Under the Hood of the New Citrix Access Gateway VPX

I recently haad to roll out the virtual appliance Citrix Access Gateway, to replace the existing hardware CAGs. After the initial install I spent some time seeing if we could customise the log pages and few things of that sort. Turns out you can, with a little bit of Linux knowledge and a bit of time. Beware that doing any of this will probably piss Citrix off if you call them for support.

First and foremost, you need to install the virtual appliance. This is just a download from Citrix and then deploy the OVA file. Simple enough. Run through the inital setup steps to assign IPs, choose a management interface and enable SSH.

Once it’s installed, grab an ISO of your favourite LiveCD Linux ditro. I used SystemRescueCD because it’s nice and lite. Boot the CAG VM off the distro. Now mount /dev/sda2 to somewhere, eg.

mount -t ext3 /dev/sda2 /mnt/custom

Next, blank the root password for the box by editing the etc/shadow file, eg.

vi /mnt/custom/etc/shadow

Remove the hashed text from the line entry for root and save the file.

Lastly, you need to enable another console on boot. By default the CAG is set to only load console 1 and then to load up the custom Citrix menu. To get around this, edit the etc/inittab file, eg.

vi /mnt/custon/etc/inittab

Remove the # from the line:

2:2345:respawn:/sbin/agetty tty2 9600

Save, reboot and you should now be able to SSH into the management IP and login as root. You should now set a root passwd straight away of course. To actually customise things is a bit of a pain. You need to setup a login point through the web interface first. This will create a folder structure for that LP. It appears that the CAG extracts the source files every boot. So you can’t just go and replace files in your LP, as they will be overwritten on next boot.

What I did to get around this was put all my custom files into a directory under /opt. Then made a login script set to a start level 99 and had it copy all the custom files into the necessary locations.

If I had more time (and cared that much, I’m a contractor after all), I would go through and try and work out where the source package was that keeps getting extraced on boot. But I can’t be bothered.

All the Citrix files are under the /opt directory on the CAG by the way 😉