Hypersocket VPN Getting Started Guide

Lee Painter HYPERSOCKET LIMITED Unit 1, Vision Business Centre, Firth Way, Nottingham, NG6 8GF, United Kingdom

Table of Contents

PREFACE ...................................................................................................................................... 4 DOCUMENT OBJECTIVE ............................................................................................................................ 4

Audience ......................................................................................................................................... 4 Document Organization ................................................................................................................. 4

DOCUMENT CONVENTION ........................................................................................................................ 5 DOCUMENTATION FEEDBACK .................................................................................................................... 5 OBTAINING TECHNICAL ASSISTANCE ........................................................................................................... 5

INTRODUCTION ........................................................................................................................... 6 WHAT IS A VPN? .................................................................................................................................... 6 IPSEC VPNS ........................................................................................................................................... 6 SSL VPNS .............................................................................................................................................. 7 HYPERSOCKET VPN – A HYBRID APPROACH ................................................................................................. 7 KEY BENEFITS OF HYPERSOCKET VPN ......................................................................................................... 8

INSTALLING HYPERSOCKET VPN .................................................................................................... 9 NETWORK DEPLOYMENT .......................................................................................................................... 9

LAN ................................................................................................................................................. 9 DMZ .............................................................................................................................................. 10

FIREWALL RULES ................................................................................................................................... 10 SUPPORTED PLATFORMS ........................................................................................................................ 11 INSTALLING HYPERSOCKET ...................................................................................................................... 11 THE SETUP WIZARD ............................................................................................................................... 12

Step 1 – License Agreement ......................................................................................................... 13 Step 2 – Set Password .................................................................................................................. 13 Step 3 – Upload License Key ......................................................................................................... 13 Step 4 – Download/Install Components ....................................................................................... 14 Step 5 – Configure SSL Certificate ................................................................................................ 14 Step 6 – Complete Setup............................................................................................................... 16 Logging in for the First Time ......................................................................................................... 16

INSTALLING VPN EXTENSIONS .................................................................................................... 17 AVAILABLE FEATURES ............................................................................................................................. 18

Networking->Network Resources ................................................................................................. 18 Secure Node->Secure Node .......................................................................................................... 18 Client->Hypersocket Client Support .............................................................................................. 18

SETTING UP RESOURCES ............................................................................................................. 19 REALMS ............................................................................................................................................... 19 WEBSITE RESOURCES ............................................................................................................................. 21

What is a Website Resource? ....................................................................................................... 21 An example website configuration ............................................................................................... 21

NETWORK RESOURCES ........................................................................................................................... 23 What is a Network Resource? ...................................................................................................... 23 Endpoints, Protocols, Applications ............................................................................................... 23 An example network configuration .............................................................................................. 24

SECURE NODE ...................................................................................................................................... 27 What is a Secure Node?................................................................................................................ 27 An example Secure Node configuration ....................................................................................... 28

INSTALLING THE HYPERSOCKET CLIENT ....................................................................................... 33

LAUNCHING RESOURCES ............................................................................................................ 34

Hypersocket Client ........................................................................................................................ 34

TROUBLESHOOTING ................................................................................................................... 36 CONNECTION IS NOT PRIVATE/CERTIFICATE ERRORS..................................................................................... 36 CANNOT CONNECT TO THE WEB UI .......................................................................................................... 36

Has the service started? ............................................................................................................... 36 Check firewall port forwarding ..................................................................................................... 37

CLIENT DOESN’T REMEMBER THE SERVER URL............................................................................................ 37 I HAVE A PROBLEM BUT IT’S NOT ANSWERED HERE ...................................................................................... 37

Preface This preface introduces the Hypersocket VPN Getting Started Guide. It has been broken down into the following sections:

Document Objective Document Convention Documentation Feedback Obtaining Technical Assistance

Document Objective The objective of this document is to provide the System Administrator with an overview of installing and configuring the Hypersocket VPN product from Hypersocket Software. Hypersocket VPN allows your users to get remote access to their web sites and servers.

