NSX SSL VPN-Plus | Adding Client Configurations in Bulk

Anyone using NSX SSL VPN-Plus feature for more than one site will quickly find there is no mechanism for importing client configurations.  The native method for accessing additional sites is to browse to the Gateway for each site (then download and run the installer).

That’s pretty tedious as your site count increases.  There is a better, albeit unsupported, way to manage this need.

SSL VPN-Plus naclient on Windows

In windows, client configuration is stored in the registry.  You can manipulate the windows registry using .reg files.

Open up a text editor, and prepare a file with all of your sites using the following format.  Replace the GatewayList value with your site’s gateway IP address

 Windows Registry Editor Version 5.00

 [HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\SSL VPN-Plus Client\Connection #1]
 "ConnectionAlias"="site1"
 "BSValue"=dword:00000100
 "GatewayList"="site1-ip:443"

 [HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\SSL VPN-Plus Client\Connection #2]
 "ConnectionAlias"="site2"
 "BSValue"=dword:00000100
 "GatewayList"="site2_ip:443"

--snip--
 [HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\SSL VPN-Plus Client\Connection #20]
 "ConnectionAlias"="site20"
 "BSValue"=dword:00000100
 "GatewayList"="site20"

Save the file as a .reg file, the name of the file is arbitrary.

Exit the SSL VPN-Plus naclient application

Import the .reg file

Navigate to HKLM\SOFTWARE\VMware, Inc.\SSL VPN-Plus Client and verify the connections were imported.

Update the ConnectionCount to the total number of sites.  This is important; if the number doesn’t match, naclient will not start.

Start the naclient (C:\Program Files\VMware\SSL VPN-Plus Client\SVPclient.exe)

SSL VPN-Plus naclient on MAC OS X 

This one is easier, the client settings are stored in /opt/sslvpn-plus/naclient/naclient.conf

Quit the naclient application.  Add the site configurations to naclient.conf

vi /opt/sslvpn-plus/naclient/naclient.conf
 site1 site1-ip:443 256 
 site2 site2-ip:443 256 
 --snip--
 site20 site20-ip:443 256

Start the naclient.

That is all peeps.  Have a nice day.

Advertisements

vCNS 5.1.x SSL VPN-Plus Client Proxy Settings on Mac won’t stick

Anyone out there attempting to run the SSL VPN-Plus Mac client through a proxy will quickly notice that the settings do not seem to stick.   You check the box to enable proxy setting, add the configuration and click Ok.

Image

All seems well (until you try to connect).  When the settings are applied correctly, the client will reflect that the connection attempt is routed via proxy.

Image

When you open up the proxy settings again, you see the box unchecked and the proxy configuration undefined.  This is a known issue caused by a missing directory where the proxy configuration is written does not get added during install.  This is slated to be fixed in a future release.

As a workaround, you can add the directory manually.  Exit the SSL VPN Mac client, open up the terminal and add the directory:  sudo mkdir -m 777 /opt/sslvpn-plus/naclient/users_dat

Problem solved.  Open up the client, configure the proxy, and connect.

*Credit for the find to N.Albright for quickly finding the problem with dtruss*.
-Gabe 

Image