Skip to Content
Last modified by Adrian Hömann on 2024/03/07 16:56
From version 1.1
edited by Tobias Wintrich
on 2024/03/07 15:20
Change comment: There is no comment for this version
To version 2.1
edited by Adrian Hömann
on 2024/03/07 16:56
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.twintrich
1 +XWiki.ahoemann
Content
... ... @@ -19,15 +19,15 @@
19 19  
20 20  To utilize the TCMS VPN functionality, the following prerequisites must be met:
21 21  
22 -1. The Thin Client with RangeeOS must have the "tcmsclient-vpn" license. If you don't have a license for the module yet, you can purchase one through our [[sales department >> path:mailto:sales@rangee.com]] or via our [[contact form >> https://rangee.com/contact/]] or request a [[30-day demo license >> https://rangee.com/contact/]].
23 -2. The TCMS must be reachable via a fixed IP or hostname.
24 -3. The TCMS must be reachable by both the chosen registration port and the chosen VPN port for the clients.
25 -4. The servers that the clients should be reachable through the TCMS must be reachable by the TCMS.
22 +1. The Thin Client with RangeeOS must have the "tcmsclient-vpn" license. If you don't have a license for the module yet, you can purchase one through our [[sales department >>mailto:sales@rangee.com]] or via our [[contact form >>https://rangee.com/en/contact/#contactform]] or request a [[30-day demo license >>https://rangee.com/en/contact/]].
23 +1. The TCMS must be reachable via a fixed IP or hostname.
24 +1. The TCMS must be reachable by both the chosen registration port and the chosen VPN port for the clients.
25 +1. The servers that the clients should be reachable through the TCMS must be reachable by the TCMS.
26 26  
27 27  = Configuration =
28 28  
29 29  {{warning}}
30 -The configuration presented here must make the TCMS available from the internet for your clients. In this context, we recommend using the [[TCMS - Signature Verification >> https://kb.rangee.com/HowTos/TCMS%20-%20Signature%20Verification/]] to prevent unauthorized clients from registering with the TCMS.
30 +The configuration presented here must make the TCMS available from the internet for your clients. In this context, we recommend using the [[TCMS - Signature Verification >>https://kb.rangee.com/HowTos/TCMS%20-%20Signaturpr%C3%BCfung/]] to prevent unauthorized clients from registering with the TCMS.
31 31  {{/warning}}
32 32  
33 33  == TCMS ==
... ... @@ -36,7 +36,7 @@
36 36  
37 37  By configuring an additional TCMS API port, you can define a port through which only Thin Clients can connect to the TCMS, while the web interface is not available. Using the additional API port is **highly recommended** when making the TCMS available over the internet.
38 38  
39 -You can configure the additional API port in the TCMS under {{status title="Edit"/}} -> {{status title="Settings"/}} -> {{status title="Basic Settings"/}}. Here are the options:
39 +You can configure the additional API port in the TCMS under {{status title="Edit"/}} -> {{status title="Settings"/}} -> {{status title="Base Settings"/}}. Here are the options:
40 40  
41 41  {{warning}}
42 42  Changes made to these options require a restart of the TCMS.
... ... @@ -45,7 +45,7 @@
45 45  * **Additional API Port** - Freely selectable TCP port, in our example 8888.
46 46  * **Allow Repository Access via Additional API Port** (optional) - Allows clients to receive updates from the TCMS repository via this port.
47 47  
48 -[[TCMS - Basic Settings>>image:01_tcms_vpn.png||alt="TCMS - Basic Settings" height="208" width="800"]]
48 +[[TCMS - Base Settings>>image:TCMS-Base-Settings.png]]
49 49  
50 50  === Configuring the TCMS VPN Connection ===
51 51  
... ... @@ -61,13 +61,13 @@
61 61  Changes made to these options require a restart of the TCMS.
62 62  {{/warning}}
63 63  
64 -* **Start TCMS VPN** - Activates the TCMS VPN service.
64 +* **Enable TCMS VPN** - Activates the TCMS VPN service.
65 65  * **VPN Subnet** - Defines an internal TCMS-VPN-CLIENT subnet in CIDR form. This network should **not** overlap with your internal network.
66 66  * **TCMS VPN Address** - Address of the TCMS server within the VPN subnet.
67 67  * **VPN Port** - UDP port over which the VPN connection should be established. Must be made externally available.
68 68  * **VPN Route Metric** - Determines the metric with which the VPN connection is established on the client side.
69 -* **Allow VPN NAT routing** - When enabled, this option allows VPN-connected clients to access servers defined under **Externally reachable targets**.
70 -* **Externally reachable targets** - In this text field, any targets for VPN-connected clients can be made available. The following notations must be used, where only the specification of the server/subnet is mandatory:
69 +* **Allow VPN NAT routing** - When enabled, this option allows VPN-connected clients to access servers defined under **Externally accessible targets**.
70 +* **Externally accessible targets** - In this text field, any targets for VPN-connected clients can be made available. The following notations must be used, where only the specification of the server/subnet is mandatory:
71 71  #Server/Subnet in CIDR form#:#Port#,#Port2#|#Protocol1#,#Protocol2#
72 72  **Examples**:
73 73  ** **192.168.10.30/32 **or **192.168.10.30**
... ... @@ -83,7 +83,7 @@
83 83  ** **192.168.0.0/16:443|tcp,udp,icmp**
84 84  Allows access to all machines in subnet 192.168.0.0/16 on port 443 TCP, UDP, and ICMP (Ping).
85 85  
86 -[[TCMS VPN Settings>>image:02_tcms_vpn.png||alt="TCMS VPN Settings" height="473" width="800"]]
86 +[[TCMS VPN Settings>>image:TCMS-VPN-Settings.png]]
87 87  
88 88  === Specifying VPN Clients ===
89 89  
... ... @@ -91,15 +91,15 @@
91 91  
92 92  To do this, select the group in the {{status title="Groups"/}} tab for which you want to enable TCMS-VPN. Then, enable the **"Allow TCMS VPN for this group"** option in the {{status title="Settings"/}} tab of the group.
93 93  
94 -[[Activate VPN Connection for Group>>image:03_tcms_vpn.png||alt="Activate VPN Connection for Group" height="606" width="400"]]
94 +[[Activate VPN Connection for Group>>image:Activate-VPN-Connection-Group.png]]
95 95  
96 96  == Thin Client ==
97 97  
98 98  On the Thin Client side, no special configuration is required to use the TCMS VPN connection. The client receives all necessary data for this from its TCMS configuration.
99 99  
100 -However, ensure that the client establishes its connection to the TCMS via the **Additional API Port** and the **externally resolvable hostname or fixed IP address**. You can find the setting in the client's commbox under {{status title="Remote Administration"/}} -> {{status title="TCMS Settings"/}}.
100 +However, ensure that the client establishes its connection to the TCMS via the **Additional API Port** and the **externally resolvable hostname or fixed IP address**. You can find the setting in the client's Kommbox under {{status title="Remote Administration"/}} -> {{status title="TCMS Settings"/}}.
101 101  
102 -[[TCMS Settings on Thin Client Side>>image:04_tcms_vpn.png||alt="TCMS Settings on Thin Client Side" height="205" width="600"]]
102 +[[TCMS Settings on Thin Client Side>>image:TCMS-Settings-on-Thin-Client-Side.png]]
103 103  
104 104  == Firewall ==
105 105  
... ... @@ -107,8 +107,6 @@
107 107  
108 108  Example configuration for allowing an RDP server:
109 109  
110 -
111 -
112 112  * TCMS:
113 113  ** IP in DMZ: 10.10.10.5
114 114  ** API Port 8888