uuid-devel package) is suitable for generating a unique identifier.
13
Remote Network Connection™ Installation and Administration Guide for Linux
Running Remote Network Connection™ as a Linux daemon
To run Remote Network Connection™ as a Linux daemon
Note: You must have superuser privileges to install the Remote Network Connection™ client on the Linux
computer. The procedure uses sudo to demonstrate this elevation of privilege. Linux has a case-sensitive
file system.
Create SystemD rncsvc.service file.
rncsvc.service
[Unit]
Description=Remote Network Connection Service
After=network.target
[Service]
ExecStart=/usr/bin/dotnet $(pwd)/bin/RNCService.dll
Restart=always
#Restart=on-failure
RestartSec=2 # Restart service after 2 seconds if dotnet service crashes
SyslogIdentifier=remotenetworkconnection
[Install]
WantedBy=multi-user.target
Configure SystemD
Copy service file to a System location.
bash
sudo cp rncsvc.service /lib/systemd/system
Reload SystemD and enable the service, so it will restart on reboots.
bash
sudo systemctl daemon-reload
sudo systemctl enable rncsvc
Start the service.
bash
sudo systemctl start rncsvc
14
Remote Network Connection™ Installation and Administration Guide for Linux
Start the service and verify that it's running.
bash
systemctl status rncsvc
Tail the service log.
Remote Network Connection application’s output can be examined with journalctl.
bash
journalctl --unit rncsvc --follow
Stopping and restarting the service
Stop the service.
bash
sudo systemctl stop rncsvc
systemctl status rncsvc
Restart the service.
bash
sudo systemctl start rncsvc
systemctl status rncsvc
15
Remote Network Connection™ Installation and Administration Guide for Linux
Cleaning up
Ensure service is stopped.
bash
sudo systemctl stop rncsvc
Disable.
bash
sudo systemctl disable rncsvc
Remove and reload SystemD.
bash
sudo rm rncsvc.service /lib/systemd/system/rncsvc.service
sudo systemctl daemon-reload
Verify SystemD.
bash
systemctl --type service |& grep rncsvc
Viewing logs
A centralized journal includes all entries for all services and processes managed by systemd. To view the
rncsvc.service specific items, use the following command:
bash
sudo journalctl -fu rncsvc.service
For further filtering, time options such as --since today, --until 1 hour ago or a combination of these can
reduce the amount of entries returned.
bash
sudo journalctl -fu rncsvc.service --since "2018-10-13" --until "2018-10-13 04:00"
16
Remote Network Connection™ Installation and Administration Guide for Linux
Remote Network Connection™ and IP Masquerading
Remote Network Connection™ and Internet Connection Sharing
The purpose of IP Masquerading is to allow machines with private, non-routable IP addresses on your
network to access the Internet through the machine doing the masquerading. Traffic from your private
network destined for the Internet must be manipulated for replies to be routable back to the machine
that made the request. To do this, the kernel must modify the source IP address of each packet so that
replies will be routed back to it, rather than to the private IP address that made the request, which is
impossible over the Internet.
Linux uses Connection Tracking to keep track of which connections belong to which machines and
reroute each return packet accordingly. Traffic leaving your private network is thus "masqueraded" as
having originated from your Ubuntu gateway machine. This process is referred to in Microsoft
documentation as Internet Connection Sharing.
This can be accomplished with a single iptables rule, which may differ slightly based on your network
configuration:
bash
sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o wlan0 -j MASQUERADE
*Note: without the -s switch, any IP address range to be routed through the specified network device
The above command assumes that your private address space is 192.168.0.0/16 and that your Internetfacing device is wlan0. The syntax is broken down as follows:
-t nat -- the rule is to go into the nat table
-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain
-s 192.168.0.0/16 -- the rule applies to traffic originating from the specified address space
-o wlan0 -- the rule applies to traffic scheduled to be routed through the specified network
device
-j MASQUERADE -- traffic matching this rule is to "jump" (-j) to the MASQUERADE target to be
manipulated as described above
17
Remote Network Connection™ Installation and Administration Guide for Linux
Each chain in the filter table - the default table, and where most or all packet filtering occurs - has a
default policy of ACCEPT, but if you are creating a firewall in addition to a gateway device, you may have
set the policies to DROP or REJECT, in which case your masqueraded traffic needs to be allowed through
the FORWARD chain for the above rule to work:
bash
sudo iptables -A FORWARD -s 192.168.0.0/16 -o wlan0 -j ACCEPT
sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i wlan0 -j
ACCEPT
The above commands will allow all connections from your local network to the Internet and all traffic
related to those connections to return to the machine that initiated them.
