FreeRDP – RD Gateway client for Linux

logo
If you are Googling for software that allows you to use remote desktop from a Linux OS through a RD Gateway to another server – Stop! I spend hours doing the same with no luck. I tried out a bunch of tools with no luck either. Here is some of the tools I tried, which does NOT support this function:

I have previously used iTap Mobile to set up connections through a Remote Gateway (also known as RD Gateway or TS Gateway) from a Mac. I read this could also be used for Linux OS’s. But when I went to their site, it turns out that iTap mobile has been discontinued because Microsoft released a new Microsoft Remote Desktop app. This Desktop App works for Windows, Mac and Android, but Linux is not mentioned anywhere. So I wrote the iTap team asking them for advice:

Hi iTap team

I’m looking for software which can connect me through an RD Gateway
(or TS gateway) to a terminal server. I can see you are referring to the new “Microsoft Remote Desktop app”
for Macs and Android.

But what about Linux users like myself, is there an alternative to iTap now that you guys discontinued iTap?

This was their reply:

Hello

Thank you very much for your interest in iTap mobile RDP.
Unfortunately, not that I know of. As far as I know iTap mobile RDP was the only RDP client for Linux that offered RD Gateway support.

We are very sorry for the inconvenience.
Best regards,
Stefan

So what did I do ? turned to the wonderful world of opensource software. FreeRDP is an awesome project started by Awake Coding aka Marc-André Moreau. It is still in development so bugs and missing documentation is to be expected. This tutorial will show you how to compile and use FreeRDP to connect to through a RD Gateway to a terminal server from Ubuntu 13.10 32 bit.

First thing is to install Git, if you already have this installed you can skip this step.

1. Open a terminal an type sudo apt-get install git

Ones we have Git installed, let?s get the source files from GitHub

2. Type git clone git://github.com/FreeRDP/FreeRDP.git

FreeRDP1

3. Type cd FreeRDP

We also need a bunch of dependencies for compiling and running FreeRDP

4. Type the following and press Enter

sudo apt-get install build-essential git-core cmake libssl-dev libx11-dev libxext-dev libxinerama-dev \
libxcursor-dev libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev libcups2-dev libxml2 libxml2-dev \
libxrandr-dev libgstreamer0.10-dev libgstreamer-plugins-base0.10-dev

FreeRDP2

Now that we have all we need, the makefile must be generated.

5. Type cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON .

FreeRDP3

Finally start the build

6. Type make

FreeRDP4

Ones the installer had been build we can start installing the software itself

7. Type sudo make install

FreeRDP5

It will take a while to install but hopefully will without any errors. Ones FreeRDP is installed, there is just a little tweaking needed. We need to create a config file for FreeRDP which tells it where the FreeRDP library is placed.

8. Type sudo nano /etc/ld.so.conf.d/freerdp.conf

9. Inset the line /usr/local/lib/freerdp

10. Save and exit the file

FreeRDP6

We need to check that the line we inserted is read correctly by the system. For this we start the ldconfig function, and check the path with the which command.

11. Type sudo ldconfig

12. Type which xfreerdp

FreeRDP7

13. Start FreeRDP by typing xfreerdp

FreeRDP should now be installed correctly. If you have any problems doing this, please check the wiki a GitHub.

Let’s try using FreeRDP to connet to a terminal server though a RD Gateway server. The syntax is like this:

xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY 
/gd:GATEWAYDOMAIN /gu:GATEWAYUSERNAME /gp:GATEWAYPASSWORD

But since I?m using then same account to identify myself to the RD Gateway, and the terminal server I only need to give one username and password.

14. Type xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY

15. When asked if you trust the certificate press y

FreeRDP8

So I get error that the Gateway certificate has changed. Someone has suggested that it is a bug in FreeRDP, because it has to handle both the RD gateways certificate and the terminal servers certificate. Anyway it is an easy fix since we can just use the /cert-ignore option.

