Citrix

New - View All Access Gateway Customer Trials

Netscaler Gateway downloads - Mon, 06/01/2020 - 04:00
New downloads are available for NetScaler Gateway
Categories: Citrix, Commercial, Downloads

All About the Windows Insider Program

Theresa Miller - Tue, 02/19/2019 - 06:30

Are you a Windows user who loves to tinker? Do you want to have all of the latest and greatest Windows features delivered directly to your desktop before everyone else? If you answered yes to these questions, the Windows Insider Program is for you! What is the Windows Insider Program? The Windows Insider Program is […]

The post All About the Windows Insider Program appeared first on 24x7ITConnection.

How to Configure SoftEther, a Free VPN Server for macOS & Windows

Helge Klein - Mon, 02/18/2019 - 18:14
Contents

This post describes a real-world configuration of the free VPN server SoftEther. It shows how to set up a VPN for macOS and Windows clients on a Hyper-V Windows guest VM.

Our Setup and Requirements

Our situation was as follows:

  • Multiple Hyper-V hosts with VMs on an internal network.
  • One VM is the VPN gateway. It is configured with two NICs. One is connected to the internal network, the other to the internet.
  • The VPN should provide remote access via SSTP for Windows and L2TP for macOS clients.
  • It should be possible to connect to the VPN with the clients that come with each operating system. Installing additional client software should not be necessary.
  • The VPN should be bridged to the local network so that VPN clients get IP addresses from the internal network’s DHCP server.
  • Authentication should be performed against a RADIUS server (we use Duo Authentication Proxy).

HTTPS Certificate

SSTP is based on HTTPS. The good thing about that is that most firewalls and hotel networks should let it through. The bad thing is that we need to deal with certificates. I used a TLS certificate from our internal Active Directory root CA.

Caveat: Unreachable CRL

We are using an internal certificate authority that is not accessible from the internet. As a consequence, the CA’s certificate revocation list (CRL) is not accessible from the internet either.

The Windows SSTP client refuses to connect when it cannot contact the CRL specified in a server certificate. There are two ways around that:

  1. Set the following registry values on your VPN clients: HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters\NoCertRevocationCheck=1 [REG_DWORD]
  2. On the CA, configure a certificate template to not include revocation information in issued certificates.
Requesting the Certificate

Run the following openssl commands on any Windows or Linux machine that has OpenSSL installed. OpenSSL is part of any Splunk installation, for example (even on Windows).

Create a private key:

openssl genrsa -des3 -out c:\temp\vpn\vpn.key 4096

Create a certificate request with the private key:

openssl req -new -key c:\temp\vpn\vpn.key -out c:\temp\vpn\vpn.csr
  • Submit the CSR to your CA
  • Important: if you want to incorporate multiple server namens in the certificate, specify them in the additional attributes field as follows: san:dns=server1.domain.com&dns=server2.domain.com.com
  • You get a P7B file, but SoftEther expects a CER. To convert, double-click the P7B file to open it in the certificates MMC. Locate your certificate, right-click and select All Tasks – Export. Choose the format “Base-64 encoded X.509 (CER)”.
Importing the Certificate in SoftEther
  • Open SoftEther VPN Server Manager
  • Click “Encryption and Network Settings”
  • Click “Import” and specify the location of the CER file
  • Specify the location of the certificate’s KEY file
  • Enter the key’s passphrase
  • While you are in that dialog:
    • Disable “Use Keep Alive Internet Connection”
    • Switch the encryption algorithm name to ECDHE-RSA-AES256-GCM-SHA384
  • Copy your CA’s root certificate to the directory C:\Program Files\SoftEther VPN Server\chain_certs
Gateway VM Configuration

On the Hyper-V host, go to the gateway VM settings and click “Enable MAC address spoofing” in the “Advanced Features” of the VM’s internal NIC.

