I have a view connection server which we have been using internally that I now want to use externally as well - I would like workers to be able to re-connect to their workplace daytime sessions from home and continue working.
To this end I have setup an Access Point Server in our DMZ (with the rules to/from the Internet and LAN as per online docs) and can login from an Internet based client as a user OK, but when it tries to initiate the PCOIP session, I just get a black screen and then the connection terminates.
Internet to the Access Point machine in DMZ (machine has a 192.x.x.x. address in the DMZ NAT'd to an external RIPE IP)
443 TCP & UDP
4172 TCP an UDP (UDP 4172 must be allowed outbound too)
Access Point machine in the DMZ to internal LAN (view connection server stc-vmconn-01.stc.ricplc.com and view vm's are located on the LAN):
443 TCP to stc-vmconn-01.stc.ricplc.com
4172 TCP and UDP to stc-vmconn-01.stc.ricplc.com and UDP 4172 back
32111 TCP to stc-vmconn-01.stc.ricplc.com
I am presuming that as I am using Access Point instead of a Security server - there is nothing to add in the Security Servers Tab on the view connection server, is that correct?
As I am running through the Access Point server in the DMZ and don't want to add routes from all the horizon view agent VM's out to the Internet, I want to tunnel PCOIP via the View Connection server so that all conversations go via the AP and the View Connection server - I think I need to enable and set a PCOIP Secure Gateway <IP Address>:4172 on the View Connection Servers Tab of the Connection Server / Servers page - I am a little unsure as to which IP to set here. Should it be the external Internet IP address of the AP (in which case, it seems to break internal clients from being able to connect when they could before), or should I set it to the internal View Connection Server's IP (in which case internal clients work OK, but externals still get the black screen).
When running a wireshark trace on the internal View Connection Server, I can see a couple of PCOIP (4172) packets going to/from the remote client on the Internet before the connection is droppped.
If I look at the debug logs on the external client machine, I see this error, that might be the problem?
2017-02-08T16:13:54.702Z WARN (0C44-026C) <NodeManagerWatcher> [vmware-view-usbd] SocketChannel: Unable to connect to 172.30.85.43:32111
Now, this is a machine on the Internet, so there is obviously going to be a problem accessing 172.30.85.43 (which is the VDI VM internal IP) as this is non-routable over the Internet - why am I seeing this?
Any ideas what may be wrong here, cos I am stumped!!