16. Type xfreerdp /cert-ignore /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY

FreeRDP9

Success ! we have connected though the RD gateway to a Terminal server in a protected environment. Remember though that FreeRDP is still in development, so it might be buggy. If anybody knows other software or an easier way to connect to a Terminal Server though an RD Gateway please let me know.

Share Button

Comments

comments

Bookmark the permalink.

42 Responses to FreeRDP – RD Gateway client for Linux

  1. Javier says:

    Wow thank you very much this worked with Debian 7. At first it did not connect but it is working for now. I will continue to test it. This worked better than Remmina but it could be that Remmina uses an older version of freerdp.

  2. gord says:

    Ever so close. Connection has issues with accessing win2003 term. server through a win2008 domain server: RPC Fault PDU:
    status: RPC_S_INVALID_TAG (0x000006C5) Any thoughts?

  3. Kinit says:

    This worked for me and saved me so much time. Thank you.

  4. PipoKoeien says:

    This worked pretty well on Ubuntu 12.04; I only had to keep on working/ using my mouse otherwise the app frooze and I had to close terminal and reconnect.

    After a complete reinstall of Ubuntu I reinstalled same way, using same script, suddenly does not work anymore…! I get:
    transport_connect: getaddrinfo (Name or service not known)
    Error: protocol security negotiation failure

    Any ideas how to solve this?

    Thanks

  5. santhosh says:

    SSL_read: Failure in SSL library (protocol error?)
    SSL_read: Failure in SSL library (protocol error?)
    SSL_read: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    rpc_client_frag_read: error reading fragment body
    Unexpected RPC PDU type: 0
    SSL_read: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
    rpc_client_frag_read: error reading header

    I am getting this error any idea?

  6. Alejo says:

    Well im getting protocol security negotiation failure, im conecting to server 2012r2 terminal services 🙁

  7. Mark says:

    I’m om Linux mint and I installed freerd-x11 with the synaptic package manager. Is this the same tool as described here and if yes why compile it from source?

    • Hegelund says:

      Hi Mark

      Couldn’t say, don’t have a mint box.
      But if it works for you – No why would you compile for source?

  8. Utopia says:

    I was getting “Error: protocol security negotiation or connection failure”.
    Adding “-nego” flag to the command solved the problem:

    xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY -nego

  9. Mikhail says:

    Awesome. This worked for me. Thank you.

    • Thomas says:

      Yikes, that laptop’s touchpad is annyoing. So my name is Thomas not ketThomas. Also that ! between the line “segmentation fault” and my final line doesn’t exist.

      • Hegelund says:

        Hi Thomas

        Are you using the same credentials to identify yourself to the gateway and the server itself? Maybe try out using the parematers /g:GATEWAY /gd:GATEWAYDOMAIN /gu:GATEWAYUSERNAME /gp:GATEWAYPASSWORD

        • Nick says:

          I have the same error. I put in the gd and gu parameters but it’s the same.

          It goes:

          unable to connect to [computername]:3389
          connected to [gateway]:443
          connected to [gateway]:443
          fatal_handler: signum=11
          Segmentation fault (core dumped)

        • Thomas says:

          mint@mint ~ $ xfreerdp /cert-ignore /v:workstation /g:gateway /gd:domain /gu:username /gp:password
          connected to gateway:443
          connected to gateway:443
          fatal_handler: signum=11
          Segmentation fault

          The username for the workstation and the gateway are the same.

          • Thomas says:

            I think freerdp has been updated. Now I’m getting something more than I was. I haven’t been able to duplicate the above error since reinstalling Mint 16 and xfreerdp. I’ve put it all in a script now called “filename.rdp” which just makes testing changes easier since you don’t have to type it all out every time. Inside the file is this information:

            /cert-ignore
            /v:computer
            /d:domain
            /u:user
            /p:password
            /g:gateway
            /f

            When I run xfreerdp filename.rdp, it returns this:

            connected to gateway:443
            connected to gateway:443
            RPC Fault PDU:
            status: RPC_S_INVALID_TAG (0x000006C5)
            TsProxyCreateChannel: error reading response
            freerdp_set_last_error 0x2000C
            Error: protocol security negotiation or connection failure

            I have another domain / system that we can successfully get connected to using the same format. The ONLY difference I can think of off the top of my head, is this secondary domain that we have has a fully qualified domain name, where the one that doesn’t work has an older .local domain name. I wonder if xfreerdp is designed to work with FQDN only?