SoftEther Configuration Virtual Hub Creating a Virtual Hub
  • Open SoftEther VPN Server Manager
  • Create a virtual hub
User and RADIUS Config
  • Open SoftEther VPN Server Manager
  • Click “Manage Virtual Hub”
  • Click “Manage Users”
  • We are managing users in RADIUS, but we need a wildcard entry here to not block everybody
  • Add a single user with “User Name” set to an asterisk (*) and “Auth Type” set to “RADIUS Authentication”
  • Go back to the “Management of Virtual Hub” dialog
  • Click “Authentication Server Setting”
  • Enable “Use RADIUS Authentication” and provide the necessary information
  • Go back to the main page of SoftEther VPN Server Manager and make sure the virtual hub is online
Blocking Internet Access

In a split tunnel configuration you want your VPN clients to connect directly to the internet, not via the VPN. Split tunneling is a client configuration (see below), but you may want to enforce it by blocking all internet connections originating from VPN clients:

  • Open SoftEther VPN Server Manager
  • Click “Manage Virtual Hub”
  • Click “Manage Access Lists”
  • Add the following rules:
    • Pass, Priority=10, Memo=Enable LAN access, Contents=(ipv4) DstIPv4=10.1.0.0/16
    • Pass, Priority=11, Memo=Enable LAN access (reverse), Contents=(ipv4) SrcIPv4=10.1.0.0/16, DstIPv4=10.1.0.0/16
    • Pass, Priority=12, Memo=Allow DHCP requests, Contents=(ipv4) SrcIPv4=0.0.0.0/32, DstIPv4=255.255.255.255/32, Protocol=UDP, DstPort=67-68
    • Pass, Priority=13, Memo=Allow DHCP responses, Contents=(ipv4) SrcIPv4=10.1.0.0/16, DstIPv4=255.255.255.255/32, Protocol=UDP, SrcPort=67-68
    • Discard, Priority=1000, Memo=Block everything (else), Contents=(ether) \*
Network Bridge
  • Open SoftEther VPN Server Manager
  • Click “Local Bridge Setting”
  • Select your virtual hub
  • Select the LAN adatapter connected to your internal network
  • Click “Create Local Bridge”
  • Exit all dialogs and reboot the SoftEther VM
Protocols and Ports L2TP
  • Open SoftEther VPN Server Manager
  • Click “IPsec / L2TP Setting”
  • Check “Enable L2TP Server Function (L2TP over IPsec)”
  • Uncheck all other options
  • Specify an IPsec pre-shared key (PSK)
SSTP
  • Open SoftEther VPN Server Manager
  • Click “OpenVPN / MS-SSTP Setting”
  • Check “Enable MS-SSTP VPN Clone Server Function”
  • Uncheck the OpenVPN checkbox (unless you want to use it, of course)
Ports
  • Open SoftEther VPN Server Manager
  • In the listener list, delete ports 992 (function unknown), 1194 (OpenVPN), and 5555 (SoftEther remote management)

Note: when you connect to SoftEther Server Manager next make sure so specify 443 (the only remaining one) instead of 5555

Firewall

In your firewall, create rules to enable the following ports:

  • SSTP: TCP 443
  • L2TP over IPSec: UDP 500 and 4500

In the Windows firewall disable or delete the following rules added by SoftEther:

  • SoftEther VPN Server
  • SoftEther VPN Server Manager
  • SoftEther VPN Command-Line Admin Tool
Miscellaneous

Disable DDNS registration of your VPN. In unnecessarily “calls home”.

  • Stop the SoftEther VPN Server service and edit the configuration file “vpn_server.config”
  • In the DDnsClient section, set Disabled to true
  • In the ServerConfiguration section, set DisableNatTraversal to true
  • Start the SoftEther VPN Server service
Client Settings Split Tunneling

Split tunneling refers to a configuration where only those packets are sent from a client to the VPN, that are destined for the VPN’s subnet. Everything else (including internet connections) go through the client’s regular default gateway.

On Windows VPN clients:

Resources

The post How to Configure SoftEther, a Free VPN Server for macOS & Windows appeared first on Helge Klein.

