Guacamole RDP Gateway

Finally got Guacamole setup and currently testing it, might use it for GNS3 DaaS. I followed David Wentzel’s guide located here but I changed the steps for the latest Guacamole which is version 0.9.9. I did run into some login errors as specified in the lower half of the guide, these were resolved by checking both of the handmade files. In my case, I was missing an end-quote (“) from my guacamole.properties file.

I suggest using the md5 hash method for users passwords or they will be stored in cleartext, MD5 is better than nothing! I hopefully plan on moving to LDAP authentication, I just want to get this tested and marked as “fully functional” before I do that. MD5 hash example is located here.

Put the Guacamole server on the main network and use Apache’s mod_proxy feature on a web server in the DMZ to allow access externally. A firewall rule is allowed to allow the DMZ webserver to the Guacamole server on the main network. Once that is in place everything is functional from a network perspective, I am able to get to it from the WWW.

Testing shall commence tomorrow and I may have other users test it, I will update this article then with any bug finds, fixes or errors I or others run into.

EDIT:

I made a Windows 10 “Remote Admin Workstation” within VMWare ESXi and had issues getting Guacamole to work with it. Found a Windows 10 Fix, appears that Network Level Auth and a registry key need to be edited. More specifically the key located here: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] change “SecurityLayer” from a “2” to a “1”.