Sonicwall NetExtender SSLVPN and Windows 8

***UPDATE
After an email exchange with James Hiscott and some hard work on his behalf, James has an update and Sonicwall have release an update version of the NetExtender available at mysonicwall.com. Read James’ post here http://www.jameshiscott.com/wordpress/?p=10
_______________________

Like most people we’re keenly testing the pre RTM releases of Windows 8 and evaluating new hardware from HP to workout what we’d like to use for staff and students next year. Currently I have Windows 8 CP on a HP Folio13 and really like how it’s working for me. The only problem has been getting the Sonicwall SSLVPN client to work on Windows 8, which for the last week has stopped me from ditching my 2740p tablet and making the Folio13 my sole mobile device

After a few attempts at the NetExtender install it completed successfully after I installed *all* the drivers for the Folio13 from the HP site.

That got me excited and I thought I was all set, I tested the SSLVPN client and it authenticated and connected and looked like it was working. It wasn’t until later that evening when I went to use the VPN that I realised it wasn’t working at all, and even though the connection looked fine there was no network traffic being received by the VPN client.

image

A little digging this morning at the log and debug log files indicated an issue with the routes being added when connecting the vpn

image
Log File

image
Debug Log File

By running route print I could see that the Sonicwall Netextender was interface 38
image

Open the Properties window for the NetExtender

image

Add the required routes to the bottom of the NxConnect.bat

route ADD 172.16.0.0 MASK 255.255.0.0 172.16.72.1 METRIC 5 IF 38
route ADD 172.16.1.3 MASK 255.255.255.255 172.16.72.1 METRIC 5 IF 38
route ADD 172.16.1.2 MASK 255.255.255.255 172.16.72.1 METRIC 5 IF 38

Funnily enough, you don’t seem to need the route delete commands in the NxDisconnect.bat?

route DELETE 172.16.0.0
route DELETE 172.16.1.3
route DELETE 172.16.1.2

And finally you need to change the privileges for NetExtender shortcut to run with administrator privileges. If you have the NetExtender as a startup program, go to

C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu

Right-click on the shortcut and tick box for run this program as an administrator

image

After all of that my NetExtender settings seemed to be reliable and working the same as my Windows 7 devices

RemoteApp: Synergetic access from Home

Finding a decent solution for remote access to Synergetic has always been a problem. The Synergetic loader starts the application from a shared network drive, which is fine when Staff are at School but when they’re offsite, it’s tedious loading Synergetic with a 1Mb upload on the School’s internet link.

RemoteApp was a new feature with Server 2008 and has been refined further with 2008 R2 and Windows 7 with the RemoteApp and Desktop Connections. RemoteApp works similarly to the traditional Windows Terminal Server login used with previous versions of Windows Server, but with more functionality. When you configure a program for RemoteApp, the end user gets the same icon on their desktop or start menu that they would if the application was installed locally. The icon is a shortcut for remote desktop(RDP) that loads a full terminal services login, but hides the session and only shows the application, which is running in the TS session. The user’s printers and mapped drives etc can all be used in the RemoteApp, same as an RP session, but is set per program.

Accessing Synergetic via RemoteApp offsite is as seamless as connecting when at School and doesn’t require a VPN connection. Setting up RemoteApp with signed certificates and opening ports on the firewall is the way to go. Users still have to pass AD authentication, and depending on your Synergetic setup, another username and password to login to Synergetic.

 

Video -  loading Synergetic with RemoteApp

After a brief trial of Synergetic with RemoteApp it looks like we’ll be purchasing the necessary RDS User CAL’s (Check here for changes to TS licensing) and using RemoteApp for Staff access to Synergetic from home and getting them to use this setup for their Academic Report writing and avoid the confusion between Synergetic Network/Stand-Alone and importing/exporting reports.

To setup the trial of Server 2008 R2 and RemoteApp, follow something like the TS RemoteApp Step-by-Step Guide which is pretty straight forward. If you have Windows 7 clients, make sure you check out RemoteApp and Desktop Connections where you can set the Win7 machines to check a URL for a list of available RemoteApps and it will update regularly and automatically put shortcuts on the start menu for users

After you’ve configured the TS services, install Synergetic on the TS box and add it as RemoteApp through the Wizard

wiz1

If your a large Synergetic customer, you probably have multiple databases for different users and need to specify different configuration files with command line arguments.

wiz2

Here’s our test RemoteApps for Synergetic

remoteAppPrograms

Pushing the links for RemoteApps out as *.MSI or RDP files via a script or download makes things nice and easy too

I hadn’t paid much attention to RemoteApp and Microsoft’s VDI offerings, which seems like a mistake on my behalf. With the price of EDU licensing for MS Apps, this is a nice and tidy solution to a problem we’ve had since purchasing Synergetic 10-12 years ago. It might be a good solution for getting applications onto our Student Netbooks too… will see how we go