You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Chris Stave <ch...@voxmedia.com> on 2017/11/16 18:31:03 UTC
Interesting combination of Guacamole and ZeroTier
I've been running a combination of Guacamole and ZeroTier and it has been
fantastic for remote access.
You already know Guacamole -- it's fantastic and you know you like it.
ZeroTier is a secure flat network SDN solution -- it puts devices on a
second private network no matter where they are -- on a phone, in another
office, at home -- wherever.
If you put ZeroTier on your Guacamole server, it will get an additional
address that is reachable from other ZeroTier clients.
Contractor needs remote access? Have them install zerotier and then they
can get to the Guacamole server and then out to everything.
The bonus is that you don't need to open anything up to the
wild-wild-internet world, it all stays believably-crytographically-safe on
the ZeroTier network.
(and it lets me SSH into network switches from my phone from anywhere,
which is fantastic)
I'm not associated with ZeroTier, but I'm happy to pass on the idea of this
great combination!
--
Chris Stave | Network Engineer
(973)545-1628
85 Broad St., 15th floor | New York, NY 10004
<http://www.eater.com/> <http://www.eater.com/> <http://www.eater.com/>
<http://www.eater.com/> <http://www.eater.com/> <http://www.racked.com/>
<http://www.racked.com/> <http://www.eater.com/> <http://recode.net/>
<http://www.vox.com/> <http://www.vox.com/> <http://www.voxmedia.com/>
<http://www.voxmedia.com/> <http://www.voxmedia.com/>
Vox Media is The Verge <http://www.theverge.com/>, Vox <http://www.vox.com/>,
SB Nation <http://www.sbnation.com/>,
Polygon <http://www.polygon.com/>, Eater <http://www.eater.com/>, Racked
<http://www.racked.com/>, Curbed <http://www.curbed.com/>, and Recode
<http://www.recode.net/>.
Vox Creative introduces The Explainer Studio. Read more from the Wall
Street Journal <http://on.wsj.com/2xDqBN5>.
Re: Interesting combination of Guacamole and ZeroTier
Posted by dan <da...@gmail.com>.
ZeroTier is an SDN, it tunnels out from the client and busts through
virtually any firewall and creates a peer to peer network. You could best
analogies this by saying it’s a Cisco DMVPN but for clients not routers.
This accomplished things no port forwarding or vpn client can without a
very high end and IT heavy approach.
That said, I don’t see why you’d try to integrate it with guacamole. Just
run ZeroTier on the client machine.
I do ZeroTier, tightvnc server, and put a guacamole server on that ZeroTier
network. Done. Also have ZeroTier on a Windows RDS server on that
network. No need to integrate them all together, they already work great
this way.
Also, the ZeroTier install is dead simple. There is no server, every
device is just a client and there are packages and installers for pretty
much anything so it’s very easy.
On Wed, Dec 20, 2017 at 12:37 AM Mike Jumper <mi...@guac-dev.org>
wrote:
> On Tue, Dec 19, 2017 at 4:13 PM, brian mullan <bm...@gmail.com>
> wrote:
>
>> I'm not sure what the advantages of integrating ZeroTier & Guacamole
>> might be?
>>
>> Speaking from a networking perspective (I am CCIE # 1143).. you can
>> already implement Guacamole with NGINX etc and a Certificate from the likes
>> of LetsEncrypt to have HTTPS encrypted connection to the Guacamole Server
>> and RDP is encrypted to the end-server whether that is Windows or XRDP on
>> Linux.
>>
>> ZeroTier would give you a Layer 2 or Layer 3 VPN capability but what
>> exactly would you need that for in regards to remote desktop capability
>> unless it was for other personal or enterprise purposes besides the remote
>> desktop use?
>>
>> Just curious.
>>
>
> I would also like clarification on these points. I'm trying to give this
> thread the benefit of the doubt, but it has an uncomfortably spammy feel,
> and I don't currently see the relevance to Guacamole.
>
> I'll be happy to stand corrected if anyone can describe why such a thing
> would be an improvement over straight Guacamole, but until then I rather
> feel like I'm being marketed at. The justification that it provides
> additional security seems strained given that (1) you can achieve the same
> with a reverse proxy and (2) requiring a VPN client to use Guacamole would
> neuter the ability to connect with a browser alone.
>
> - Mike
>
>
Re: Interesting combination of Guacamole and ZeroTier
Posted by Mike Jumper <mi...@guac-dev.org>.
On Tue, Dec 19, 2017 at 4:13 PM, brian mullan <bm...@gmail.com>
wrote:
> I'm not sure what the advantages of integrating ZeroTier & Guacamole might
> be?
>
> Speaking from a networking perspective (I am CCIE # 1143).. you can
> already implement Guacamole with NGINX etc and a Certificate from the likes
> of LetsEncrypt to have HTTPS encrypted connection to the Guacamole Server
> and RDP is encrypted to the end-server whether that is Windows or XRDP on
> Linux.
