Windows RDP using openSUSE

Written by lars. Posted in Lost and found

Version: This page is for openSUSE 11.2 and 11.3. The version for openSUSE 11.1is on this link

You can open a remote openSUSE desktop in these Windows clients: Windows 2000, XP, Vista and Windows 7, using remote Desktop Protocol (RDP in Windows & XRDP in Linux). You can open a remote openSUSE desktop in an openSUSE client using XRDP. You can open a remote Windows XP, Vista or Windows 7 desktop in a Linux client. You can control all the remote Windows or Linux servers from the various Windows or Linux clients.

 

Two technologies do much the same thing. VNC and RDP both serve remote Linux or Windows Desktops to Linux or Windows clients. Which should you use? I really don't know. I actually prefer xrdp to vnc. Have a read of both Tutorials. Here's a link to the Tutorial onRemote Desktops by TightVNC.

Acknowledgement: thanks to malcolmlewis for the xrdp RPMs

Here are in-page links to the focus areas:

????Installation and Setup in openSUSE

Software:There is support or software for xrdp in openSUSE 11.2 or 11.3. Fortunately malcolmlewis from the openSUSE forums has made RPMs for the xrdp package for openSUSE 11.2. I find that these also work fine in openSUSE 11.3. I have located RPMs for xorg-x11-server-rdp and xorg-x11-server-dmx that work fine with malcolmlewis's xrdp package in both of openSUSE 11.2 and 11.3.

Install three RPMs for the server function, beginning with xorg-x11-server-dmx to avoid dependency conflicts -OR- put the three together in a folder and add that folder as a local repo in Yast's Repositories and install all three together.

openSUSE firewall: SuSEfirewall2 will not block the client (rdesktop) but it will block the server. RDP listens on and uses TCP port 3389. To open the port GoTo Yast --> Security and Users --> Firewall. In the list on the left check first Interfaces and second Allowed Services. For Interfaces, make sure the network interfaces are set for the External zone. Then for Allowed Services, look in the drop-down list labelled Allowed Services and locateRemote Desktop Protocol. Click to "Add" it into the list. Use Next to proceed to save and exit.

Starting and setting the server: When the server is on it "listens" for a remote user attempting to connect. It can be set with a default state ofOnlike a Windows-style service or it can be left with a default state ofOffand then started on occasions as required. Choose whether to have the permanent service on or off in Yast --> System --> System Services (runlevels). Find xrdp in the list, highlight it and use theEnable&Disablebuttons to set it toOnor toOffas you prefer. If you Enable it to On, it will always come on at boot time and run as a system service. If you Disable it to Off, it will only run when you start it from a console. Console commands for temporarily manipulating the service are as follows:

  • • To turn xrdp on : sudo /usr/sbin/rcxrdp start
  • • To turn xrdp off : sudo /usr/sbin/rcxrdp stop
  • • To restart xrdp : sudo /usr/sbin/rcxrdp restart
  • • To check xrdp status: sudo /usr/sbin/rcxrdp status

Encryption: RDP has 3 security levels between the RDP server and RDP client: low, medium and high. Low is 40 bit and data is encrypted from client to server. Medium is 40 bit encryption both ways and high is 128 bit encryption both ways. Xrdp currently supports all 3 encryption levels via the xrdp.ini file. RSA key exchange is used with both client and server randomly establishing the RC4 keys before the client connects. You can adjust the security level by editing openSUSE's xrdp.ini file. The default installed value is "low".

????Connecting to the xrdp Server on openSUSE

The connection client supposedly dictates the terms of the connection so you should study the options in the Windows interface and I've linked in theman page for rdesktop, the Linux client. You should select your parameters and apply them in your connection dialogue. I have some recommendations below.

????Connect to openSUSE from a Linux client

There is a GUI tool, tsclient, for connecting to a remote desktop. It's available in the yast --> Software module and it's somewhat similar to the Windows client. I don't use tsclient but nearly all the options discussed below are available within tsclient.

I start a Linux to openSUSE connection with the console commandrdesktop server.. You usually include some of the following important options:

  • • option -z: Enable compression of the RDP datastream
  • • option -f: Enable fullscreen mode. Toggle with Ctrl+Alt+Enter.
  • • option -g: Desktop geometry. Use WidthxHeight e.g. 800x600 or percent of screen area e.g. 75%.
  • • option -u: Send and use the username. e.g. -u summer_sky
  • • option -p: Send and use the password. e.g. -p a1&te#%G
  • • option -a: Sets the colour depth for the connection (8, 15, 16 or 24).
  • • option -x: Bandwidth constraint: m (for modem) < default/none < b (for broadband) < l (for lan).

I don't send the pasword from the command line or from GUIs like tsclient because communications are not encrypted until the client and the server have preliminary negotiations.

If you send both the username and password you'll auto-login to the default. If you want to choose the Desktop, leave out at least the password.

If the connection is interrupted, the existing session will most often continue on the server. You may reconnect and continue but you must use the same connection parameters to get a disconnected session back. Different parameters will likely start a new session in parallel with the existing session or will result in an error message. If you want to change the connection parameters, make sure the termination of the previous session was tidy and uneventful.

Xrdp is still developing, especially with thenew Nomad focus. Some of the parameters mentioned above or in the full man pages don't work or at least not in certain combinations. Be patient. It's still a fabulous tool.

????Connect to openSUSE from a Windows client

Windows clients are located at Start --> All Programmes --> Accessories. It's either at that location or further on in Communications. It's available in all releases although in some versions it's not installed by default. If it's missing GoTo Control Panel --> Program Control / Add-Remove --> Windows Components and look for it. It's also available free (I think for all versions up to XP) bydownload of Microsoft's XP Client.

