VPN, Citrix, Ping & SSL with 2.1.6

[ahopkin]

Just a couple of questions:-

1. What's the latest status with your testing on VPN. Please confirm if there are any known issues with VPN & FirstSpot.

2. Has anyone tested accessing a Citrix Metraframe server through FirstSpot - this is something our customers often do from their laptops to access their corporate networks when they in our office. Just like to know in advance before I roll out FirstSpot.

3. Is there a way to stop pings from passing from the private network to the public network until after the user has authenticated with FirstSpot. I noticed that there is a setting in the config.ini ("Block_ICMP=OFF") but doesn't appear to make a difference if I set it to ON.

4. With the new SSL feature is there a way to stop the security alert popping up. The browser alert box currently displays because the certificate was issued by a company you have not chosen to trust. This message could be confusing for some of our customers. Maybe I'm asking for the impossible here!

Thanks

Andy

[kevin]

Hello Andy,

1. Many customers will find FirstSpot works perfectly without any adjustment. Under certain circumstances, there're some tunings that can help FirstSpot works more happily with VPN. We can send you those details if you're interested. We'll incorporate such settings into version 3.0.

2. We have customers using Metaframe without problems. Please be reminded that using a web browser to login is required before using the ICA client.

3. Setting Block_ICMP=on (in small letters) should make FirstSpot block the ping packets before a successful authentication. Please restart FirstSpot after changing the parameter.

4. We haven't included a SSL cert from a trusted agent because administrators can always change the private ip (from the 10.20.7.1 to anything else); while a trusted SSL cert always assumes a static one (while bindding to an ip address).

However, you can purchase your own from the net if you really want to eliminate that warning. Frankly, that's a common challenge to those solutions where the SSL protection is on the private-side. We see more and more end-users are getting used to that warning though.

One more point to note is, not all trusted agents issue SSL certs to private ip (e.g. 10.x.x.x). You can do a search on Google using keywords like "intranet private SSL" to explore further.

~ Patronsoft Limited ~

[huppertz]

After evaluating we now operate one prototype hotspot with FirstSpot software 2.1.6 .
VPN is fine either with transparent tunneling over UDP or over TCP port 10000. No problems so far. We use the Cisco VPN Client and Cisco PIX or Cisco VPN Concentrator 3015 as VPN endpoints.
Citrix access also is no problem using the Citrix web Client version 7.
_________________
Joe

[alber009]

We are using Firstspot V2.1 in our hotel. The Firstspot system is working fine, but I have a question about VPN.

When I connect my laptop straight to our ADSL modem, I can use the Cisco VPN client with transparent tunneling over UDP. When the Firstpot machine is in between I can only use VPN over TCP port 10000.

I understand from this topic that there is information available on this subject? I would be happy to receive it.

Thanks and regards, Edo

[kevin]

Please refer to this thread:

http://patronsoft.com/forum/viewtopic.php?p=3112#3112
_________________
~ Patronsoft Limited ~