Audience This guide is for anyone who wishes to successfully install and administrate the Hypersocket VPN product. Although this is often someone concerned with product installation and administration, it may also be a useful guide to managers whom may be considering deploying the Hypersocket VPN as a solution. This guide is expected to be useful if you are performing any of the following tasks

Installing an instance of the Hypersocket VPN Configuring an existing implementation of Hypersocket VPN

Document Organization For ease of reference this guide has been broken down into sections that match the workflow of installing and configuring the Hypersocket VPN. These are:

Introduction Installing Hypersocket VPN Installing the Hypersocket Client Setting up Resources Launching Resources Troubleshooting

in this format

Document Convention The following conventions are used in this document:

Bold font denotes either User Interface components to interact with (e.g. Click the Create button) or for extra emphasis.

UI navigation is denoted by menu items in bold separated by -> (e.g navigating to System->Configuration->SSL is done by clicking System in the left hand menu, followed by Configuration in the secondary menu at the top, finally clicking on the SSL tab).

Typed user input into the UI is shown in italic font. Tips or summaries are displayed as below:

This is a summary

Commands typed into a shell are shown

Documentation Feedback We appreciate your comments on this technical documentation and invite you to send feedback to use at support@hypersocket.com.

Obtaining Technical Assistance For all customers, resellers, distributors or partners who hold a valid support agreement with Hypersocket Software Limited technical support is available by sending an email to support@hypersocket.com. You may also find useful documentation and articles on our knowledgebase https://support.hypersocket.com.

Introduction

This chapter provides the user with an overview of what a VPN is and the benefits of using Hypersocket VPN

What is a VPN? A Virtual Private Network (VPN) is a private network that extends across a public network or internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, but in a secure fashion that cannot be decrypted by any third party. VPNs can be used to connect geographically separated offices of an organization or they can allow employees to securely access the corporate network while located outside the office. Hypersocket VPN is designed to meet this second remote access need. There are two main types of VPN generally used for remote access:

Full client to site VPN (for example IPsec). Access via a web browser (for example an SSL VPN).

The following sections will briefly describe these different types of VPN and finish with a discussion on how the Hypersocket VPN fits in.

IPsec VPNs IPsec works at the Network Layer of the OSI model, which means it operates independently of the applications that may use it. IPsec encapsulates the original data inside its own packets which means that any protocol types can pass through it, which can be a good bonus. With IPsec the connecting client essentially becomes a full member of the local corporate network and can access every resource on the network. This can make it difficult to ensure that you are granting the correct levels of access to your network for your remote users as everything is open by default once the connection is made.

IPsec can be rather complicated to set up, which translates directly into higher support costs. You need to configure your external firewall to pass multiple UDP ports as well as 2 other separate network protocols. Software needs to be installed on the client system, but because of the options available for the connection, this can also lead to a much more complicated configuration that can be hard to support remotely when things go wrong, or the clients need to be upgraded.

SSL VPNs As the name suggests these types of VPN use the SSL protocol which is used extensively on the internet to secure web sites. Technically the term SSL VPN is a bit of a misnomer, as the SSL protocol was superseded some time ago by the TLS protocol. However, SSL VPN is the term that is still used industry-wide for this type of product. One of the key strengths with an SSL VPN is simplicity. All communications travel over a single port using the SSL protocol. Hence you only need to configure your firewall for this single port, plus for your remote users who may be on limited connections (from hotels, airports for example) have a greater chance of being able to make their outbound connections on this port. Another bonus is that you initiate most of your connections from a web browser, which means that almost any modern client system will be able to connect to the VPN without having to install any client software. A downside is that an SSL VPN does not tend to encapsulate all protocol types like IPsec does, you tend to be limited to TCP and UDP, or just TCP. An SSL VPN takes a different approach to IPsec for its connectivity in that a user will launch individual tunnels to separate resources as they need them. This allows the system administrator a lot more control over which parts of the network will be made remotely accessible to your remote users.

