RE: [squid-users] Problems with Squid and Citrix

From: Young, Mike <Mike.Young@dont-contact.us>
Date: Tue, 10 Oct 2006 07:59:22 -0500

Yes, the Citrix SSL Gateway is a web-based SSL-VPN interface on the Internet. There is also an ICA client component which is loaded when you try to start an "application" in the GUI. Support folk access the gateway via the Squid proxies. We're not doing a reverse proxy, since all traffic is outbound. Access via the old delegate border proxy works fine, but if the support folk try to go out through the new squid border proxy, we get the errors.

 -----Original Message-----
From: Christoph Haas [mailto:email@christoph-haas.de]
Sent: Tuesday, October 10, 2006 7:14 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Problems with Squid and Citrix

On Tuesday 10 October 2006 13:58, Young, Mike wrote:
> I need some assistance with a strange Citrix problem we're having after
> migrating to a new Squid proxy.
>
> First a little background. We run a shop where any Internet
> connectivity must go through a proxy before reaching its destination.
> For DNS, we run split-DNS, where we cannot resolve Internet names from
> the inside. We have one internal squid proxy, which has been in place
> for years, and another new squid, sitting dual-homed on the Internet
> border. The old border proxy was "delegate". Any Internet destination
> request must first go through the internal squid, which forwards the
> request to the border squid (who then does name resolution, external
> connectivity, etc).
>
> Recently, we switched from the delegate border proxy to the squid border
> proxy, and most everything is working fine. However, we're having
> problems with Citrix connections.
>
> We can connect to the Citrix server, and log in, but when we try to
> start an application we see the Citrix MetaFrame application start, then
> this error:
>
> "Cannot connect to the Citrix MetaFrame server.
> The Citrix SSL Relay name could not be resolved (SSL error 40)"
>
> We can work around that error by putting entries in our
> windows/system32/drivers/etc/hosts file, but still can't connect.
> Instead, we get another error:
>
> "Cannot connect to the Citrix MetaFrame server.
> There is no Citrix SSL server configured on the specified address."

I understand how your Squids are set up. But I don't understand what Citrix
has to do with it. For me Citrix is a software that allows Windows servers
to offer terminal sessions for remote users. Where does HTTP/Squid kick
in? Is Citrix SSL the "SSL VPN" stuff from Citrix? Do you use Squid as a
reverse proxy and force external users through it? Apologies, but I'm
confused here.

 Christoph
Received on Tue Oct 10 2006 - 06:59:32 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST