RDP Gateway Client on a Raspberry Pi 3 B

Preface

This project started when a friend tried to setup a Raspberry Pi 3 B as an RDP Gateway Thin-Client. He did everything anyone of us would do. Google to see if anyone else had done it. There were many pages related to setting up a basic RDP client via port 3389, but no real concise information as how to setup a client to utilize Microsoft’s RDP Gateway Services over port 443. Being that he was stuck and I was more familiar with Linux, he asked if I could look into it for him.

Before I begin, I want to point out the difficulty he ran into. Most posting gave bits and pieces on how to install an RDP Gateway Client to make use of Gateway Services. First, I had to find a Linux program that supported Gateway Services. The popular RDesktop doesn’t support Gateway Services and a quick search discovered that FreeRDP does. So I had something to work with now.

I started with a Windows 2012 R2 Terminal Server with Gateway Services in my home lab. Once testing in a lab was complete (I tested in a lab to prevent/avoid false alerts related to failed password attempts), I’d move to testing on a production server.  This setup was my proof of concept test. I believe It’s a waste of time trying to get something to work on a Raspberry Pi if it wouldn’t work on an Intel Platform. I needed to know if FreeRDP actually worked and if I would run into any snags.

My test client system was an Ubuntu 16.04LTS running on VMware Workstation. Once I had that spun up, I went ahead and installed FreeRDP the way I always do at first, “sudo apt-get install xfreerdp-x11”. That wasn’t too hard I though. I then went ahead and tried to run the command to log into my Gateway Server and it failed. Lots of SSL/TLS errors and the like. Spent a short evening trying different security parameters with no success. This was just before the holidays, so I shelved the project till after New Year’s.

Once I began looking into it again I did some Googling and decided to check the version. FreeRDP showed up as 1.1.x. Most posts report that for Server 2012 R2, you’d need a higher version. I have come to realize that the packages you get via “apt-get install” repositories aren’t always up to date. So, being a good Linux person, I went to the source. Not wanting to go through compiling hell, I first tried a nightly build that was a prebuilt package “.deb”. I installed the nightly package, ran my xfreerdp command and got into my test Gateway Server.

I do want to add that for testing, I ran the command from the command-line in a terminal to view any errors that would be generated. Once I was comfortable, I moved on to creating a bash script, a desktop icon that and end-user would double click and I figured out how to get a GUI prompt for username and password (all discussed in detail later).

Ok, proof of concept is confirmed. I looked for a prebuilt binary package for Raspberry, but couldn’t find anything. I knew FreeRDP would work at least in an Intel Linux setup and I had sources to work with. So now I went to debug the compilation procedure. Through trial and error, I came up with an exact procedure so I can get FreeRDP installed on an Intel Ubuntu, Ubuntu Mate (for Raspberry) or Raspbian setup.  Due to the installation process already being heavily written about, please review the RaspberryPi.org website for instructions on installing a Linux operating system on Raspberry.

Compilation Procedure

Now for what everyone is waiting for. There are a few dependencies you’ll need to install if they don’t exist already.
NOTE: Since I log in with a regular user account, all my commands all start with sudo so that the programs run as root. You’ll get errors if you don’t run the commands with higher privileges.

sudo apt-get install cmake
sudo apt-get install git
sudo apt-get install zlib1g-dev
sudo apt-get install libssl-dev
sudo apt-get install libglib2.0-dev
sudo apt-get install libxext-dev

You can install all the dependencies all in one shot by typing “sudo apt-get install cmake git zlib1g-dev libssl-dev libglib2.0-dev libxext-dev”.

Since I’m compiling from sources, it’s always a good idea to install the Development Packages (A few test compiles failed until I installed the Development Packages).  I now had to get the nightly builds. You can download a tar.gz with the files you need, but I decided to go the “git” route since that was easier. That’s why you need to install git. One thing I noticed that new users trying this won’t know is this, the git command creates a “FreeRDP” folder with the sources and cmake files at the directory where you ran the command. If you’re at your default home profile folder, that’s where the folder will be created. I prefer to work on sources from the root folder (/) or a root sources folder (/sources). You can place the folder wherever you’d like.

/$ sudo git clone git://github.com/FreeRDP/FreeRDP.git
/$ cd FreeRDP
/FreeRDP$_ You should be now in your FreeRDP folder (wherever that may be).

Now we move to compiling the source for Raspberry.

/FreeRDP$ sudo cmake -DTARGET_ARCH=ARM -DWITH_X11=ON
/FreeRDP$ sudo make
/FreeRDP$ sudo make install

IMPORTANT NOTES

The “sudo cmake” command gave me the greatest headaches. Some options would create and install the binary file “/usr/local/bin/xfreerdp” and some wouldn’t. The FreeRDP site had instructions to create a freerdp.conf file in the /etc/ld.cofiig.co/ directory and running “sudo ldconfig”, but the binary never was created per the instructions. I began to get frustrated. I had it working, then I tried other option and it broke. It made no sense. After some trial and error (for whatever reason I still don’t understand), the cmake, make and make install will only create the binary file if I added “-DWITH_X11=ON”. Originally I used the cmake command… “sudo cmake -DTARGET_ARCH=ARM -DWITH_NEON=OFF” -DWITH_X11=ON -DWITH_XINERAMA=ON”.  I was originally running into a lot of dependency issues so for fun I tried running cmake with no options.  Just running “sudo cmake /FreeRDP” wasn’t successful.

 

Leave a Reply

Your email address will not be published.

Protected with IP Blacklist CloudIP Blacklist Cloud