Hypersocket VPN – a hybrid approach At Hypersocket Software, our core team of people have been working with SSL VPN technologies for over a decade and in fact created the world’s first open source SSL VPN. Recent developments in how web browsers work have prompted us to have a rethink about how an SSL VPN can work more effectively. The two most important developments were:

The Java web browser plugin was a great enabler to allow all connections to be launched directly from the browser with no other requirement needed for client software. However due to all of the historical security issues with that browser plugin, most web browser companies are no longer allowing this plugin.

Granting access to internal corporate web sites is done via a method called reverse proxying. It can often prove to be very challenging to reverse proxy every website successfully without a lot of complicated and time consuming configuration.

The approach we have taken to address this is to create an installable client which aims to be as simple to use as possible, whilst automatically updating itself as required to help keep support costs down. With this client, we still run all communications over SSL so we can benefit from the simplicity there too. As such, we tend to refer to Hypersocket VPN as a Hybrid SSL VPN.

Key benefits of Hypersocket VPN Hypersocket VPN allows your remote users to connect securely to your corporate private web sites and network servers. The key benefits of using Hypersocket VPN are:

Installable client that is easy to use, configure and update. All data via a single port, easy to configure for firewalls. Access to internal servers such as RDP, SSH etc. Access to complex internal web sites with minimal configuration. You define exactly which resources you want to make available rather than be open

by default. Multiple methods of strong authentication to keep your network more secure.

Installing Hypersocket VPN

This chapter provides a basic overview of the installation of Hypersocket VPN. For more detailed coverage of the different installation types you

should download the Hypersocket Installation Guide from https://www.hypersocket.com

Network Deployment Hypersocket VPN is typically deployed inside the corporate LAN, but can be installed in a DMZ if required. Both of these scenarios are covered below.

LAN Installing Hypersocket VPN in the corporate LAN is the simplest deployment. Only a single port (443 by default) needs to be forwarded through the external firewall and the VPN has direct access to all of the required resources.

Hypersocket VPN

Firewall

LOCAL AREA NETWORK

INTERNETWebsite

Terminal

File Server

DMZ An alternative scenario is to install Hypersocket VPN in a DMZ. The same single port needs to be forwarded through the external firewall, but for every LAN resource required, extra ports need to be opened up on the internal LAN firewall. Hypersocket VPN can be configured to use one or two network cards with a simple change in the VM configuration.

INTERNET

Firewall

LOCAL AREA NETWORK

Website

Terminal

File Server

Hypersocket VPNFirewall

DMZ

Firewall Rules Hypersocket VPN communicates over a few different ports. Here are the port forwarding rules you need to configure on your network firewall, assuming you choose to use the default ports:

Port Direction Destination IP Notes

443 In <VPN IP> Web interface (for management and users)

80 In <VPN IP> Optional: HTTP redirect to management interface

443 Out 81.139.47.195 Optional: Used for opening a tunnel to our support

Supported Platforms Hypersocket VPN comes pre-built as a virtual appliance. We have images available for the following Hypervisors:

VMware ESX/vSphere Microsoft Hyper-V Oracle VirtualBox KVM Vagrant

We also have images for the following cloud based Hypervisors:

Amazon EC2 Microsoft Azure Google Compute Engine Oracle Compute Docker

We even have an installable ISO in case you did not want to use a VM, but install directly on to your own hardware. A final option are installers so you can deploy Hypersocket as a software service on Windows, Linux or OSX hosts. The installers can be downloaded from https://www.hypersocket.com/en/products/virtual-private-networks. You will need a license key to activate the software, if you are evaluating the product then you must register before downloading to receive your evaluation license key.

Installing Hypersocket Please refer to our Hypersocket ONE Installation Guides on our knowledge base at: https://support.hypersocket.com/hc/en-us/sections/200839385-Installing-Hypersocket

The Setup Wizard We can now continue the configuration in a web browser. When connecting to the management interface for the first time, you will be asked to run through the setup wizard to finalize the installation. Connect your browser using a suitable URL for the settings you have input during the installation. https://<hostname>:[port] For example, if you have installed the server on hostname gateway.corp.local on the standard ports your URL will be https://gateway.corp.local

Please note that when connecting for the first time you will receive a warning in your browser stating that the certificate is untrusted. You will have a chance to upload your own certificate shortly. For now, you should accept the untrusted certificate.

Your browser will load the setup wizard. Simply run through the following steps to finalize your installation.

Step 1 – License Agreement

Before continuing you must accept the license agreement of the software. Click ‘I accept..’ and click Next.

Step 2 – Set Password

Next you should provide a password for the admin user account. The admin account has full system privileges and is to be used for initial administration of the server.

Step 3 – Upload License Key As discussed earlier you cannot install the server without a license key, which you should already have done from the website. Click Choose file to select your Hypersocket license file.

Step 4 – Download/Install Components

The Hypersocket server will now need to download the core components is needs in order to start up. If you use an outbound proxy server, tick the option and enter the relevant details, or just click Next to continue if there is no proxy.

Step 5 – Configure SSL Certificate You now have the opportunity to upload an existing SSL certificate. For example, you may have a wildcard certificate for your domain. This section can be skipped at this time if you prefer to configure the certificate later. There are multiple formats supported. You can upload a PKCS12 / PFX file that contains the complete certificate, or you can upload separate PEM encoded files.

Uploading PKCS12 / PFX Select your PKCS12 / PFX file in the Private Key field. Enter the files passphrase in the Passphrase field. You can ignore the Certificate File and CA Bundle fields as PKCS12/PFX files do not have or require any other external files. Your private key and certificate are contained within the single PFX file.

Uploading PEM You should have a number of PEM files. At a minimum you should have a private key file and a certificate file. Upload the files into the appropriate fields. If your private key file is encrypted with a passphrase enter it into the Passphrase field. You may omit the CA bundle if you do not have this. These are typically provided by your CA when you purchased your SSL certificate.

Step 6 – Complete Setup You are now ready to complete the setup. Click Restart to complete the configuration.

Your server is now ready to use, after which you will be redirected to the login page.

Logging in for the First Time Once the Setup Wizard is complete, clicking Start will direct your browser to the logon page. Here you should enter the username admin and the password that you created during Step 2 of the Setup Wizard.

After entering the admin credentials, click Logon button to log into the Hypersocket VPN.

Installing VPN Extensions

This chapter describes how to install the VPN features that are needed to run the server.

As the server is based on our Hypersocket Prime build, you must first install the features required in order to add the VPN services needed. There are many features which are applicable to all Hypersocket Prime products, but we shall detail only the VPN specifics here. Log on to the server with the admin account.

In the Nav bar at the top right of the screen, click the Updates, Features & Licensing icon.

The Features page starts with a list of all currently installed features. The other tabs are grouped into broad categories.

To install a feature, navigate to the relevant tab, find the feature required and click on the blue cloud Download icon and accept the License Agreement that appears.

The feature will download. Once completed a server restart notification appears. Restart the service now using the Shutdown/restart

icon in the top navbar.

Available Features Following is a list of all features you can download that relate to the VPN part of the Hypersocket Server.

Networking->Network Resources Adds support for accessing TCP applications (such as RDP, SSH etc) and internal Web Servers over a VPN tunnel. This resource type starts with a tunnel, but applications can also be defined and launched by the client to seamlessly connect with a single click.

Secure Node->Secure Node Allows connections to resources at external sites through the use of a zero-firewall callback agent. Any such external resource appears exactly the same as other resources to your users, but they will automatically be tunneled through to the resource when launched.

Client->Hypersocket Client Support Adds support for the Hypersocket Client. This can be used as a shortcut to launching the web view of your files or to launch a WebDAV connection. The Hypersocket Client method of access is not considered a primary use case for MFT, but if the client is being installed for Hypersocket Prime features such as VPN then it can be useful to use the same client to access your files as well as your other resources.

Setting up Resources

This chapter will give a brief overview of the different resource types and get you started with creating the resources that your users will be

launching.

