Cross-network connections Internet connection via SwyxRemoteConnector Connections with the Swyx Mobile and MacOS Clients
Connections with the Swyx Mobile and MacOS Clients
The feature described in this section is not supported by SwyxIt!.
As of version 2015 R2, SwyxWare will use an authentication service for connections to the new clients. This services establishes connections via RemoteConnector in a simple yet secure way. The required client configuration will be reduced by one step: Within the client settings, users simply enter the public end point (as FQDN or IP Address) of the company network, to which the authentication service is connected.
When a connection is established, the client sends a request to the public endpoint and authenticates itself via HTTPS by using its SwyxWare user name and password. The required configuration data for the TLS tunnel (e.g. the client certificate and server address of the RemoteConnector) is transferred to the client computer (and/or smartphone), saved for further connections and subsequently updated as required.
Fig. 24-2: Establishing connections via authentication service
Configuration of SwyxServer
In order to configure SwyxServer for the connection to new clients, the FQDN or the public IP address and port connected to SwyxRemoteConnector, as well as the authentication service from the Internet must be entered into the configuration wizard. In a standby scenario, the corresponding inputs must also be entered for the standby system.
You should make the configuration described in the configuration wizard ( Configuring SwyxWare, step (21))
or in the SwyxWare Administration ( Tab "RemoteConnector").
Port forwarding to the authentication service
In addition to the port forwarding to the RemoteConnector, which is described in section Port forwarding via router, the port forwarding to the authentication service must also be configured on the company router.
The following table illustrates an example configuration:
Port forwarding to...
Public IP address:TCP port
Target IP address:TCP port
Authentication Service
Authentication service a standby system
HTTPS SSL certificate
The connection to the authentication service is secured by the HTTPS protocol. In case of a new installation or a system update to 2015R2, SwyxWare produces a self-signed SSL certificate, which corresponds to the Windows server name. With this certificate, the server can identitfy itself for the client.
In order to increase the connection security, the SSL certificate can be replaced by a certificate of a certification authority:
How to remove the SwyxWare SSL certificate
1 Start the Windows command prompt with administrator rights.
2 Enter the following command:
netsh http del sslcert ipport=
3 Remove the SwyxWare SSL certificate from the Windows certificate storage (Certificates (Local Computer) | Personal - Certificates | Certificates).
Now you can install the desired certificate.
How to install a SSL certificate
The new certificate has been imported into the Windows certificate storage. Before installation, have the thumbprint of the new certificate ready (and enter it as a new „<thumbprint>“ into the command).
1 Start the Windows command prompt with administrator rights.
2 Enter the following command:
netsh http add sslcert ipport= certhash=<thumbprint> appid= {C3490D69-E65C-4FEC-B94B-58213FDBEC35}