>
> ZeroTier would give you a Layer 2 or Layer 3 VPN capability but what
> exactly would you need that for in regards to remote desktop capability
> unless it was for other personal or enterprise purposes besides the remote
> desktop use?
>
> Just curious.
>
I would also like clarification on these points. I'm trying to give this
thread the benefit of the doubt, but it has an uncomfortably spammy feel,
and I don't currently see the relevance to Guacamole.
I'll be happy to stand corrected if anyone can describe why such a thing
would be an improvement over straight Guacamole, but until then I rather
feel like I'm being marketed at. The justification that it provides
additional security seems strained given that (1) you can achieve the same
with a reverse proxy and (2) requiring a VPN client to use Guacamole would
neuter the ability to connect with a browser alone.
- Mike
Re: Interesting combination of Guacamole and ZeroTier
Posted by brian mullan <bm...@gmail.com>.
I'm not sure what the advantages of integrating ZeroTier & Guacamole might
be?
Speaking from a networking perspective (I am CCIE # 1143).. you can
already implement Guacamole with NGINX etc and a Certificate from the likes
of LetsEncrypt to have HTTPS encrypted connection to the Guacamole Server
and RDP is encrypted to the end-server whether that is Windows or XRDP on
Linux.
ZeroTier would give you a Layer 2 or Layer 3 VPN capability but what
exactly would you need that for in regards to remote desktop capability
unless it was for other personal or enterprise purposes besides the remote
desktop use?
Just curious.
Brian
On Tue, Dec 19, 2017 at 5:16 PM, dan <da...@gmail.com> wrote:
> I don't know that it's good to try to integrate directly. Better to write
> a separate ui to configure both via APIs....
>
> On Tue, Dec 19, 2017 at 3:15 PM, Der PCFreak <ma...@pcfreak.de>
> wrote:
>
>> That would be a great combo and imho easy to implement. I could imagine
>> to see a zerotier configuration dialog inside guacamole (for easy setup)
>> and a more advanced setup via config files maybe even a zerotier-controller
>> is possible (since it is included in ZeroTier >1.2x afaik). This DIY
>> controller can only be configured via JSON API but then a guacamole server
>> could become a full featured zerotier controller without the need of
>> opening ports in firewalls and you have the additional security of only
>> users within your personal ZeroTier network can reach your guacamole server.
>>
>> Maybe a developer could pick up that idea?
>>
>>
>> Cheers Peter
>>
>> Am 16.11.2017 um 19:31 schrieb Chris Stave:
>>
>> I've been running a combination of Guacamole and ZeroTier and it has been
>> fantastic for remote access.
>>
>> You already know Guacamole -- it's fantastic and you know you like it.
>>
>> ZeroTier is a secure flat network SDN solution -- it puts devices on a
>> second private network no matter where they are -- on a phone, in another
>> office, at home -- wherever.
>>
>> If you put ZeroTier on your Guacamole server, it will get an additional
>> address that is reachable from other ZeroTier clients.
>>
>> Contractor needs remote access? Have them install zerotier and then they
>> can get to the Guacamole server and then out to everything.
>>
>> The bonus is that you don't need to open anything up to the
>> wild-wild-internet world, it all stays believably-crytographically-safe
>> on the ZeroTier network.
>>
>> (and it lets me SSH into network switches from my phone from anywhere,
>> which is fantastic)
>>
>> I'm not associated with ZeroTier, but I'm happy to pass on the idea of
>> this great combination!
>>
>> --
>> Chris Stave | Network Engineer
>> (973)545-1628 <(973)%20545-1628>
>> 85 Broad St., 15th floor | New York, NY 10004
>> <https://maps.google.com/?q=85+Broad+St.,+15th+floor+%7C+New+York,+NY+10004&entry=gmail&source=g>
>> <http://www.voxmedia.com/>
>> Vox Media is The Verge <http://www.theverge.com/>, Vox
>> <http://www.vox.com/>, SB Nation <http://www.sbnation.com/>,
>> Polygon <http://www.polygon.com/>, Eater <http://www.eater.com/>, Racked
>> <http://www.racked.com/>, Curbed <http://www.curbed.com/>, and Recode
>> <http://www.recode.net/>.
>>
>>
>> Vox Creative introduces The Explainer Studio. Read more from the Wall
>> Street Journal <http://on.wsj.com/2xDqBN5>.
>>
>>
>>
>
Re: Interesting combination of Guacamole and ZeroTier
Posted by dan <da...@gmail.com>.
I don't know that it's good to try to integrate directly. Better to write
a separate ui to configure both via APIs....
On Tue, Dec 19, 2017 at 3:15 PM, Der PCFreak <ma...@pcfreak.de>
wrote:
> That would be a great combo and imho easy to implement. I could imagine to
> see a zerotier configuration dialog inside guacamole (for easy setup) and a
> more advanced setup via config files maybe even a zerotier-controller is
> possible (since it is included in ZeroTier >1.2x afaik). This DIY
> controller can only be configured via JSON API but then a guacamole server
> could become a full featured zerotier controller without the need of
> opening ports in firewalls and you have the additional security of only
> users within your personal ZeroTier network can reach your guacamole server.
>
> Maybe a developer could pick up that idea?
>
>
> Cheers Peter
>
> Am 16.11.2017 um 19:31 schrieb Chris Stave:
>
> I've been running a combination of Guacamole and ZeroTier and it has been
> fantastic for remote access.
>
> You already know Guacamole -- it's fantastic and you know you like it.
>
> ZeroTier is a secure flat network SDN solution -- it puts devices on a
> second private network no matter where they are -- on a phone, in another
> office, at home -- wherever.
>
> If you put ZeroTier on your Guacamole server, it will get an additional
> address that is reachable from other ZeroTier clients.
>
> Contractor needs remote access? Have them install zerotier and then they
> can get to the Guacamole server and then out to everything.
>
> The bonus is that you don't need to open anything up to the
> wild-wild-internet world, it all stays believably-crytographically-safe
> on the ZeroTier network.
>
> (and it lets me SSH into network switches from my phone from anywhere,
> which is fantastic)
>
> I'm not associated with ZeroTier, but I'm happy to pass on the idea of
> this great combination!
>
> --
> Chris Stave | Network Engineer
> (973)545-1628 <(973)%20545-1628>
> 85 Broad St., 15th floor | New York, NY 10004
> <https://maps.google.com/?q=85+Broad+St.,+15th+floor+%7C+New+York,+NY+10004&entry=gmail&source=g>
> <http://www.voxmedia.com/>
> Vox Media is The Verge <http://www.theverge.com/>, Vox
> <http://www.vox.com/>, SB Nation <http://www.sbnation.com/>,
> Polygon <http://www.polygon.com/>, Eater <http://www.eater.com/>, Racked
> <http://www.racked.com/>, Curbed <http://www.curbed.com/>, and Recode
> <http://www.recode.net/>.
>
>
> Vox Creative introduces The Explainer Studio. Read more from the Wall
> Street Journal <http://on.wsj.com/2xDqBN5>.
>
>
>
Re: Interesting combination of Guacamole and ZeroTier
Posted by Der PCFreak <ma...@pcfreak.de>.
That would be a great combo and imho easy to implement. I could imagine
to see a zerotier configuration dialog inside guacamole (for easy setup)
and a more advanced setup via config files maybe even a
zerotier-controller is possible (since it is included in ZeroTier >1.2x
afaik). This DIY controller can only be configured via JSON API but then
a guacamole server could become a full featured zerotier controller
without the need of opening ports in firewalls and you have the
additional security of only users within your personal ZeroTier network
can reach your guacamole server.
Maybe a developer could pick up that idea?
Cheers Peter
Am 16.11.2017 um 19:31 schrieb Chris Stave:
> I've been running a combination of Guacamole and ZeroTier and it has
> been fantastic for remote access.
>
> You already know Guacamole -- it's fantastic and you know you like it.
>
> ZeroTier is a secure flat network SDN solution -- it puts devices on a
> second private network no matter where they are -- on a phone, in
> another office, at home -- wherever.
>
> If you put ZeroTier on your Guacamole server, it will get an
> additional address that is reachable from other ZeroTier clients.
>
> Contractor needs remote access? Have them install zerotier and then
> they can get to the Guacamole server and then out to everything.
>
> The bonus is that you don't need to open anything up to the
> wild-wild-internet world, it all stays
> believably-crytographically-safe on the ZeroTier network.
>
> (and it lets me SSH into network switches from my phone from anywhere,
> which is fantastic)
>
> I'm not associated with ZeroTier, but I'm happy to pass on the idea of
> this great combination!
>
> --
> Chris Stave | Network Engineer
> (973)545-1628
> 85 Broad St., 15th floor | New York, NY 10004
> <http://www.voxmedia.com/>
> Vox Media is The Verge <http://www.theverge.com/>, Vox
> <http://www.vox.com/>, SB Nation <http://www.sbnation.com/>,
> Polygon <http://www.polygon.com/>,Eater <http://www.eater.com/>,
> Racked <http://www.racked.com/>, Curbed <http://www.curbed.com/>, and
> Recode <http://www.recode.net/>.
>
>
> Vox Creative introduces The Explainer Studio. Read more from the Wall
> Street Journal <http://on.wsj.com/2xDqBN5>.
>
Re: Interesting combination of Guacamole and ZeroTier
Posted by Aaron Newsome <aa...@gmail.com>.