18
Remote Network Connection™ Installation and Administration Guide for Linux
Fine-tune Remote Network Connection™ logging
To fine-tune Remote Network Connection™ logging
Remote Network Connection™ can be configured to make fewer log entries. In this case, journal entries
also can be radically reduced - which is especially useful when using hardware (e.g RASPBERRY PI 3
MODEL B, embedded PC) with SD card with limited write cycles.
Stop the service.
bash
sudo systemctl stop rncsvc
systemctl status rncsvc
Modify appsettings.json and add RealtimeDebugInformation parameter.
appsettings.json
{
…,
"RealtimeDebugInformation" : "off"
}
Restart the service.
bash
sudo systemctl start rncsvc
systemctl status rncsvc
19
Remote Network Connection™ Installation and Administration Guide for Linux
Running multiple Remote Network Connection™ as a Linux daemon
To run multiple Remote Network Connection™ as a Linux daemon
Note: You must have superuser privileges to install the Remote Network Connection™ client on the Linux
computer. The procedure uses sudo to demonstrate this elevation of privilege. Linux has a case-sensitive
file system.
Make a copy of the previously installed Remote Network Connection™ application into a different
directory – eg. bin2.
Create SystemD rncsvc2.service file, and step-by-step to make the previous settings but now with the
new directory and the new daemon configuration file.
Modify appsettings.json and add AdapterIndex parameter – default AdapterIndex is 0
appsettings.json
{
…,
"AdapterIndex" : "1"
}
Start the service.
bash
sudo systemctl start rncsvc2
Add routing tables and rules binding source IP address for each route, and add those as default gateway
for each network interface.
Add new routing tables in /etc/iproute2/rt_tables
# cat /etc/iproute2/rt_tables
100 t1
101 t2
Add routes to those routing tables
bash
# ip route add 10.238.0.0/16 dev rnc0 src 10.238.197.6 table t1
# ip route add table t1 default via 10.238.197.254 dev rnc0
# ip route show table t1
default via 10.238.197.254 dev rnc0
10.238.0.0/16 dev rnc0 scope link src 10.238.197.6
20
Remote Network Connection™ Installation and Administration Guide for Linux
Add routes to those routing tables
bash
# ip route add 10.238.0.0/16 dev rnc1 src 10.238.197.7 table t2
# ip route add table t2 default via 10.238.197.254 dev rnc1
# ip route show table t2
default via 10.238.197.254 dev rnc1
10.238.0.0/16 dev rnc1 scope link src 10.238.197.7
Add rules to apply traffic to the routing tables
bash
# ip rule add table t1 from 10.238.197.6
# ip rule add table t2 from 10.238.197.7
# ip route show
10.238.0.0/16 dev rnc0 scope link
Set interfaces ready for receiving ARP replies
bash
# sysctl net.ipv4.conf.default.arp_filter=1
To make this routes persistent following configuration files have to be changed
For receiving ARP replies:
bash
# grep arp_filter /etc/sysctl.conf
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.default.arp_filter = 1
For sending ARP:
bash
# grep arp_announce /etc/sysctl.conf
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_announce = 2
Checking ping with -I IPADDR
bash
# ping -I 10.238.197.6 DSTADDR
# ping -I 10.238.197.7 DSTADDR
21
Remote Network Connection™ Installation and Administration Guide for Linux
Product updates
Product updates are improvements to the installed client software. These updates are usually created
to extend the operating system or hardware compatibility, adjust performance issues, or fix product
errors. Product updates are released on an as-needed basis. Clients can receive product updates directly
from a Remote Network Connection™ LiveUpdate server.
Prerequisites for .NET Core on Linux
Linux distribution dependencies
Ubuntu
Ubuntu distributions require the following libraries installed:
libunwind8, liblttng-ust0, libcurl3, libssl1.0.0, libuuid1, libkrb5, zlib1g, libicu52 (for 14.X), libicu55 (for
16.X), libicu57 (for 17.X)
CentOS
CentOS distributions require the following libraries installed:
libunwind, lttng-ust, libcurl, openssl-libs, libuuid, krb5-libs, libicu, zlib
More information: https://docs.microsoft.com/en-us/dotnet/core/linux-prerequisites
22
Remote Network Connection™ Installation and Administration Guide for Linux
Interconnection with other networks
There are several ways to extend the virtual network segment created by the Remote Network
Connection™ VPN solution, depending on the usage needs and the requirements of the applications to
be used:
IP Routing,
Port Forwarding can all be used.
The Remote Network Connection™ VPN solution can be extended using other, classic, standard network
solutions - e.g. L2TP/IPSec server connections.
To select the best way to connect to the other networks, you may need to investigate the usage
patterns, and you may need to analyze the operation and the traffic patterns of the applications to be
used.
The Remote Network Connection™ VPN solution can be used to build point-to-point, point-to-site, and
even site-to-site connections.
23
Remote Network Connection™ Installation and Administration Guide for Linux
Remote Network Connection™ by default enables split tunneling
When you configure a Remote Network Connection™ VPN solution, the default setting is to enable split
tunneling. What split tunneling refers to is the fact that only connections to the private network are sent
over the Remote Network Connection™ VPN tunnels. If the user wants to connect to resources on the
Internet, the connection is made over the local link - that is to say, the connection is sent directly to the
Internet based on the IP addressing configuration on the Remote Network Connection™ client
computer's NIC.
Remote Network Connection™ by default use 10.238.0.0/16 IPv4 addresses as VPN address as a unique
IP address to each Remote Network Connection™ Adapter in the range of 10.238.0.0/16 subnet.
What is split tunneling?
Split tunneling is a computer networking concept which allows the user to access dissimilar security
domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time, using the
same or different network connections. This connection state is usually facilitated through the
simultaneous use of a Local Area Network (LAN) Network Interface Card (NIC), Wireless Local Area
Network (WLAN) NIC, and Remote Network Connection™ VPN client software application without the
benefit of access control.
The advantage of split tunneling is that users have a much better computing experience, especially when
accessing Internet based resources. In addition, users on the private network are likely to have a better
computing experience when accessing resources on the Internet, since the Remote Network
Connection™ client traffic isn't consuming corporate Internet bandwidth to connect to Internet
resources - it alleviates bottlenecks and conserves bandwidth. The combined advantages of improved
Remote Network Connection™ client and private network client Internet computing experience makes
it worthwhile to make split tunneling the default configuration for Remote Network Connection™ VPN
communications.
Another advantage is in the case where a user works at a supplier or partner site and needs access to
network resources on both networks throughout the day. Split tunneling prevents the user from having
to continually connect and disconnect.
24
Remote Network Connection™ Installation and Administration Guide for Linux
Identity authentication with Remote Network Connection™
Remote Network Connection™ server can be configured to require endpoint SSL authentication
certificates when establishing the SSL/TLS communications channel. Remote Network Connection™ VPN
application supports USB tokens as a mean to increase identity authentication, to enforce security policy
while keeping it simple for users and IT managers.
Remote Network Connection™ VPN application is natively interoperable with a large range of tokens
and smart cards because it supports smart cards interface to the Microsoft Smart Card Base
Cryptographic Service Provider (CSP). Remote Network Connection™ VPN application always accesses
the Windows Certificate Store in CSP mode.
Remote Network Connection™ VPN application recognizes the smart cards or USB tokens from leading
manufacturers (Gemalto, Oberthur, Aladdin, SafeNet, Yibico, Feitian, etc.). The list below shows the
qualified or supported tokens with Remote Network Connection™ VPN application:
SafeNet/Aladdin - eToken PRO 64k
Yubico - Yubikey Neo
Omnikey - Omnikey Cardman 3121, Omnikey CM 6121
Gemalto - Gemalto IDBridge K30 USB Token
Remote Network Connection™ VPN application can be configured to check the certification chain of the
certificate received from the Remote Network Connection™ server. This feature requires importing the
root certificate and all the certificates of the certification chain in the Windows Certificate Store.
Remote Network Connection™ VPN application will also use the CRL (Certification Revocation List) of
each intermediate certification authority. This CRL must be accessible, either in the Windows Certificate
Store or downloadable. If not, the Remote Network Connection™ VPN application won't be able to check
the validity of the certificate.
