Remote Network Connection Installation And Administration Guide For Linux Mac OS
User Manual: Pdf
Open the PDF directly: View PDF 
.
Page Count: 20
[Type here]
Remote Network Connection™ Installation
Guide for Linux and macOS
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
2
Remote Network Connection™ Installation and Administration Guide
for Linux and macOS
Product version: 2.0.1
Documentation version: 3
This document was last updated on: February 11, 2018
Legal Notice
The Remote Network Connection™ name and associated trademarks, logos are registered trademarks
of CloudTrust Ltd. Copyright © CloudTrust Ltd. 2006-2018. All rights reserved.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be reproduced in
any form by any means without prior written authorization of CloudTrust Ltd. and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE
EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. CLOUDTRUST LTD. SHALL NOT BE
LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS
DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
CloudTrust Ltd.
http://cloudtrust.solutions
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
3
Technical Support
For information about CloudTrust’s support offerings, you can visit our website at the following URL:
http://cloudtrust.solutions/support/
All support services will be delivered in accordance with your support agreement and the then-current
enterprise technical support policy.
Contacting Technical Support
Customers with a current support agreement may access Technical Support information at the following
URL:
http://cloudtrust.solutions/support/
Before contacting Technical Support, make sure you have satisfied the system requirements that are
listed in your product documentation. Also, you should be at the computer on which the problem
occurred, in case it is necessary to replicate the problem.
When you contact Technical Support, please have the following information available:
Product release level
Hardware information
Available memory, disk space, and NIC information
Operating system
Version and patch level
Network topology
Router, gateway, and IP address information
Problem description:
o Error messages and log files
o Troubleshooting that was performed before contacting CloudTrust
o Recent software configuration changes and network changes
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
4
Contents
Remote Network Connection™ Installation and Administration Guide for Linux and macOS ............... 2
Legal Notice ......................................................................................................................................... 2
Technical Support .................................................................................................................................... 3
Contacting Technical Support ............................................................................................................. 3
Installing Remote Network Connection™ ............................................................................................... 5
Planning the installation ...................................................................................................................... 5
Plan your installation structure ....................................................................................................... 5
Prepare for and then install Remote Network Connection™ .......................................................... 5
System requirements for Remote Network Connection™ .................................................................. 6
Internationalization requirements ...................................................................................................... 7
Product license requirements ............................................................................................................. 7
Supported virtual installations and virtualization products ................................................................ 8
Network architecture considerations ................................................................................................. 8
Installing Remote Network Connection™ ............................................................................................. 10
Running Remote Network Connection™ as a Linux daemon ................................................................ 12
To run Remote Network Connection™ as a Linux daemon ............................................................... 12
Configure SystemD ............................................................................................................................ 12
Stopping and restarting the service .................................................................................................. 13
Cleaning up ........................................................................................................................................ 14
Viewing logs ....................................................................................................................................... 14
Running multiple Remote Network Connection™ as a Linux daemon.................................................. 15
To run multiple Remote Network Connection™ as a Linux daemon ................................................ 15
Product updates .................................................................................................................................... 17
Prerequisites for .NET Core on Linux ..................................................................................................... 17
Interconnection with other networks ................................................................................................... 18
Remote Network Connection™ by default enables split tunneling ...................................................... 19
What is split tunneling? ..................................................................................................................... 19
Identity authentication with Remote Network Connection™ ............................................................... 20
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
5
Installing Remote Network Connection™
Planning the installation
Plan your installation structure
Before you install the product, consider the size and geographical distribution of your network to
determine the installation architecture. To ensure good network performance, you need to evaluate
several factors. These factors include how many computers need networking, whether any of those
computers connect over a wide-area network, or how often to works.
If your network is small, is located in one geographic location, and has fewer than 500 clients,
you need to use only one Remote Network Connection™ server.
If the network is very large, you can install additional sites. To provide additional redundancy,
you can install additional sites for failover or load balancing support.
If your network is geographically dispersed, you may need to install additional servers for load
balancing and bandwidth distribution purposes.