With Hypersocket VPN there are three main types of resources you can give your users access to. These are Websites and Network. The sections below will cover an explanation of these resources and include an example of each to help get you started.

Realms Before any resources are set up, it is worth briefly touching on the subject of Realms. Hypersocket VPN can support multiple User Databases at the same time and each User Database is assigned its own Realm. When you create resources, you create the resource for the realm you are currently managing. This allows you to create separate sets of resources for people on different user databases (and is a good model for a Managed Service Provider environment). For this Getting Started Guide, we have chosen to use the default local user database called System, but in a production environment you may have more than one realm (System - where the admin account exists and possibly also an Active Directory).

Note that if you have a single User Database you wish to use, it is also possible to alter the configuration of the default System Realm to point it

at an Active Directory for example. See the Administrator’s Guide for more information.

It is important to be aware of which realm you are creating your resources on. When you have more than one realm a new icon appears at the top.

You can click the User Realms button, then select the realm you wish to manage from the list that appears.

At any time, you can see which realm you are currently managing by looking in the footer at the bottom left of the screen.

Here we can see that we are logged in as the admin account and are currently managing the System realm.

Website Resources

What is a Website Resource? Exactly as the name suggests, this type of resource helps you connect your users to your internal corporate web servers and is the simplest type of resource to configure. Your users will need to use the Hypersocket Client to launch a website resource.

An example website configuration For this example, we will set up access to an internal website running the Drupal content management system.

In the web UI, navigate to the Websites menu on the left side. There are currently no resources configured so the list of resources is empty. Click Create.

Give the resource a meaningful Name. This name is what your users will see. In Launch URL, type in the URL for your website. Here we have typed in the value for our drupal site, http://10.0.10.2/drupal. Now click on the Roles tab. As we have not created any specific Roles for this Getting Started Guide, type in Everyone into the highlighted box. As you start typing, the role should appear in a selector box. Click the role then press Enter. Everyone should now appear in the list below. Click Create to finish creating the resource.

The new resource now appears in the Websites list.

Network Resources

What is a Network Resource? A network resource allows you to configure a connection from the Hypersocket Client through to any host and port inside your network and then optionally automatically launching a client application to connect to that resource. Network resources are launched by users with the Hypersocket Client. Here are a few example types of network resources you might create:

Launch an RDP application and connect through to a Terminal Server or Windows Desktop machine.

Launch an SSH client and connect to a Linux server. Create a tunnel only to an SQL database to allow a DBA to connect their own

application.

Endpoints, Protocols, Applications Before an example configuration is shown, it’s worth quickly explaining what each of the three components that make up a network resource are. These are:

Endpoints: This is the resource that appears to your users. Here is where you define the host/port and add in the protocols, applications and roles that define this resource. An endpoint can be configured with several protocols and several applications if required (useful for applications on different client operating systems).

Protocols: This is where we set up the ports (and optionally a range of ports) and transport type (TCP/UDP) for a particular protocol. This protocol type can then be used in multiple Endpoint resources. For example, RDP is on 3389/TCP.

Applications: Here you can define a client application (and its parameters) that will be launched with the Endpoint. Just like with protocols, you define the application once here which can then be used in multiple Endpoint resources.

An example network configuration

For this example, we will set up an RDP resource. First we need to configure the application. Navigate to Network on the left hand menu, then click on Applications in the secondary menu at the top. There is an application template we can use for RDP so click Search Templates.

In the list of templates that appear, click on Microsoft RDP (Windows), then click Next. Note that this example is just for setting up RDP from windows clients.

The application entry now appears in the list as shown. If you wish to create your own application types, then refer to the full administration guide for more information.

There are a number of pre-defined protocols already (and RDP is one of them), so we skip the Protocols tab. Click on the Endpoints tab and click Create.

Give the new endpoint a Name. This is the name of the resource that will be shown to your users. If your target server has a known hostname, then enter that into the Hostname field. In that case, the Destination Host/IP can be left blank. However if, as in this example, the target is only connectable via an IP address then enter the IP in the Destination Host/IP field.

