Setting up WSO tunnel is probably easier than what you expected. There are two deployment models of tunnel. One is UAG and the other one is Linux based. I am going to walk you through setting up WSO tunnel on Linux OS.
To start with, you will need to have a Linux VM.
The official supported Linux is Red Hat. You can refer to this for requirements:
This is the Linux OS running on macOS VMware Fusion. Please note that I used CentOS only for testing and demo purpose and it is no means for production environment.
Now go to your UEM console and have you tunnel configured.
To make things simple, I used an internal IP as my tunnel hostname. I also chose to use Airwatch generated certificates so I don’t need to get my own certificates.
Please note that if an internal IP is used as host of the tunnel, connecting devices and tunnel have to run in the same internal network.
Once you have your configuration completed, please have the configuration XML downloaded. You will need to provide a password to get exported certificate protected.
Tunnel installer is available on https://my.air-watch.com
You can see the corresponding UAG version of the tunnel installer for Linux.
Have both of the XML file and tunnel installer uploaded to your Linux console.
Make the installer executable.
Run the installer
Press multiple <ENTER> and “Y” at last to accept the terms of the license agreement.
Select 2 as the installation type and provide the full path of your XML file downloaded from UEM console. If a correct path and password user to protect the certificate are provided, installation will start and complete in minutes.
Once the tunnel installation finishes, you can run “service vpnd status” to check the tunnel service. The tunnel logs go to the /var/log/vmware/tunnel/vpnd
Now you can create and assign VPN profile with DTR rules to your testing devices to start your testing.
When you restart your tunnel using “service vpnd restart”, you will see tunnel getting device allow list from UEM in tunnel.log.
This is a demo video on how tunnel kick starts automatically and take you to enterprise internal website. It also shows you how tunnel get unwanted domains, facebook.com and whatismyip.net blocked. When a device is out of compliance, tunnel will shutdown until a device comes back to compliance again. For example, a Windows is detected not having required OS version.
One of the top use cases of tunnel is to allow secure access to internal website. You can have a testing website setup in no time on a Linux server.
Here is an sample HTML
You can run a web server using Python
This is how the HTML looks on a browser
Comments