Prepare for and then install Remote Network Connection™
Make sure the computer on which you install the management server meets the minimum system
requirements.
To install Remote Network Connection™, you must be logged on with an account that grants local
administrator access.
Install Remote Network Connection™.
Decide on the following items when you configure the Remote Network Connection™:
A Remote Network Connection™ server address, which may be needed depending on the
options that you select during installation
A Ticket ID, which may be needed depending on the options that you select during installation
A Passphrase, which may be needed depending on the options that you select during
installation
A local internet connection proxy settings, proxy server address, username and password
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
6
System requirements for Remote Network Connection™
Component
Requirements
Processor
64-bit processor: 2 GHz Pentium 4 with x86-64 support or equivalent
minimum
Physical RAM
512 MB (1 GB recommended), or higher if required by the operating system
Hard drive
60 MB of available hard disk space for the installation; additional space is
required for content and logs
Operating system
(server)
Red Hat Enterprise Linux 7
CentOS 7
Oracle Linux 7
Fedora 25, Fedora 26
Debian 8.7 or later versions
Ubuntu 17.04, Ubuntu 16.04, Ubuntu 14.04
Linux Mint 18, Linux Mint 17
openSUSE 42.2 or later versions
SUSE Enterprise Linux (SLES) 12 SP2 or later versions
Operating system
mac OS X 10.12
Remote Network Connection™ client for Linux system requirements
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
7
Internationalization requirements
Certain restrictions apply when you install Remote Network Connection™ in a non-English or mixed-
language environment.
Component
Requirements
Computer names, server names, and
workgroup names
Non-English characters are supported with the following
limitations:
Network audit may not work for a host or user that
uses a double-byte character set or a high-ASCII
character set.
Double-byte character set names or high-ASCII
character set names may not appear properly on the
Remote Network Connection™ client user interface.
A long double-byte or high-ASCII character set host
name cannot be longer than what NetBIOS allows.
English characters
English characters are required in the following situations:
Deploy a client package to a remote computer.
Define the installation path for Remote Network
Connection™.
Internationalization requirements
Product license requirements
If you want to use Remote Network Connection™ after the trial period expires, you must purchase and
then activate a product license.
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
8
Supported virtual installations and virtualization products
You use the Remote Network Connection™ clients to protect the supported operating systems that run
in the virtual environments. You can also install and manage Remote Network Connection™ on the
supported operating systems that run in virtual environments. You install Remote Network
Connection™ on the guest operating system, not the host.
Component
Virtualization product
Remote Network Connection™
components
Windows Azure
Amazon WorkSpaces
VMware WS 5.0 (workstation) or later
VMware GSX 3.2 (enterprise) or later
VMware ESX 2.5 (workstation) or later
VMware ESXi 4.1 - 5.5
Microsoft Virtual Server 2005
Microsoft Enterprise Desktop Virtualization (MED-V)
Windows Server 2008 Hyper-V
Windows Server 2012 Hyper-V
Windows Server 2012 R2 Hyper-V
Citrix XenServer 5.6 or later
Virtual Box, supplied by Oracle
Supported virtualization products
Network architecture considerations
You can install Remote Network Connection™ for testing purposes without considering your company
network architecture. You can install Remote Network Connection™ with a few clients, and become
familiar with the features and functions.
When you are ready to install the production clients, you should plan your deployment based on your
organizational structure and computing needs.
You should consider the following elements when you plan your deployment:
Remote console: Administrators can use a remote computer that runs the console software to
access Remote Network Connection™. Administrators may use a remote computer when they
are away from the office. You should ensure that remote computers meet the remote console
requirements.
Local and remote computers: Remote computers may have slower network connections. You
may want to use a different installation method than the one you use to install to local
computers.
Portable computers such as notebook computers: Portable computers may not connect to the
network on a regular schedule.
Computers that are located in secure areas: Computers that are located in secure areas may
need different security settings from the computers that are not located in secure areas.
