VMware Horizon Community
vmwarefool
Contributor
Contributor

VPN issue

Can a user logged into a VM use a site to site VPN client to login to a remote server without loosing connection to that VM with VMware View?

0 Kudos
10 Replies
Troy_Clavell
Immortal
Immortal

I think it will definitely work it your broker is set for direct connect, but not 100% sure if it's setup for tunneling.

0 Kudos
lbourque
Virtuoso
Virtuoso

Based on what you're describing (being connected in two locations?) wouldn't be supported unless the desktop is a Terminal Server. Remember that RDP is used. So if I'm connected via the View in the LAN and go home and try to connect into that VM via the VPN, then I'll be told it's unavailable. An administrator will have to log me out before I can log in via the VPN.

You should be able to tunneled or direct via VPN (the connection broker would consider VPN connects as if they come from inside the LAN) but keep in mind the extra overhead of tunneled so that may impact performance.

0 Kudos
vmwarefool
Contributor
Contributor

They wouldnt use a VPN until connected to the VM.

0 Kudos
daleallenc
Contributor
Contributor

You didn't say which brand of VPN software you're using, but some VPNs (like Cisco, for example) can be configured for "split-tunneling" which may do what you need it to. Your security/network/firewall guys may want to have nothing to do with that since it does open more attack surfaces and make your network more vunerable.

0 Kudos
lbourque
Virtuoso
Virtuoso

I actually just tested this and it worked fine. (using RSA SecurID to https VPN).

0 Kudos
vmwarefool
Contributor
Contributor

Our biggest client says split tunneling is a no go. So we must use site to site on the VM.

0 Kudos
daleallenc
Contributor
Contributor

I just tried this with our CheckPoint VPN client and got booted.

Makes me wonder, though. What might happen if you're VMs had dual NICs? One for the VPN client to bind to, and the other for RDP traffic. . .

0 Kudos
vmwarefool
Contributor
Contributor

But how many would you need if youre running 20 VM's that need to do the same thing?

0 Kudos
lbourque
Virtuoso
Virtuoso

Well, would be worthwhie to try. Just remember to force the agent to look for RDP/View from that NIC (use different VLANs for each) by modifying the reg:

HKLM\Software\VMware, Inc.\VMware View\Node Manager

Set the Subnet subkey to n.n.n.n\m

where n.n.n.n is the network and m is the bits in the subnet mask.

0 Kudos
jt30605
Contributor
Contributor

Were you able to get this working? I'm facing the exact same issue right now during an eval of VMware View. If I can't make this work then it's a no go. We tried the dual nic idea, but I didn't change any registry settings. As a matter of fact, I dont even have

HKLM\Software\VMware, Inc.\VMware View\Node Manager

in the registery. I have ..\VMware\Vmware VDM\Node Manager, but no subnet subkey.

0 Kudos