Devolutions
MS-TSGU (Microsoft RD Gateway) support
Support MS-TSGU protocol so IronRDP can connect through Microsoft RD Gateway. I have a basic working starter at https://github.com/steffengy/IronRDP/tree/mstsgu which I might submit a PR at some point if its in a more advanced state.
wow, you already have a minimally functional implementation? This is impressive! 😀 We're definitely looking forward to the pull request when it is ready for review
@awakecoding
Yes the state there works, e.g. it supports enough to take ironrdp-client to connect through a MS RD Gateway and have a working connection atleast for the few minutes I tested.
One thing I noticed and confused me quite a bit initially is that apparently rustls doesnt work against a server 2012 R2 I tested against behind the gateway but server 2019 did work. native-tls worked with all - maybe difference in supported cipher suites. Not sure if you're aware of something there.
Yes, we are aware of this limitation. As you suspect, it’s a difference in supported cipher suites. Supporting unsecure cipher suites is a non-goal for rustls, although it could be possible to add support for that now that the crypto provider is plug-able. Windows Server 2012 R2 does not come with any cipher suite supported by rustls - aws-lc / ring.
We documented this in the README.md file of another project: https://github.com/Devolutions/devolutions-gateway/?tab=readme-ov-file#troubleshooting
For older systems, enabling the native-tls feature is the only solution. We support native-tls as a alternate TLS backend in IronRDP, but this was not tested recently as far as I’m aware.