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
9
Communication server ports
Remote Network Connection™ uses the following ports by default. To change the default ports, choose
the custom installation type when you run the Setup Wizard.
All communication over these ports is sent over TCP.
Setting
Default
Description
Remote Network Connection™
server port
443
Remote Network Connection™ server listens on this
port. The Remote Network Connection™ clients
communicate with the server on this port.
Remote Network Connection™
LiveUpdate server port
443
The Remote Network Connection™ clients checks
and downloads the latest client version on this port.
Remote Network Connection™ ports
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
10
Installing Remote Network Connection™
To install Remote Network Connection™
Note: You must have superuser privileges to install the Remote Network Connection™ client on the Linux
computer. The procedure uses sudo to demonstrate this elevation of privilege.
To install the Remote Network Connection™ client for Linux
Copy the installation package that you created to the Linux computer. The package is a .tar.gz file.
On the Linux computer, open a terminal application window.
Navigate to the working directory/installation directory with the following command:
bash
cd $(pwd)
Where directory is the name of the directory into which you copied the .tar.gz file.
Extract the contents of the .tar.gz file into a directory named bin with the following command:
bash
unzip "setup.tar.gz" -d bin
Where setup.tar.gz is the full name of the .tar.gz file, and bin represents a destination folder into which
the extraction process places the installation files.
If the destination folder does not exist, the extraction process creates it.
Navigate to bin with the following command:
bash
cd bin
To correctly set the execute file permissions on install.sh, use the following command:
bash
chmod u+x install.sh
Use the built-in script to install Remote Network Connection™ with the following command:
bash
sudo ./install.sh -i
Enter your password if prompted.
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
11
This script initiates the installation of the Remote Network Connection™ components. The default
installation directory is as follows: $(pwd)/bin
The installation completes when the command prompt returns. You do not have to restart the computer
to complete the installation.
After the initial installation completes, you configure the Remote Network Connection™ server address
and Ticket ID.
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
12
Running Remote Network Connection™ as a Linux daemon
To run Remote Network Connection™ as a Linux daemon
Note: You must have superuser privileges to install the Remote Network Connection™ client on the Linux
computer. The procedure uses sudo to demonstrate this elevation of privilege. Linux has a case-sensitive
file system.
Create SystemD rncsvc.service file.
rncsvc.service
[Unit]
Description=Remote Network Connection Service
After=network.target
[Service]
ExecStart=/usr/bin/dotnet $(pwd)/bin/RNCService.dll
Restart=always
#Restart=on-failure
RestartSec=10 # Restart service after 10 seconds if dotnet service crashes
SyslogIdentifier=remotenetworkconnection
[Install]
WantedBy=multi-user.target
Configure SystemD
Copy service file to a System location.
bash
sudo cp rncsvc.service /lib/systemd/system
Reload SystemD and enable the service, so it will restart on reboots.
bash
sudo systemctl daemon-reload
sudo systemctl enable rncsvc
Start the service.
bash
sudo systemctl start rncsvc
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
13
Start the service and verify that it's running.
bash
systemctl status rncsvc
Tail the service log.
Remote Network Connection application’s output can be examined with journalctl.
bash
journalctl --unit rncsvc --follow
Stopping and restarting the service
Stop the service.
bash
sudo systemctl stop rncsvc
systemctl status rncsvc
Restart the service.
bash
sudo systemctl start rncsvc
systemctl status rncsvc
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
14
Cleaning up
Ensure service is stopped.
bash
sudo systemctl stop rncsvc
Disable.
bash
sudo systemctl disable rncsvc
Remove and reload SystemD.
bash
sudo rm rncsvc.service /lib/systemd/system/rncsvc.service
sudo systemctl daemon-reload
Verify SystemD.
bash
systemctl --type service |& grep rncsvc
Viewing logs
A centralized journal includes all entries for all services and processes managed by systemd. To view the
rncsvc.service specific items, use the following command:
bash
sudo journalctl -fu rncsvc.service
For further filtering, time options such as --since today, --until 1 hour ago or a combination of these can
reduce the amount of entries returned.
bash
sudo journalctl -fu rncsvc.service --since "2018-10-13" --until "2018-10-13 04:00"
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
15
Running multiple Remote Network Connection™ as a Linux daemon
To run multiple Remote Network Connection™ as a Linux daemon
Note: You must have superuser privileges to install the Remote Network Connection™ client on the Linux
computer. The procedure uses sudo to demonstrate this elevation of privilege. Linux has a case-sensitive
file system.