  10. Piotr says:

    I’m connecting to many different terminal server gateways and mostly this work fine. However I’ve noticed the pattern can’t connect to all machines which are Windows Server 2008 (not R2), rest are working fine. I’m getting error:

    RPC Fault PDU:
    status: RPC_S_INVALID_TAG (0x000006C5)
    TsProxyCreateChannel: error reading response
    freerdp_set_last_error 0x2000C
    Error: protocol security negotiation or connection failure

    Any advice?

  11. D says:

    Tried again today after a long time away. I can connect to a local windows machine but when I try to connect to one with a gateway using the following command I get the error listed below.

    Anyone see anything wrong here?
    Thanks!

    xfreerdp /cert-ignore /v:myservername /d:domain /u:username /p:password /g:gateway-server -nego
    ——————————-
    RPC Fault PDU:
    status: RPC_S_INVALID_TAG (0x000006C5)
    TsProxyCreateChannel: error reading response
    freerdp_set_last_error 0x2000C
    Error: protocol security negotiation or connection failure

  12. potato says:

    Nice! Has anyone got this working in combination with smartcard support.

  13. RGiskard says:

    Built and connected today! Very nice.
    Thanks for the great work!

    One question, are there other configuration options that could be used, ie, to expand the screen and relay sound?
    The RDP session is rather small and everything is compacted, and no sound comes through. Would be nice if those two things were possible to configure.

  14. Ian Johnston says:

    Working beautifully with Xubuntu 12.04 and 14.04 – many thanks. Just one query … there is no /usr/local/lib/freerdp on my system, so what does it do in /etc/ld.so.conf.d/freerdp.conf?

  15. AzP says:

    This is amazing, it works! I’m using it on Gentoo, and it worked on the first try.
    I think it’s pretty amazing that we have a software that works immediately, but has no GUI. I mean, you don’t need much of a GUI to be able to get input there instead of having to provide a long command. I also really don’t like writing my password on the command line, in clear text.

    I wish the client had a “ask for password” setting.

    • Wrath says:

      I had same concern so a bit of searching found this:

      http://unix.stackexchange.com/questions/119880/make-freerdp-prompt-user-for-username-and-password

      Basically I edited the code to prompt for remote computer, username, domain, gateway etc. I had a little trouble with passwords that include special characters so escaped the password with double quotes (” “).


      #!/bin/bash
      xfreerdp \
      /v:$(zenity \
      --entry \
      --title="Remote Computer" \
      --text="Enter the computer name") \
      /u:$(zenity \
      --entry \
      --title="Username" \
      --text="Enter your Username") \
      /p:"$(zenity \
      --entry \
      --title="Domain Password" \
      --text="Enter your password:" \
      --hide-text)" \
      /d:$(zenity \
      --entry \
      --title="Domain Name" \
      --text="Enter the Domain Name") \
      /f \
      /g:$(zenity \
      --entry \
      --title="Gateway" \
      --text="Enter the Gateway") \
      /cert-ignore

      So if you have zenity installed this may be a solution – it worked for me.

  16. Mick says:

    Before I dig in and try this I need to get a Cisco VPN client working. Assuming I succeed witll this use the VPN to link to the remote RDP server?

  17. David Patino says:

    You’re a life saver!

  18. Dick says:

    thank you, thank you!
    Finally a way to get connected to my work-windows server environment.
    But does anybody know how to change the screen resolution? becaus now its a really small window

Leave a Reply

Your email address will not be published. Required fields are marked *