Ubuntu + XRDP + x11RDP terminal server, with sound support, for surfing the Internet - step by step guide

I am especially impatient at the end of the article where there will be a link to the finished .deb package for installation.

And for everyone else ...

What is it and what is it for


First of all, this solution can be used as a very budget option for the implementation of safe access to the Internet for employees of a small company.

History number one. (based on real events)


Suppose an accountant, at the end of the reporting period, when everything is “on the ears”, a
terrible letter comes from the “Tax Police” to the email saying that her company has come under a terrible check and she should immediately familiarize herself with the official document which is located in the file attached to the letter.
In a panic, the accountant tries to open the attached file and ... all the company’s computers that are currently connected to the internal LAN receive a portion of the encryption virus that paralyzes the company’s work for more than one day.

In the case of the implementation of access through the terminal at all! computers blocked direct access to the Internet. If an employee needed a surfing network (mail, skype, messenger), then he simply clicks on the icon on the desktop and gets to an alternative desktop where he can do anything. In case of infection, when viewing mail or in any other way, the virus enters a lone local machine (terminal session) that does not have access to the enterprise network and other computers. Also in this session important documents and accounting databases are not stored. Therefore, the damage, even with the complete removal of information within the session, will not be absolutely any. Also, the terminal session can simply be minimized to the tray and opened as necessary if a message from the messenger popped up or a skype call arrived.

History number two. (based on real events)


Suppose one of the employees brought on a flash drive a hacked licensed program that he put on his computer, in this case we do not consider AD domain structures, we are talking about small companies that do not contain networkers. After installing this program, she can easily complain to the developers via the Internet that someone put the hacked version on the computer using this IP and quietly uses it.
Next is a matter of technology. Moreover, the showdown can be very serious.
When implementing the server terminal option, this option also does not work because the local computer simply does not have access to the network and any spy program will not be able to remove the dirty linen from the house.

Foreword


This guide is primarily aimed at novice system administrators who want to understand the essence of the issue. So for advanced in the text there can be a lot of superfluous. In the manual I will try to describe in detail the process of configuring the linux terminal server used for safe Internet surfing and describe the solution to known problems.

In order for everything to succeed, I strongly advise, for starters, to use the same software versions as in this description. Then, based on the experience gained, you will be able to implement this project on the hardware and software that is convenient for you.

Assembly and testing was carried out on a virtual machine from virtualbox. When using pure iron, problems with driver settings may also occur. From the software, Ubuntu 16.04 LTS server / x11RDP 7.6 / xRPD 0.9.2 was used. On other versions, this solution has not been tested and not tested.

XRDP


XRDP is a special proxy server that listens on RDP port 3389 for external requests. It accepts connections to it and then, depending on the settings, redirects them to internal OS ports.

For installation, compile the necessary packages:

sudo apt install -y git autoconf libtool pkg-config libxrandr-dev nasm libssl-dev libpam0g-dev \
libxfixes-dev  libx11-dev  libxfixes-dev libssl-dev libxrandr-dev libjpeg-dev flex \
bison libxml2-dev intltool xsltproc xutils-dev python-libxml2 xutils libpulse-dev make libfuse-dev

By default, in the repositories of UBUNTU 16.04 there is a package xRDP v0.6.0 in which I could not find a solution for the implementation of sound transmission. Therefore, we will collect the new version of xRDP from the source.

Many sites are advised to clone a fresh version using git:
git clone git: //github.com/FreeRDP/xrdp.git

But, in this case, there is a risk that, at the time of testing, you may encounter a completely new version that has significant differences from v0.9.2 and that something may go wrong. Therefore, we download and unpack the fixed package XRDP v0.9.2 from the developers site.

cd~ 
wget https://github.com/neutrinolabs/xrdp/archive/v0.9.2.zip
unzip v0.9.2
mv xrdp-0.9.2 xrdp 

Let's go to the directory with XRPD and start compiling:

cd ~/xrdp
./bootstrap

At this stage, you need to tell the compiler that you need to add a sound support module to the finished assembly. You can read more about this in the file which is now located on your disk in the directory with XRDP sources.

cat ~ / xrdp / sesman / chansrv / pulse / pulse-notes.ubuntu.txt

Install the libraries necessary for sound forwarding.

sudo apt-get install -y libjson0-dev libsndfile1-dev

We add the key that activates the sound --enable-load_pulse_modules when configuring the package, assemble and install.