Make a copy of the previously installed Remote Network Connection™ application into a different
directory – eg. bin2.
Create SystemD rncsvc2.service file, and step-by-step to make the previous settings but now with the
new directory and the new daemon configuration file.
Modify appsettings.json and add AdapterIndex parameter
appsettings.json
{
…
"AdapterIndex" : "1"
}
Start the service.
bash
sudo systemctl start rncsvc2
Add routing tables and rules binding source IP address for each route, and add those as default gateway
for each network interface.
Add new routing tables in /etc/iproute2/rt_tables
# cat /etc/iproute2/rt_tables
100 t1
101 t2
Add routes to those routing tables
bash
# ip route add 10.238.0.0/16 dev rnc0 src 10.238.197.6 table t1
# ip route add table t1 default via 10.238.197.254 dev rnc0
# ip route show table t1
default via 10.238.197.254 dev rnc0
10.238.0.0/16 dev rnc0 scope link src 10.238.197.6
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
16
Add routes to those routing tables
bash
# ip route add 10.238.0.0/16 dev rnc1 src 10.238.197.7 table t2
# ip route add table t2 default via 10.238.197.254 dev rnc1
# ip route show table t2
default via 10.238.197.254 dev rnc1
10.238.0.0/16 dev rnc1 scope link src 10.238.197.7
Add rules to apply traffic to the routing tables
bash
# ip rule add table t1 from 10.238.197.6
# ip rule add table t2 from 10.238.197.7
# ip route show
10.238.0.0/16 dev rnc0 scope link
Set interfaces ready for receiving ARP replies
bash
# sysctl net.ipv4.conf.default.arp_filter=1
To make this routes persistent following configuration files have to be changed
For receiving ARP replies:
bash
# grep arp_filter /etc/sysctl.conf
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.default.arp_filter = 1
For sending ARP:
bash
# grep arp_announce /etc/sysctl.conf
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_announce = 2
Checking ping with -I IPADDR
bash
# ping -I 10.238.197.6 DSTADDR
# ping -I 10.238.197.7 DSTADDR
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
17
Product updates
Product updates are improvements to the installed client software. These updates are usually created
to extend the operating system or hardware compatibility, adjust performance issues, or fix product
errors. Product updates are released on an as-needed basis. Clients can receive product updates directly
from a Remote Network Connection™ LiveUpdate server.
Prerequisites for .NET Core on Linux
Linux distribution dependencies
Ubuntu
Ubuntu distributions require the following libraries installed:
libunwind8, liblttng-ust0, libcurl3, libssl1.0.0, libuuid1, libkrb5, zlib1g, libicu52 (for 14.X), libicu55 (for
16.X), libicu57 (for 17.X)
CentOS
CentOS distributions require the following libraries installed:
libunwind, lttng-ust, libcurl, openssl-libs, libuuid, krb5-libs, libicu, zlib
More information: https://docs.microsoft.com/en-us/dotnet/core/linux-prerequisites
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
18
Interconnection with other networks
There are several ways to extend the virtual network segment created by the Remote Network
Connection™ VPN solution, depending on the usage needs and the requirements of the applications to
be used:
IP Routing,
Port Forwarding can all be used.
The Remote Network Connection™ VPN solution can be extended using other, classic, standard network
solutions - e.g. L2TP/IPSec server connections.
To select the best way to connect to the other networks, you may need to investigate the usage
patterns, and you may need to analyze the operation and the traffic patterns of the applications to be
used.