Remote Network Connection™ VPN application checks the following elements of the certification chain:
the expiration date of the certificate
validity beginning date of the certificate
signature of each certificate in the certification chain (included the root certificate, the
intermediate certificates, and the server certificate)
the update of each CRL
* Unique installation of Remote Network Connection™ VPN solution allows integrating Identity
authentication into Remote Network Connection™ application's sign-in processes and providing secure
TLS communication channel.
25
Remote Network Connection™ Installation and Administration Guide for Linux
Remote Network Connection™ in Docker Container
Docker can build images automatically by reading the instructions from a Dockerfile. A Dockerfile is a
text document that contains all the commands a user could call on the command line to assemble an
image. Using docker build users can create an automated build that executes several command-line
instructions in succession.
This paragraph describes the commands you can use in a Dockerfile to install Remote Network
Connection™.
Remote Network Connection™ Dockerfile location: https://rnc.services/Dockerfile
Create a Dockerfile for Remote Network Connection™ application
Create a Dockerfile in your project folder.
Add the text below to your Dockerfile for either Linux or Windows Containers. The tags below are multiarch meaning they pull either Windows or Linux containers depending on what mode is set in Docker
Desktop for Windows. Reference: https://docs.docker.com/engine/reference/builder/
Dockerfile
# Remote Network Connection(TM) setup for Docker Container
FROM mcr.microsoft.com/dotnet/core/sdk
ENV RNC_TICKET_ID=
ENV RNC_SERVER_ADDRESS=services.rnc.services
ENV RNC_NETWORK_PASSPHRASE=
# Installing required packages
RUN apt-get update
RUN apt-get update -y
RUN apt-get install sudo
RUN apt-get install libunwind8
RUN apt-get install wget
RUN apt-get install openssl
RUN apt-get install uuid-runtime
# Download Remote Network Connection setup.tar.gz package
RUN wget https://rnc.services/setup.tar.gz
# Extracting Remote Network Connection application
RUN mkdir ./root/bin
RUN tar -zxvf setup.tar.gz -C ./root/bin
# Setting up Remote Network Connection appsettings.json parameter file
RUN echo "{" >> ./root/bin/appsettings.json
RUN echo " \"TicketID\" : \"$RNC_TICKET_ID\"," >> ./root/bin/appsettings.json
26
Remote Network Connection™ Installation and Administration Guide for Linux
RUN echo " \"ServerAddress\" : \"$RNC_SERVER_ADDRESS:443\"," >> ./root/bin/appsettings.json
RUN echo -n " \"NetworkPassphrase\" : \"" >> ./root/bin/appsettings.json
RUN printf $RNC_NETWORK_PASSPHRASE | openssl base64 | awk 'BEGIN{ORS="";} {print}' >>
./root/bin/appsettings.json
RUN echo "\"," >> ./root/bin/appsettings.json
RUN echo -n " \"MemberID\" : \"" >> ./root/bin/appsettings.json
RUN echo "" | uuidgen | tr /a-z/ /A-Z/ | tr "\n" "\"," >> ./root/bin/appsettings.json
RUN echo "," >> ./root/bin/appsettings.json
RUN echo " \"MemberDescription\" : \"$HOSTNAME\"" >> ./root/bin/appsettings.json
RUN echo "}" >> ./root/bin/appsettings.json
# Finalizing Remote Network Connection setup
RUN chmod u+x ./root/bin/RNCLnxClient.out
# Running Remote Network Connection application
WORKDIR ./root/bin/
ENTRYPOINT ["dotnet", "RNCService.dll"]
Build and run the Remote Network Connection™ Docker image
Open a command prompt and navigate to your project folder.
Use the following commands to build and run your Docker image:
docker
$ docker build -t rnc:latest .
$ docker run --cap-add=NET_ADMIN --device=/dev/net/tun -it rnc
List Docker images
docker
$ docker image ls
Remove Remote Network Connection™ Docker image
docker
$ docker image rm -f rnc
27
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : No Page Count : 27 Language : hu-HU Tagged PDF : Yes Author : Gábor GARAMI Creator : Microsoft® Word 2013 Create Date : 2019:03:28 21:16:19+01:00 Modify Date : 2019:03:28 21:16:19+01:00 Producer : Microsoft® Word 2013EXIF Metadata provided by EXIF.tools