Note: In the case where an IP is used a Hostname is still required, but this can be any value as long as it does not conflict with any client machine hostname. This hostname value is only ever used on the client side of the connection.

Click on the Protocols tab. In the Excluded list find the RDP protocol and click the down arrow to the right of it to move RDP over to the Included list below.

Now click on the Applications tab. As we only created the one application so far, that should be the only item visible in the top Excluded section. Click the down arrow to the right of Microsoft RDP (Windows) to move it to the Included list. Lastly, click on the Roles tab. As we did in the website example, add the Everyone role to this resource. Click Create to complete.

The completed resource is now visible in the list. This list also gives a preview of the icon your users will see.

Secure Node

What is a Secure Node? Secure Node is a feature that allows you to publish resources on your Hypersocket Server from external networks that are not otherwise connected to your LAN, without the hassle of setting up a full site to site VPN. There are also cases where such a VPN should not be created, such as hosting systems within customer LANs, but access to your devices are still needed as part of a support contract for example. With Secure Node, a Secure Node agent is installed in the external network, which maintains an SSH tunnel back to the Hypersocket Server. Only outbound access is required from the external network, so configuration of the service becomes much easier. On the Hypersocket LAN side, the SSH port needs to be forwarded to the Hypersocket server. Then a route for services on the external network is defined, after which the resource can be published on the Hypersocket server as if it was a LAN service and your users you assign to the resource can seamlessly access the resource.

An example Secure Node configuration There are 5 steps to publishing a resource via a Secure Node

1. Create a Service Key. 2. Create the Secure Node 3. Installing the agent. 4. Configure Routes. 5. Create a Resource.

Creating a Service Key The SSH connection that a Secure Node uses requires Key Authentication, so the keys must be created first.

In the left navbar under Resources, click Service Keys. Click Generate Key to start the key creation process.

You may alter the key Type and Bits length here if required. Available Types are: DSA, ECDSA, RSA. Available Bit lengths are: 1024, 2048, 4096. Click Generate Key.

Creating a Secure Node resource On the left navbar, click Secure Nodes. On the Secure Nodes tab, click Create to start the process.

Enter a Name for the new Secure Node. For the Private Key, start typing the name of the key created earlier (or type * for a list) and select your key. Click Create to finish. Hint: It can be less confusing to give both the key and node the same name.

The Secure Node will now appear in the list, but will be showing as Offline as no agent is currently connected.

A quick note about the port required for Secure Node. The default port is 4022. If you wish to change it, navigate to System Configuration->Interfaces->SSH and edit the Default SSH interface.

Installing the Secure Node agent

Rather than detail the agent install here, you can refer to existing articles relating to installation of the Secure Node agent.

Windows (32 or 64 bit): https://support.hypersocket.com/hc/en-us/articles/115000434964 OS X: https://support.hypersocket.com/hc/en-us/articles/115000440764 Linux (DEB): https://support.hypersocket.com/hc/en-us/articles/115000435110 Linux (RPM): https://support.hypersocket.com/hc/en-us/articles/115000441124 Linux/Unix (SH script): https://support.hypersocket.com/hc/en-us/articles/115000439250 When the agent is installed and running, the Secure Nodes page in the Hypersocket Server should show a status of Online.

Configuring a Route At this stage, there is a configured Secure Node with an agent connected to it and showing online in the Hypersocket GUI. Before any resources can be published, we need to define route profiles which tell the Hypersocket Server when it needs to route via a Secure Node.

Navigate to Secure Node->Routes and click Create. Give the new route a name. In the Source tab, add in any hostnames that you want to route through a Secure Node by typing in the name and pressing enter or clicking the + button. Note: As Hypersocket VPN uses a dynamic host name mapping, these hostnames do not need to be real addresses, but they do need to match the hostnames you define in the network resources themselves.

Click on the Ports tab. By default, all ports will be routed, but you can optionally define a range of ports.