The Remote Network Connection™ VPN solution can be used to build point-to-point, point-to-site, and
even site-to-site connections.
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
19
Remote Network Connection™ by default enables split tunneling
When you configure a Remote Network Connection™ VPN solution, the default setting is to enable split
tunneling. What split tunneling refers to is the fact that only connections to the private network are sent
over the Remote Network Connection™ VPN tunnels. If the user wants to connect to resources on the
Internet, the connection is made over the local link - that is to say, the connection is sent directly to the
Internet based on the IP addressing configuration on the Remote Network Connection™ client
computer's NIC.
Remote Network Connection™ by default use 10.238.0.0/16 IPv4 addresses as VPN address as a unique
IP address to each Remote Network Connection™ Adapter in the range of 10.238.0.0/16 subnet.
What is split tunneling?
Split tunneling is a computer networking concept which allows the user to access dissimilar security
domains like a public network (e.g., the Internet) and a local LAN or WAN at the same time, using the
same or different network connections. This connection state is usually facilitated through the
simultaneous use of a Local Area Network (LAN) Network Interface Card (NIC), Wireless Local Area
Network (WLAN) NIC, and Remote Network Connection™ VPN client software application without the
benefit of access control.
The advantage of split tunneling is that users have a much better computing experience, especially when
accessing Internet based resources. In addition, users on the private network are likely to have a better
computing experience when accessing resources on the Internet, since the Remote Network
Connection™ client traffic isn't consuming corporate Internet bandwidth to connect to Internet
resources - it alleviates bottlenecks and conserves bandwidth. The combined advantages of improved
Remote Network Connection™ client and private network client Internet computing experience makes
it worthwhile to make split tunneling the default configuration for Remote Network Connection™ VPN
communications.
Another advantage is in the case where a user works at a supplier or partner site and needs access to
network resources on both networks throughout the day. Split tunneling prevents the user from having
to continually connect and disconnect.
Remote Network Connection™ Installation and Administration Guide for Linux
and macOS
20
Identity authentication with Remote Network Connection™
Remote Network Connection™ server can be configured to require endpoint SSL authentication
certificates when establishing the SSL/TLS communications channel. Remote Network Connection™ VPN
application supports USB tokens as a mean to increase identity authentication, to enforce security policy
while keeping it simple for users and IT managers.
Remote Network Connection™ VPN application is natively interoperable with a large range of tokens
and smart cards because it supports smart cards interface to the Microsoft Smart Card Base
Cryptographic Service Provider (CSP). Remote Network Connection™ VPN application always accesses
the Windows Certificate Store in CSP mode.
Remote Network Connection™ VPN application recognizes the smart cards or USB tokens from leading
manufacturers (Gemalto, Oberthur, Aladdin, SafeNet, Yibico, Feitian, etc.). The list below shows the
qualified or supported tokens with Remote Network Connection™ VPN application:
SafeNet/Aladdin - eToken PRO 64k
Yubico - Yubikey Neo
Omnikey - Omnikey Cardman 3121, Omnikey CM 6121
Gemalto - Gemalto IDBridge K30 USB Token
Remote Network Connection™ VPN application can be configured to check the certification chain of the
certificate received from the Remote Network Connection™ server. This feature requires importing the
root certificate and all the certificates of the certification chain in the Windows Certificate Store.
Remote Network Connection™ VPN application will also use the CRL (Certification Revocation List) of
each intermediate certification authority. This CRL must be accessible, either in the Windows Certificate
Store or downloadable. If not, the Remote Network Connection™ VPN application won't be able to check
the validity of the certificate.
Remote Network Connection™ VPN application checks the following elements of the certification chain:
the expiration date of the certificate
validity beginning date of the certificate
signature of each certificate in the certification chain (included the root certificate, the
intermediate certificates, and the server certificate)
the update of each CRL
* Unique installation of Remote Network Connection™ VPN solution allows integrating Identity
authentication into Remote Network Connection™ application's sign-in processes and providing secure
TLS communication channel.
