I've taken the plunge and installed Guacamole on my Truenas 13.0.3-1 box and can successfully RDP into pc's internally and remotely from the GuacaMole console.
I have not yet opened it up to the Outside world via the internet.
My install process has been as follows so far..
In Truenas - The Guacamole install is the default "Plugin" listed as Community Plugin.
I selected the Plug-in "Guacamole", then clicked install with the default NAT option.
Once the JAIL name DCSGuacamole started, I was able to access the web console and add EndPoints.
I'd like to secure it via TOTP. (Once working - would like to open it up to the outside world)
I have searched this forum for details, and also looked at the Guacamole site (manual instructions) and now at a dead end.
It appears its as simple as copying a .jar file into a specific folder, then restarting the JAIL, but it seems too simple.
Am I missing something?
So I copy the file guacamole-auth-totp-1.4.0.jar into the /etc/guacamole/extensions folder
Within my Truenas box, jails are installed and setup via the iocage/jails/ folder.
My Guacamole JAIL is called - DCSGuacamole
So it lives in /mnt/tankXXXX/iocage/jails/DCSGuacamole/
Then I am on the assumption that the default location that this .jar needs to be copied to is
(All within a SHELL prompt of the DCSGuacamole Jail)
/root/etc/guacamole/extensions
The file "guacamole-auth-totp-1.4.0.tar.gz" downloaded from
I used a windows PC to download the tar.gz file. Extracted so I found the .jar file, then copied to this location.
root@DCSGuacamole:/etc/guacamole/extensions # ls
guacamole-auth-jdbc-mysql-1.4.0.jar guacamole-auth-totp-1.4.0.jar
There was another .jar file there, I wasn't sure whether there was anything else required?
Are there any other config steps required to get the initial login to prompt for the 2FA setup?
Does the .jar file need to be extracted further?
Do I have to change permissions in the JAIL at the shell prompt once the file is copied across?
I have not yet opened it up to the Outside world via the internet.
My install process has been as follows so far..
In Truenas - The Guacamole install is the default "Plugin" listed as Community Plugin.
I selected the Plug-in "Guacamole", then clicked install with the default NAT option.
Once the JAIL name DCSGuacamole started, I was able to access the web console and add EndPoints.
I'd like to secure it via TOTP. (Once working - would like to open it up to the outside world)
I have searched this forum for details, and also looked at the Guacamole site (manual instructions) and now at a dead end.
It appears its as simple as copying a .jar file into a specific folder, then restarting the JAIL, but it seems too simple.
Am I missing something?
So I copy the file guacamole-auth-totp-1.4.0.jar into the /etc/guacamole/extensions folder
Within my Truenas box, jails are installed and setup via the iocage/jails/ folder.
My Guacamole JAIL is called - DCSGuacamole
So it lives in /mnt/tankXXXX/iocage/jails/DCSGuacamole/
Then I am on the assumption that the default location that this .jar needs to be copied to is
(All within a SHELL prompt of the DCSGuacamole Jail)
/root/etc/guacamole/extensions
The file "guacamole-auth-totp-1.4.0.tar.gz" downloaded from
I used a windows PC to download the tar.gz file. Extracted so I found the .jar file, then copied to this location.
root@DCSGuacamole:/etc/guacamole/extensions # ls
guacamole-auth-jdbc-mysql-1.4.0.jar guacamole-auth-totp-1.4.0.jar
There was another .jar file there, I wasn't sure whether there was anything else required?
Are there any other config steps required to get the initial login to prompt for the 2FA setup?
Does the .jar file need to be extracted further?
Do I have to change permissions in the JAIL at the shell prompt once the file is copied across?