Click on the Destination tab. This is where you define where the connection is routed to. Type in the name of the Secure Node you want to use and select it from the autocomplete list that appears. Enter the host or IP on the destination network that this route should pass any data to.

Here we defined another host in the remote network, but localhost can be used if the resource is on the same system that the Secure Node agent is installed on. Click Create to set up the route. Once completed, the new route should have a status of Online.

Creating a resource Creation of a resource then proceeds in exactly the same way as a normal resource, which has already been documented above. The Route and Server Agent you have just set up will automatically handle the routing of the connection. Your end users will see this just as another normal resource which can be launched in the same way (see below for Launching Resources).

Installing the Hypersocket Client

This brief chapter provides links to separate articles relating to installation of the Hypersocket Client, which can be used for launching resources.

Windows (32 or 64 bit): https://support.hypersocket.com/hc/en-us/articles/203057549 OS X: https://support.hypersocket.com/hc/en-us/articles/205652233 Linux (DEB): https://support.hypersocket.com/hc/en-us/articles/207305343 Linux (RPM): https://support.hypersocket.com/hc/en-us/articles/115000387804 Linux/Unix (SH script): https://support.hypersocket.com/hc/en-us/articles/115000374910

Launching Resources

Hypersocket Client The Hypersocket client is what your users would be using most often as you can launch all resources from here. After following the client install process as detailed earlier, the user launches the client from the Hypersocket Client shortcut that was installed. When the client is running, the user first sees a tab at the top middle of the screen which

looks like this: Hovering over the tab expands the client bar like so:

Click the Red power plug icon. The Signin Server URL prompt appears. If this is not already populated, type in the URL for your VPN. For example, https://gateway.corp.local then click the connect icon next to the URL.

The Username and Password prompt should then appear. Enter the user’s credentials here, then click Log In to connect to the server.

The Plug icon turns orange whilst it is connecting and then green once the connection is successful. Once connected, the user’s available resources are shown in the middle of the client bar.

Going from right to left, we can see the Drupal website resource we first configured. When the user clicks this icon a web browser is launched and connected directly to that web site. The next icon (TS) is the RDP Network Resource that was created. When the user clicks this, the windows RDP client is automatically launched and connected to the terminal server. The next three icons relate to two File Systems that were mounted and a WebDAV mount (see MFT documentation for more on this feature).

Troubleshooting

Connection is not private/certificate errors If you chose to skip step 5 of the setup wizard, then Hypersocket VPN installs a self-signed localhost SSL certificate. Web browsers will correctly flag this certificate as untrusted. The resolution is purchase and install a signed SSL certificate from a Certificate Authority, please see the full administrator guide for more details. Note: you will likely also have problems connecting natively to WebDAV file shares with a self-signed certificate. The resolution is the same as above.

Cannot connect to the Web UI When you start up the Virtual Machine, if you cannot connect to the web UI, here are a couple of things to look at:

Has the service started? Look at the console of the VM, where you will find VMCentre running. Click on the Gear icon on the left hand side. If the Hypersocket One service is running, there will only be a Stop button. If the button says Start, click it.

Check firewall port forwarding If you have followed this guide, Hypersocket VPN will be listening for connections on port 443. Double check the port forwarding rules on your firewall to ensure that it is passing data on this port through to the Hypersocket VPN server. If you chose not to forward the optional port 80, then double check you are trying to access the server with https:// rather than http://.

Client doesn’t remember the server URL

Every time you disconnect the client, you have to enter the Server URL every time you reconnect. This is the default behavior. To force the client to remember the connection URL, click the green power plug icon, then tick the Save connection box before clicking on the disconnect icon next to the URL.

I have a problem but it’s not answered here If your problem is not covered by this troubleshooting guide or you need more information or advice about anything to do with the Hypersocket VPN product, there are many troubleshooting articles available on our Knowledgebase, which you can find here: https://support.hypersocket.com/hc/en-us If you cannot find your answer there, please contact our support team by email at support@hypersocket.com