Thanks for the heads up on this one Chris. I was unfamiliar with ZeroTier
before this email. It's very curious technology. Interesting to say the
least.
A quick sign up and test confirms that this indeed could be a good
replacement for the ssh tunnels I'm manually creating today.
I'm going to do a bit of testing with it and see if it really is a good
solution for what I'm doing.
Thanks, Aaron
On Thu, Nov 16, 2017 at 10:31 AM, Chris Stave <ch...@voxmedia.com>
wrote:
> I've been running a combination of Guacamole and ZeroTier and it has been
> fantastic for remote access.
>
> You already know Guacamole -- it's fantastic and you know you like it.
>
> ZeroTier is a secure flat network SDN solution -- it puts devices on a
> second private network no matter where they are -- on a phone, in another
> office, at home -- wherever.
>
> If you put ZeroTier on your Guacamole server, it will get an additional
> address that is reachable from other ZeroTier clients.
>
> Contractor needs remote access? Have them install zerotier and then they
> can get to the Guacamole server and then out to everything.
>
> The bonus is that you don't need to open anything up to the
> wild-wild-internet world, it all stays believably-crytographically-safe
> on the ZeroTier network.
>
> (and it lets me SSH into network switches from my phone from anywhere,
> which is fantastic)
>
> I'm not associated with ZeroTier, but I'm happy to pass on the idea of
> this great combination!
>
> --
> Chris Stave | Network Engineer
> (973)545-1628 <(973)%20545-1628>
> 85 Broad St., 15th floor | New York, NY 10004
> <https://maps.google.com/?q=85+Broad+St.,+15th+floor+%7C+New+York,+NY+10004&entry=gmail&source=g>
> <http://www.eater.com/> <http://www.eater.com/> <http://www.eater.com/>
> <http://www.eater.com/> <http://www.eater.com/> <http://www.racked.com/>
> <http://www.racked.com/> <http://www.eater.com/> <http://recode.net/>
> <http://www.vox.com/> <http://www.vox.com/> <http://www.voxmedia.com/>
> <http://www.voxmedia.com/> <http://www.voxmedia.com/>
> Vox Media is The Verge <http://www.theverge.com/>, Vox
> <http://www.vox.com/>, SB Nation <http://www.sbnation.com/>,
> Polygon <http://www.polygon.com/>, Eater <http://www.eater.com/>, Racked
> <http://www.racked.com/>, Curbed <http://www.curbed.com/>, and Recode
> <http://www.recode.net/>.
>
>
> Vox Creative introduces The Explainer Studio. Read more from the Wall
> Street Journal <http://on.wsj.com/2xDqBN5>.
>
Re: Interesting combination of Guacamole and ZeroTier
Posted by Der PCFreak <ma...@pcfreak.de>.
For those who want to get more details, the founder of ZeroTier was a
guest at the Packet Pusher Podcast and gave a real good overview about
the ZeroTier technology and also explained a lot how it works
internally. Seems like a software you can trust and this guy knows a lot
about networking and networking protocols. You should listen to it if
you are interested:
http://packetpushers.net/podcast/podcasts/pq-134-meet-zerotier-open-source-networking/
Kind regards
Peter
On 16.11.2017 19:31, Chris Stave wrote:
> I've been running a combination of Guacamole and ZeroTier and it has
> been fantastic for remote access.
>
> You already know Guacamole -- it's fantastic and you know you like it.
>
> ZeroTier is a secure flat network SDN solution -- it puts devices on a
> second private network no matter where they are -- on a phone, in
> another office, at home -- wherever.
>
> If you put ZeroTier on your Guacamole server, it will get an
> additional address that is reachable from other ZeroTier clients.
>
> Contractor needs remote access? Have them install zerotier and then
> they can get to the Guacamole server and then out to everything.
>
> The bonus is that you don't need to open anything up to the
> wild-wild-internet world, it all stays
> believably-crytographically-safe on the ZeroTier network.
>
> (and it lets me SSH into network switches from my phone from anywhere,
> which is fantastic)
>
> I'm not associated with ZeroTier, but I'm happy to pass on the idea of
> this great combination!
>
> --
> Chris Stave | Network Engineer
> (973)545-1628
> 85 Broad St., 15th floor | New York, NY 10004
> <http://www.voxmedia.com/>
> Vox Media is The Verge <http://www.theverge.com/>, Vox
> <http://www.vox.com/>, SB Nation <http://www.sbnation.com/>,
> Polygon <http://www.polygon.com/>,Eater <http://www.eater.com/>,
> Racked <http://www.racked.com/>, Curbed <http://www.curbed.com/>, and
> Recode <http://www.recode.net/>.
>
>
> Vox Creative introduces The Explainer Studio. Read more from the Wall
> Street Journal <http://on.wsj.com/2xDqBN5>.
>