UK Citrix User Group Spring 2019 meeting

Citrix UK User Group - Mon, 02/18/2019 - 17:54

Our 27th meeting will be held in Manchester in March

Read more »

The post UK Citrix User Group Spring 2019 meeting appeared first on UK Citrix User Group.

Don’t Miss HIMSS 2019!

Theresa Miller - Tue, 02/12/2019 - 06:30

This week is HIMSS 2019, and if you are in the healthcare field or a related field, be sure to pay special attention to coverage of this year’s conference. What is HIMSS 2019? HIMSS is the Healthcare Information and Management Systems Society, who has a conference annually.  Interestingly, HIMSS the organization is a non for […]

The post Don’t Miss HIMSS 2019! appeared first on 24x7ITConnection.

Hardware-Encode Video in H.265 with Free Tools to Save Disk Space

Helge Klein - Mon, 02/11/2019 - 20:37
Contents

Many web meeting services have a recording functionality. Most recordings are provided as MP4 files with the video encoded in H.264 because that offers the most universal compatibility. However, it also needs a lot of disk space. H.264 has a successor, H.265, which only requires half the space for the same visual quality. This post shows how to use StaxRip, a free tool, to re-encode H.264 video into H.265 quickly by making use of GPU hardware encoding.

Preparation
  • Download and extract StaxRip. I used the current stable version 1.7 x64
  • Start StaxRip
  • When opening the first video file, StaxRip may ask you to install AviSynth. Do so by clicking Install AviSynth+.
Configuring the Conversion Settings
  • Click x264 and choose one of the following depending on your GPU vendor: NVIDIA H.265, Intel H.265 or AMD H.265
  • Click MKV and select MP4 (mp4box) instead
  • Click the Opus entry next to the first audio stream field and select copy/mux
  • Click the Opus entry next to the first audio stream field and select no audio

The result should look like this:

Performing the Conversion
  • Right-click Source > Open > File Batch and select the files you want to convert
  • Click Next to start the conversion
  • The output files are placed in the same directory as the input files with the extension _new
Conversion Performance

The Nvidia GTX 1060 GPU in my desktop PC encoded H.265 at the impressive rate of approximately 420 frames per second (full HD, 1920×1080).

The Intel HD Graphics 620 (Core i7-7500U) in my laptop only reached about 113 frames per second for the same content. Still impressive, but a lot less fast.

An interesting difference between the two GPUs: while the Nvidia encode used the GPU’s dedicated video encoding engine, the Intel encode used the GPU’s generic 3D engine.

Another noteworthy difference: the file generated by the Intel encode was 38% smaller than the file generated by the Nvidia encode.

Space Savings

The original videos of a four-day training recorded with Skype had a size of 7.6 GB. Converted to H.265 the size was reduced to 2.4 GB, which amounts to 68% savings!

GPU Performance Monitoring

If you are interested in monitoring your GPU’s performance and find out how its various engines are used, take a look at our uberAgent product. During the Nvidia encoding, for example, the GPU’s video encoding engine was nearly at 100% load and its generic compute engine at approximately 20%:

The post Hardware-Encode Video in H.265 with Free Tools to Save Disk Space appeared first on Helge Klein.

The ultimate Citrix Synergy survival guide – 2019 Atlanta edition

From the Architect - Neil Spellings' blog - Sat, 02/09/2019 - 16:40

I’ve published this Ultimate Synergy Survival guide now for seven years running and it’s always popular with both regulars and newbies. Now updated with 2019 links,  content and Atlanta-specific information. It’s a living document, so will be subject to updates as we get nearer the conference. Hope you find it useful (and if you end […]

The post The ultimate Citrix Synergy survival guide – 2019 Atlanta edition appeared first on From the Architect.

