neutrinolabs / xrdp

xrdp: an open source RDP server
http://www.xrdp.org/
Apache License 2.0
5.81k stars 1.73k forks source link

Is it possible to configure settings per endpoint? #3051

Open matt335672 opened 7 months ago

matt335672 commented 7 months ago

Discussed in https://github.com/neutrinolabs/xrdp/discussions/3049

Originally posted by **conioh** April 27, 2024 The issue was raised in #1124: > With the added support for `AF_VSOCK` some users would like to be able to connect both hypervisor local and also expose a remote endpoint at the same time. This would be a modification to the config to support both `tcp` settings and `vsock` settings for the same daemon at the same time. Then a user could connect via a fast connection (ip independent) when local but also connect to this vm when remote. This is roughly exactly what the windows `TermSrv` does to accomplish this. > > A few thoughts: > > * We would need to modify the config to support connection independent settings and add new connection dependent settings sections. IE: you might want `bitmap_compression=true` for `tcp` but `=false` for `vsock`. > > ... Soon after [the following comment](https://github.com/neutrinolabs/xrdp/issues/1124#issuecomment-507480818) the issue was closed: > I think all the items are addressed and I created PR #1366 But as far as I can see that PR only added support for multiple endpoints, but not for settings per endpoint. Is there a way to configure settings per endpoint? For example, I'd like the equivalent of: ``` [Globals] port=vsock://-1:3389 tcp://:3389 security_layer=negotiate crypt_level=high bitmap_compression=true [Globals_vsock://-1:3389] security_layer=rdp crypt_level=none bitmap_compression=false ``` That is, to have some `[Globals]` for the general case and endpoint-specific `[Globals]` for one the multiple endpoint specified by the `port` parameter (in this case, for Hyper-V Enhanced Session Mode).
conioh commented 7 months ago

Thanks for opening the issue.

My main use-case is using Hyper-V's enhanced session mode but I can think of other scenarios. For example, someone might want to open two TCP ports, one for local network access and one for remote, and they might have similar considerations - compress and encrypt for remote connections but skip that for local.

I don't think it affects the requirements or the implementation, and it doesn't pop into mind how other use cases would affect that, but it might be worth a little consideration.