Kari Ruissalo Posted November 7 Posted November 7 The old Citrix Gateway plugin for macOS is pretty much replaced with the Citrix Secure Access Client. According to the docs (https://docs.netscaler.com/en-us/netscaler-gateway/citrix-gateway-clients/citrix-sso-for-ios-macos-devices) Quote The legacy VPN client was built using Apple’s private VPN APIs that are now deprecated. VPN support in Citrix Secure Access for macOS and iOS is rewritten from the ground up using Apple’s public Network Extension framework. But for some reason the Gateway still includes the deprecated binary (version 4.4.8 (518)) and if the user hits the NetScaler Gateway using their web browser, this plugin offered for the client: To avoid this from happening, I started gathering the User-Agent information and requested URLs to show a Responder HTML page guiding the end user to go to AppStore and download Citrix Secure Access Client. I got this done for Safari with HTTP.REQ.HEADER("User-Agent").CONTAINS("Machintosh") && HTTP.REQ.URL.EQ("/vpns/m_services.html"). However, the Secure Access Client seems to support also logging in with web browser and the same m_services.html is used to start the plugin. So, we're blocking installing the old plugin with the Responder, but on the other hand, we're losing the ability to connect using browser. Am I missing something or has anyone else found a solution for such use case?
Kari Ruissalo Posted November 19 Author Posted November 19 Just a quick refresh, that NetScaler team is working on this and an internal issue has been raised.
Kari Ruissalo Posted November 27 Author Posted November 27 I'm getting a JavaScript to mitigate the issue and apparently a fix to this is planned for the next release already 👍
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now