On Thu, Jul 18, 2019 at 2:57 PM Lukáš Raška <lukasra...@gmail.com> wrote:
> Hi, > I guess the easiest solution would be to use two different guacd > instances. Guacamole backend can use multiple guacd, but the frontend can > only use single Guacamole server, afaik. > No, this is not true - you can configure multiple guacd instances and point the same Guacamole Client instance at multiple ones. Basically you'll end up with a default guacd instance that will be used when no other instance is present in the configuration for a connection. This will either be localhost (if nothing is configured) or whatever you've configured in guacamole.properties. On a per-connection basis, you can configure each connection to point to a specific guacd hostname and port. This is done in the Guacamole Proxy section of the connection configuration, where you can specify the hostname, port, and encryption method for guacd for that particular connection. > > > In case you can create persistent VPN tunnels to different sites, for us > the easiest solution was to use Linux kernel network namespaces to separate > those (basically what LXC / Docker does) and either run guacd locally or > remotely. > > There are definitely some creative things you could do with networking to automatically route those guacd connections to the correct place without having to specify parameters on a per-connection basis. Using kernel network namespaces or some iptables rules would do the trick. You could also using something like HAProxy and do the load balancing based on destination address, I think. Several good options for automating this. -Nick