I am currently running a ThinLinc setup with two servers: one is Master & Agent and the other one is just an Agent, so both can host user sessions but only the Master distributes them. Both servers currently have an external and an internal IP on two separate NICs, so users can connect from the internet or the internal network.
Now, I plan to extend the cluster with two additional servers for a total of 4. But: I don’t have any additional external IPs available. My idea was to create a new setup where there is 1 small VM that just acts as Master (with an external IP) and the 4 servers would all be simple Agents which do not have external IPs.
However, from what I read in the manual ( Network requirements — ThinLinc Administrator's Guide ) it sounds like every Agent also would necessarily need an external IP, because clients connecting from the internet would directly connect to their Agent after they’ve been transferred by the Master and a session is established.
Is a setup like this possible in any way? That there is a single Master/Relaying VM that routes traffic between external (internet-side) clients and the 4 Agents on the internal network? Either directly in ThinLinc or via more-or-less janky trickery with proxies/firewall rules?
ChatGPT, when asked, said something about a mysterious “master_gateway = 1” parameter in vsmserver.conf but since I did not find anything about this parameter with Google or in the manual, I think it may have been hallucinating there.
Yep, ChatGPT is definitely hallucinating I’m afraid there’s no master_gateway parameter in ThinLinc.
Are you using the native client to connect, or the browser-based one (tlwebaccess)? If you’re using tlwebaccess, you might want to give ThinLinc 4.20.0 a spin when it is released shortly, or even try the beta:
4.20.0 will have reverse proxy support for the browser client, which should give you what you’re after (although you’ll still need to set up a reverse proxy server).
If you’re using the native client, the process is a bit more involved. Basically you would set up all your agents behind a NAT router on a private network, and then configure your NAT router to forward specific ports to the relevant agents. The tricky part is that you have to have a mapping between the agent hostname (i.e. whatever /vsmagent/agent_hostname is set to on each agent), and the correct port on the router. This can be done using the HOST_ALIASES parameter of the ThinLinc client; see the heading “NAT Traversal” here:
I’m afraid there’s no