Viewing shared folders on a MAC or Linux from a Microsoft Server via SSLVPN
(6 votes, average: 5.00 out of 5)
Loading ...As you may or may not be aware of, the StoneGate SSLVPN supports multiple operations systems that allow a lot of flexibility for configuring resources. The supported operation systems and browsers are listed below. This information is taken right from the release notes of the SSLVPN 1.3.2.
Now in order to accomplish this, we need to use static tunnels using loopback addresses on NON-windows machines. Why? It is due to the way the TCP stack is handled by the access client on windows machines versus non windows machines.
So, let’s break this setup down into 3 main sections. The Tunnel Resource, the Tunnel Set, and the client machine.
The Tunnel Resource ( From the SSLVPN to the server) is configured exactly like it would be if you were using windows machines with dynamic tunnels. As a matter of fact, if you already have the windows share setup, you can use the same tunnel resource, assuming the permissions are valid. But that’s for a subject not covered in this topic.
So, let’s create that tunnel resource now. From the admin portal, click on Manage Resources Access -> Tunnel Resources -> Add Tunnel Resources Host.
Let’s add the tunnel resource for 10.10.10.10, but don’t check any SSO options at this time.
On this screen, we are going to leave it as the default values
Here we will simply click on Finish to exit the wizard.
Now that we have finished the tunnel resource, let’s move onto the Tunnel Set (From the client to the SSLVPN appliance). From the admin portal, click on Manage Resource Access -> Tunnel Set -> Add Tunnel Set
Let’s add the Tunnel Set so that it is shown in the portal.
On this screen we will click on Add Static Tunnel to the Set.
To add the static tunnels for the 4 ports needed, we will repeat the procedure below for each individual port.
Select the Resource (The tunnel resource you created earlier) and use the real Resource Port that the server is listening on. Pick which protocol is needed and enter the loopback address the client will actually use to connect to. In this case, it would be 127.0.0.4. Then use a high port for the associated resource port. Keep in mind that when I configured this, I was using a Mac and I needed to use a loopback address other then the default 127.0.0.1 and the standard ports.
When you have finished adding all 4 ports, your screen will look like this.
Now, we are onto the startup command. You have the option of leaving this blank if you wish and let your users start it themselves. Or you can define the command that will work for the OS you are setting up the Tunnel Set for. Again, I was using a Mac, so I entered “Open -a Finder smb://127.0.0.4:10445/share” as my command. This prevents the users from having to know what to type and what the loopback address is that is being used for this resource.
After you have entered the startup command, simply click next and finish to exit the wizard. Once you have finished with the wizard, you can click on Publish and move on to configuration the client, which I will be explaining for a Mac since that is the most requested I have seen.
So, onto the Client Machine (Mac OS X 10.6 in this example). Here we need to configure the Mac to connect to our loopback address of 127.0.0.4 on port 10445. Since the access client will load and have the address 127.0.0.4, we need to add this address to the loopback address as an alias. So, here is how you can do this.
1) Click on Finder -> Applications
2) Scroll to the Utilities and click to open it.
3) Scroll to Terminal and click to open it.
4) From the terminal window, we are going to have you create the alias address of 127.0.0.4. Copy and paste the command below into your terminal window and enter your password when prompted.
sudo ifconfig lo0 alias 127.0.0.4
Now we are all set. You have configured all three sections that are needed to access your share. However, that is one last thing you should be aware of when connecting to your share. It is in regards to your username. Since most of the time, your Mac is not part of the domain, so you will need to enter your username as DOMAIN\username. If your share happens to be a stand alone server, then instead of DOMAIN, you would enter the computer name that is hosting that share.
Don’t forget to post your solutions / comments on StoneBlog. Together, we can make this a great resource for all StoneGate users. 
2 Responses to “Viewing shared folders on a MAC or Linux from a Microsoft Server via SSLVPN”
Leave a Reply
You must be logged in to post a comment.
September 6th, 2010 at 3:28 pm
Actually, there is a easier way to achieve this. When you are adding the static tunnels for the 4 ports needed, just use the usual 127.0.0.1 localhost IP address instead of 127.0.0.4 in the example.
Then in the “Advanced Settings” in the configured tunnel set, check the “Java Applet” radio and “Run VPN client in Java” checkbox in the “Access Client loader” section. Save and publish.
This will enable the Access Client Applet to be launch, and it will listen to the configured port at the 127.0.0.1 locahost IP address; without need of admin right.
N.B.: This seems to be only supported on Safari browser on Mac OS X. Note also that the tab from where the applet was loaded needs to be selected while you’re using the resource (This is because Safari calls the stop() method when switching to another tab…)
Thanks,
Christophe
September 6th, 2010 at 5:48 pm
In fact the above settings is not applicable for File Sharing, but it works for RDP. In the case of the file sharing, finder doesn’t want to connect to the 127.0.0.1 since we are already connected in to this file system….
Thanks,
Christophe.