Admin Guide v6.4

To list local firewall rules

sudo iptables -L    (look for the appgate-filter-input/output chains)

Client settings

These are found in

~/.config/appgatesdp-service

In the following file ~/.config/appgatesdp-service/user.settings find <configuration><appSettings> and:

•to not show the data usage user acceptance screen the first time the client starts:

<add key="userApprovalPref" value="True" />

•to prevent the running of device claim scripts. Remember these run with full admin privileges so present a security risk:

<add key="scriptsDisabledPref" value="True" />

To clean all client settings

rm -rf ~/.config/appgate-ui ~/.config/appgatesdp-service ~/.local/share/appgatesdp-service

To remove a Client profile link

Open gnome-keyring (seahorse) or kwallet. Look for "AppGate (Profile:123456etc)".

Open an item and reveal the password to see the profile name.

Delete the required Profile.  

To remove all stored passwords/certificates

Open gnome-keyring (seahorse) or kwallet.

Delete all entries containing 'AppGate'

DNS configuration

The client comes with a "set_dns" script which tries to change the network configuration when connecting to Appgate SDP, so that the Appgate SDP DNS is called for Appgate SDP domains, while the regular DNS remains in charge of resolving everything else.

To achieve this the built-in script runs a dns resolver (dnsmasq) which is executed locally under the name "appgate-resolver". If systemd-resolved is detected to be running, then it will be used instead of dnsmasq. The script resets the network configuration when Appgate SDP disconnects.

The set_dns script has some requirements:

• dnsmasq

• dbus

• systemd as pid 1

This was tested against network-manager and wicd.

Since the built-in script can't possibly cover every network configuration, it is possible to write a custom script that must use the same command line. More information about the command line can be found running:

/opt/appgate/linux/set_dns --help

journalctl -u appgatedriver.service | grep set_dns

Any such script must be configured in /etc/appgate.conf, and will then replace the built-in one.

Troubleshooting

If the network configuration is left in a strange state, it is possible to do the following steps to restore it:

/opt/appgate/linux/set_dns --reset

chattr -i /etc/resolv.conf

mv /etc/resolv.appgate /etc/resolv.conf

then restart your network manager

The Linux installer packages have been signed with GPG using the Appgate public key. Use the relevant tools for each distribution to verify the validity of the package. The Appgate public GPG key can be found inside the installed keyring at /opt/appgate/appgate.gpg and can be downloaded here: appgate.pub

Fingerprint

F36B 319B CE07 48F7 7930 52E6 F600 207F 0680 FA29

Fedora

For verification on Fedora the package rpm is needed. It is by default installed on all rpm-based distributions.

Make sure the Appgate public key has been installed.

sudo rpmkeys --import appgate.pub

if using the keyring installed with the client the key first needs to be exported, before importing:

gpg --keyring /opt/appgate/appgate.gpg --export --armor > appgate.pub

Verify the package with:

rpmkeys --checksig PACKAGENAME

Ubuntu

For verification on Ubuntu systems the package dpkg-sig is needed

sudo apt install dpkg-sig

Make sure the Appgate public key has been installed.

gpg --import appgate.pub

or if using the keyring installed with the client

gpg --import /opt/appgate/appgate.gpg

Verify the package with:

dpkg-sig --verify PACKAGENAME