At time of writing the only color depths that worked for me were 24 bit and 32 bit, regardless of the colour depth on the Linux server. If you use < 24 bit, you will probably get a message that thex11 RDP server startedbut followed by this error message:Screen depth is not 24. Try to close the interface and reconnect with 24 or 32 bit colour and you should connect to the already running session.

If the session disconnects, the existing session will most often continue on the Linux server. You may reconnect and continue but you must use the same connection parameters to get a disconnected session back. Different parameters will likely start a new session in parallel with the existing session or will result in an error message. If you want to change the connection parameters, make sure the termination of the previous session was tidy and uneventful.

Persistent errors seen in the Windows interface can come from untidy shutdowns of the Linux server and might not go away until you restart the Linux server with these commands in sequence: entersuto get rootly powers then enterrcxrdp stopfollowed byrcxrdp start. In extreme cases, restart the Linux machine. It's best to settle on a set of connection parameters for a pair of machines and use them repeatedly by saving that connection file for that pair of machines.

????RDP on Windows as Server

This is a Linux tutorial so there's no discussions of a Windows to Windows connection here. I only talk about setting up the Windows Servers and connecting to them from a Linux client.

You can connect to the following versions of Windows: XP Pro (running SP3), Vista and Windows 7 (beta) workstations running in Workstation mode; i.e. in a LAN/Workgroup or simple standalone. These versions work across the internet, in a SOHO LAN or as standalone machines behind a router. [I've also tried Server 2003 running Terminal Services and of course that also works. I didn't try Server 2008 which would also work fine.]

Enabling RDP as a Service on Windows Workstations: I'll describe the procedure for Vista. It's the same for Windows 7 and much the same for XP (with SP3). Only users with passwords may connect remotely as a security precaution. Add these users to the Administrators Group and give them passwords. Then GoTo Control Panel --> System --> Click Remote Settings on the left to open the System Properties Panel. Click the "Remote" tab. It's not necessary to activate "Allow remote assistance connections"; leave it alone. Activate the Radio Button on "Allow Connections from computers running any version of Windows". Click Apply. This process should also automatically open the Windows firewall for TCP port 3389 but I recommend checking associated details as outlined below.

Firewall for Windows Vista: GoTo Control Panel --> Security Centre --> Windows Firewall --> General Tab --> Switch to On --> Do not activate "Block all incoming connections" --> Exceptions Tab --> Locate and activate Remote Desktop.

Firewall for Windows XP: GoTo Control Panel --> Security Centre --> Windows Firewall --> General Tab --> Switch to On --> Do not activate "Don't allow exceptions" --> Exceptions Tab --> Locate and activate Remote Desktop.

Firewall for Windows 7: GoTo Control Panel --> Security Centre --> Windows Firewall --> Turn Windows Firewall On --> Do not activate "Block all incoming connections including those in the list of allowed programs" --> click OK --> Click "Allow a program or feature through Windows firewall" --> Locate and activate Remote Desktop.

Connect to Windows from an openSUSE client: This is much the same as if you were connecting from a Linux client to a Linux server. The same options apply and some more useful ones are:

  • • option -z: Enable compression of the RDP datastream
  • • option -f: Enable fullscreen mode. Toggle with Ctrl+Alt+Enter.
  • • option -g: Desktop geometry. Use WidthxHeight e.g. 800x600 or percent of screen area e.g. 75%.
  • • option -u: Send and use the username. e.g. -u summer_sky
  • • option -p: Send and use the password. e.g. -p a1&te#%G
  • • option -a: Sets the colour depth for the connection (8, 15, 16 or 24).
  • • option -x: Bandwidth constraint: m (for modem) < default/none < b (for broadband) < l (for lan).

You can blend any mix of options, remembering that the username and password must exist on the Windows machine. I always use the compression option-zbut choose the full screen-fand geometry-gto suit the relative sizes of the remote and local screeens. Experiment for yourself. I mostly discard the visual candy by avoiding the b and l options for bandwidth, but once again it's all a matter of personal preferences.

????Addressing the Server across the Internet

If you are on a LAN or use a VPN (where you are also for practical purposes on a LAN) then you can address the server conveniently by it's IP address using e.g.rdesktop -z -u billy -f 192.168.22.10

To address across the internet (without a VPN) you need either the domain name for your remote network or the IP address of the router that leads into your remote LAN. Once again you userdesktop, perhaps like this
rdesktop -z -g 1024x768 -x b swerdna.dyndns.org
or maybe like this
rdesktop -z -a 8 -g 75% 249.27.96.145

If you have a fixed IP address e.g. via DSL router, well and good, but if it's variable e.g. cable broadband then you can establish a free domain name atdyndns.comorZoneEditetc to track the changing IP address and use a constant domain name like swerdna.dyndns.org. See alsoSuse Cool Solutions.

RDP uses TCP port 3389 so you must also set port forwarding in your router to carry communications between the WAN interface (e.g. 249.27.96.145) and the LAN interface (e.g. 192.168.2.1). Set the port forwarding by addressing your router's gateway in your web browser (e.g. http://192.168.22.1), log on and locate the Port Forwarding area. Add a new service for TCP port 3389 forwarded to the interior server's address (e.g. 192.168.22.10).

References

Man pages: The.inifiles are useful for configuring the server andrdesktopis most useful for configuring the client.

  • xrdp.iniis the configuration file for xrdp.
  • sesman.iniis the configuration file for sesman.
  • rdesktopis the Remote Desktop Protocol client.
  • sesmanis the xrdp session manager.
  • xrdpis the Remote Desktop Protocol server.
  • xrdp-sesmanis a sesman test session launcher.

Credits:malcolmlewis at openSUSE Forumsbuilt the xrdp RPMs.

That's all folks. Swerdna 08 March 2009
Last update: 21 August 10

Add comment


Security code
Refresh