./configure --enable-load_pulse_modules --enable-jpeg --enable-fuse --disable-ipv6
make
sudo make install

Now copy the security key. This file contains the RSA key pair used to authenticate the remote client. The public key is self-signed. If this is not done, then when connecting we get an RDP protocol error.

sudo mkdir /usr/share/doc/xrdp
sudo cp /etc/xrdp/rsakeys.ini /usr/share/doc/xrdp/rsakeys.ini

Add XRDP to startup. For startup, we will use systemd:

sudo sed -i.bak 's/EnvironmentFile/#EnvironmentFile/g' /lib/systemd/system/xrdp.service
sudo sed -i.bak 's/sbin\/xrdp/local\/sbin\/xrdp/g' /lib/systemd/system/xrdp.service
sudo sed -i.bak 's/EnvironmentFile/#EnvironmentFile/g' /lib/systemd/system/xrdp-sesman.service
sudo sed -i.bak 's/sbin\/xrdp/local\/sbin\/xrdp/g' /lib/systemd/system/xrdp-sesman.service
sudo systemctl daemon-reload
sudo systemctl enable xrdp.service 

Reboot.

sudo reboot

Check if the installation has passed:

xrdp -v

$ xrdp: A Remote Desktop Protocol server.
Copyright © Jay Sorg 2004-2014
See www.xrdp.org for more information.
Version 0.9.2

If everything is done correctly, now you can try to connect to the server using any RDP client from another computer. Or install freerdp client on the same test machine:

sudo apt install -y freerdp-x11

And connect locally inside the system.

xfreerdp /v:127.0.0.1

Things will not go beyond the start-up screensaver because we have not yet installed the server part of the software whereby the XRDP proxy server would have to transfer control.

x11RDP


As the server part, server modules supporting different data transfer protocols can be used. In this version, we will use x11RDP v7.6.

Small digression


The thing is that the previously installed XRDP 0.9.2 proxy cannot, without modifications, transfer connections to the previous version of the x11RDP v7.1 server on which, in turn, there is no known problem with switching ru / en keyboard layouts as when creating a new session and when reconnecting to the old session.

And when using the old version of the XRDP 0.6.0 proxy with which the x11RDP v7.1 server works, we will not be able to transfer sound since XRDP 0.6.0 does not support the --enable-load_pulse_modules key.

To install x11RDP v 7.6, let's go back to the directory:

cd ~/xrdp/xorg/X11R7.6

Create a directory for installing the package and build.

sudo mkdir /opt/X11rdp
time sudo ./buildx.sh /opt/X11rdp

Assembly takes place for a long time 15-30 minutes The time command will allow us to see, at the end of the process, how much time has been spent.

Create simliks:

sudo ln -s /opt/X11rdp/bin/X11rdp /usr/local/bin/X11rdp
sudo ln -s /usr/share/fonts/X11 /opt/X11rdp/lib/X11/fonts

Now we have both an RDP proxy and an RDP server to which the proxy will transfer control. But there is no graphical application that the RDP server can display.

For further testing, to make sure that all installations were successful, install the xterm graphical terminal emulator.

sudo apt -y install xterm

And try to connect to the server from the side, or locally if you previously installed freerdp.

xfreerdp /v:127.0.0.1

Now you need to select x11RDP from the menu to indicate the proxy to which server the control should be transferred to and enter the login and password for the ubuntu server.

If everything is correct, then on the screen we will see the graphical interface of the terminal xterm.

Setting the language console and language switching mode


Almost all basic keyboard settings in ubuntu are done using the setxkbmap package.