Categories: , Citrix, Virtualisation

Ensuring Quality Outcomes by Reducing EHR system Downtime

Theresa Miller - Thu, 02/07/2019 - 06:30

EHR implementations are typically a huge undertaking for the healthcare organizations.  In some cases, deployments can take more than a year, and the cost implication is millions of dollars.  No small task of any kind, but when it comes down to monitoring sometimes only standard monitoring tools are deployed to reduce cost.  Today we will […]

The post Ensuring Quality Outcomes by Reducing EHR system Downtime appeared first on 24x7ITConnection.

New - XenApp 7.6 LTSR Cumulative Update 7 – All Editions

XenApp downloads - Wed, 02/06/2019 - 18:30
New downloads are available for XenApp
Categories: Citrix, Commercial, Downloads

New - Components for NetScaler Gateway 11.1

Netscaler Gateway downloads - Mon, 02/04/2019 - 22:00
New downloads are available for Citrix Gateway
Categories: Citrix, Commercial, Downloads

New - NetScaler Gateway (Maintenance Phase) Plug-ins and Clients for Build 11.1-61.7

Netscaler Gateway downloads - Mon, 02/04/2019 - 22:00
New downloads are available for Citrix Gateway
Categories: Citrix, Commercial, Downloads

New - NetScaler Gateway (Feature Phase) 11.1 Build 61.7

Netscaler Gateway downloads - Mon, 02/04/2019 - 22:00
New downloads are available for Citrix Gateway
Categories: Citrix, Commercial, Downloads

New - XenApp 7.6 LTSR Cumulative Update 7 – Platinum Edition

XenApp downloads - Mon, 02/04/2019 - 18:30
New downloads are available for XenApp
Categories: Citrix, Commercial, Downloads

New - Archived downloads - XenApp 7.6 Long Term Service Release (LTSR)

XenApp downloads - Mon, 02/04/2019 - 18:30
New downloads are available for XenApp
Categories: Citrix, Commercial, Downloads

New - XenApp 7.6 LTSR Cumulative Update 7 – All Editions

XenApp downloads - Mon, 02/04/2019 - 18:30
New downloads are available for XenApp
Categories: Citrix, Commercial, Downloads

New - XenApp 7.6 LTSR Cumulative Update 7

XenApp downloads - Mon, 02/04/2019 - 18:30
New downloads are available for XenApp
Categories: Citrix, Commercial, Downloads

New - XenApp 7.6 LTSR Cumulative Update 7 – Enterprise Edition

XenApp downloads - Mon, 02/04/2019 - 18:30
New downloads are available for XenApp
Categories: Citrix, Commercial, Downloads

Free and Powerful Equalizer for Windows 10

Helge Klein - Tue, 01/29/2019 - 07:23

Windows 10 does not come with an equalizer. That can be annoying when you have headphones that are too heavy on the bass, like the Sony WH-1000XM3. Enter the free Equalizer APO with Peace, its UI.

What You Get

Peter’s Equalizer API Configuration Extension (Peace) is pretty easy to use while offering powerful features:

  • Slider changes have an immediate effect
  • Settings can be applied to invididual devices only
  • Great flexibility
  • Saved configurations
  • Easy backup and restore of configurations
  • Can be started at logon so that configured settings are always applied

The UI looks like this (showing my adjustments for the Sony WH-1000XM3):

Installation

Installation is straightforward. Just make sure to install in the following order

  1. Engine: Equalizer APO
  2. UI: Peace Equalizer

Enjoy!

The post Free and Powerful Equalizer for Windows 10 appeared first on Helge Klein.

New - NetScaler Gateway (Maintenance Phase) 11.0 Build 72.16/72.17

Netscaler Gateway downloads - Wed, 01/23/2019 - 22:00
New downloads are available for Citrix Gateway
Categories: Citrix, Commercial, Downloads

New - NetScaler Gateway 10.5 Build 69.3/69.5

Netscaler Gateway downloads - Wed, 01/23/2019 - 22:00
New downloads are available for Citrix Gateway
Categories: Citrix, Commercial, Downloads

Pages

Subscribe to Spellings.net aggregator - Citrix