First, close the terminal session and return to the console of our ubuntu server to
see what is happening with the keyboard.

setxkbmap -print –verbose

$ keycodes: xfree86 + aliases (qwerty)
types: complete
compat: complete
symbols: pc + us + ru: 2 + group (alt_shift_toggle)
geometry: pc (pc104)
xkb_keymap {
xkb_keycodes {include "xfree86 + aliases (qwerty)"};
xkb_types {include "complete"};
xkb_compat {include "complete"};
xkb_symbols {include "pc + us + ru: 2 + group (alt_shift_toggle)"};
xkb_geometry {include "pc (pc104)"};
};

Now connect to the terminal server and execute the same command in the xterm terminal:

setxkbmap -print –verbose

$ Trying to build keymap using the following components:
keycodes: xfree86 + aliases (qwerty)
types: complete
compat: complete
symbols: pc + us + inet (pc105)
geometry: pc (pc105)
xkb_keymap {
xkb_keycodes {include "xfree86 + aliases ( qwerty) "};
xkb_types {include "complete"};
xkb_compat {include "complete"};
xkb_symbols {include "pc + us + inet (pc105)"};
xkb_geometry {include "pc (pc105)"};
};

Pay attention to the inconsistency in the testimony. Everything is fine on our ubuntu server:
symbols: pc + us + ru: 2 + group (alt_shift_toggle)

There is a Russian console and the alt_shift language switch keys are defined. On the terminal server, the opposite:

symbols: pc + us + inet (pc105)

There is only English and no language switching keys are defined.

There is another oddity. Locally, on the ubuntu server, the keyboard model is defined as pc104:

geometry: pc (pc104)

And on the terminal server as pc105:

geometry: pc (pc105)

If you decide to test not on a virtual machine, but on pure hardware,
then the result may differ depending on the type of equipment used.

Let's go back to the ubuntu server and see what is installed in the system
’s default configuration files

cat /etc/default/keyboard

$ # KEYBOARD CONFIGURATION FILE
# Consult the keyboard (5) manual page.
XKBMODEL = "pc105"
XKBLAYOUT = "us, ru"
XKBVARIANT = ","
XKBOPTIONS = "grp: alt_shift_toggle, grp_led: scroll"
BACKSPACE = "guess"

Install hwinfo (a collector of information about the hardware of the system) and see the hardware information:

sudo apt install -y hwinfo
sudo hwinfo | grep XkbModel

$ XkbModel: pc104

As a result, the hardware model of the keyboard, in our case it is defined as pc104, refers to the pc105 device in the system configuration files. Pc104 is defined on the local server, pc105 on the terminal server. Due to this discrepancy, in particular, several glitches arise. Many people write that they can’t cope with setting the locale on the terminal server. For some, Russification disappears after reconnecting to a fallen off session, and those.

Open the system configuration file in any text editor (I use the nano editor in the example) and correct the default keyboard type in accordance with the data received from hwinfo:

sudo nano /etc/default/keyboard

XKBMODEL = “pc104”

The XRDP 0.9.2 keyboard settings file is located in the
/etc/xrdp/xrdp_keyboard.ini file . The proxy sends this data to the xRDP server as the data of the client that makes the connection. Open it and add the Russian locale support block to the end of this file.

Source

Having previously fixed the keyboard model to the correct model = pc104 (pc105 is installed in the original version):

sudo nano /etc/xrdp/xrdp_keyboard.ini

Add to the end of the file:

[rdp_keyboard_ru]
keyboard_type = 4
keyboard_subtype = 1
model = pc104
options = grp: alt_shift_toggle
rdp_layouts = default_rdp_layouts
layouts_map = layouts_map_ru

[layouts_map_ru]
rdp_layout_us = us, ru
rdp_out

Reboot.

We are connected to the terminal server. Checking the keyboard settings:

setxkbmap -print -verbose

$ Trying to build keymap using the following components:
keycodes: xfree86 + aliases (qwerty)
types: complete
compat: complete
symbols: pc + us + ru: 2 + group (alt_shift_toggle)
geometry: pc (pc104)
xkb_keymap {
xkb_keycodes {include " xfree86 + aliases (qwerty) "};
xkb_types {include "complete"};
xkb_compat {include "complete"};
xkb_symbols {include "pc + us + ru: 2 + group (alt_shift_toggle)"};
xkb_geometry {include "pc (pc104)"};

Everything is in order, the keyboard is determined correctly:

geometry: pc (pc104)

and the Russian language appeared with switching by alt_shift. We close the session leaving it to work in the background and reconnect to it again to check that there is no known problem in which the locale disappears when reconnecting to a previously opened session.

SOUND


In ubuntu older than 10.10, by default, the pulseaudio server is responsible for outputting sound. In desktop distributions, it is already installed. There are no server ones. Therefore, install it.

sudo apt install -y pulseaudio

Let's see and write down the version number of the package that is installed by default on our system:

pulseaudio –version

$ pulseaudio 8.0

Now we need to build libraries for sound redirection. This is described in detail in the XRDP source file that we already looked at earlier when building XRDP.
cat ~ / xrdp / sesman / chansrv / pulse / pulse-notes.ubuntu.txt

To get started, download the pulseaudio source. There are two ways to do this.

1. Download the general version from the developers site ( freedesktop.org/software/pulseaudio/releases/ ) you need to download the exact version that we determined earlier. In our case, pulseaudio 8.0

2. More correctly, connect the deb-src system repositories and get the sources used by the authors of this ubuntu distribution.

By default, source links are disabled in ubuntu. To connect, edit the file of the list of repositories:

sudo nano /etc/apt/sources.list

You must remove the # icons in front of all deb-src repository lists.

It was:
the deb ru.archive.ubuntu.com/ubuntu xenial universe
# the deb-the src ru.archive.ubuntu.com/ubuntu xenial universe
the deb ru.archive.ubuntu.com/ubuntu xenial-updates universe
# the deb-the src ru.archive.ubuntu .com / ubuntu xenial-updates universe

It became:
the deb ru.archive.ubuntu.com/ubuntu xenial universe
the deb-the src ru.archive.ubuntu.com/ubuntu xenial universe
the deb ru.archive.ubuntu.com/ubuntu xenial-updates universe
the deb-the src ru.archive.ubuntu.com / ubuntu xenial-updates universe

Otherwise, we get the error:
$ E: You must populate sources.list by putting the package source URI

Download source:

cd ~
sudo apt update
apt-get source pulseaudio
sudo apt-get build-dep pulseaudio
cd ~/pulse*
time dpkg-buildpackage -rfakeroot -uc -b

Go to the XRDP installation directory:

cd ~/xrdp/sesman/chansrv/pulse/

We fix the make file.

sudo nano Makefile

In the line:

PULSE_DIR = /home/lk/pulseaudio-1.1

We change the path to our directory with the pulseaudio libraries. Moreover, note that constructions like ~ / pulseaudio * in this case do not work. You must accurately register the directory address.
PULSE_DIR = / home / admin /pulseaudio-8.0

Replace admin with the username on your system. We save the corrected file and do:

sudo make

If everything is done correctly, 2 new libraries
module-xrdp-sink.so and module-xrdp-source.so will be compiled in the directory .

It remains only to copy them into the working directory with the pulseaudio server libraries:

sudo chmod 644 *.so
sudo cp *.so /usr/lib/pulse*/modules

After the restart, the sound will be activated.

It remains to install any convenient graphical shell. For a terminal server, it is desirable that something is not resource intensive.

XFCE
Minimum Member Set:

sudo apt-get install xfce4

Full set of elements:

sudo apt-get install xubuntu-desktop 

LXDE
Minimum Member Set:

sudo apt-get install lxde-core

Full set of elements:

sudo apt-get install lxde

Depending on the version of the installed graphical shell, you may need to configure the .xsession file

for LXDE to run it.

echo lxsession > ~/.xsession


For XFCE

echo xfce4-session > ~/.xsession

Ready package for installation


github.com/suminona/xrdp-ru-audio
which includes:

XRDP v0.9.2 + compiled pulseaudio 8.0 libraries + fixed keyboard.ini file to support Russification. Those who do not want to collect the x11RDP v7.6 backend by this link can download the ready-made deb package of the xorg v.0.2.0 backend. Installation procedure for the completely lazy

sudo apt-get -y install pulseaudio
sudo dpkg -i xrdp-v0.9.2-rus-audio.deb
sudo dpkg -i xorgxrdp-0.2.0.deb
sudo apt install -y xfce4 chromium-browser
sudo reboot

I repeat that the packages were collected almost on their knees and the work was tested only
on the ubuntu 16.04 server. The performance of .deb packet data on other systems is not guaranteed.

Also popular now: