Citrix Client Raspberry Pi



Citrix has revealed a desktop thin client based on the Raspberry Pi microcomputer – HDX Ready Pi, which is a Citrix-built box containing the Raspberry Pi 3 hardware and a ViewSonic Linux build designed specifically to run with the Citrix HDX virtual desktop platform. Raspberry Pi is a cheap single board computer that you can set up as a thin client very easily using WTware. In this article, I will show you how to set up a Raspberry Pi thin client. I will be using Raspberry Pi 3 Model B, but it should work on any model of Raspberry Pi 2 or Raspberry Pi 3. So, let’s get started. Raspberry Pi 4 thin client optimized for Citrix HDX NComputing has launched a Citrix HDX optimized “RX420 (HDX)” thin client that runs Stratodesk’s Linux-based NoTouch OS on the Raspberry Pi 4. The 2GB RAM equipped device supports dual 4K@30Hz displays without requiring the earlier RPi Zero-based add-on. This is a follow on post to my original post, Citrix Receiver for Linux on Raspberry Pi 2 using Raspbian Wheezy. Now that the Jessie based version of Raspbian is available, it simplifies some of the steps necessary to deploy the Citrix Receiver for Linux on a Raspberry Pi 2.

NComputing makes sure NoTouch has latest versions of Citrix Workspace App (formerly Citrix Receiver) integrated. Our Citrix Workspace App implementation supports both ICA and HDX, as well as Flash, multimedia and USB redirection, making a perfect Citrix endpoint solution, without any need for installing software, cryptic configuration files or command line options! NoTouch provides a complete configuration environment for Citrix Workspace App, so it is not necessary to directly work with Citrix' own configuration windows - everything can be configured and managed via the local NoTouch configuration menu as well as centrally with NoTouch Center. The Citrix Workspace Hub also uses Citrix Workspace App.

This article gives an overview of the different configuration scenarios and later describes Citrix product-specific configuration steps. We assume that you basically understand how NoTouch OS is configured and especially how server connections are created and configured. The Citrix Workspace App for Linux differs in many aspects from the Windows-based Receiver, not only in terms of look&feel, but also in terms of available features and even bugs.

  • 1Citrix configuration scenarios in NoTouch
    • 1.2Citrix Workspace App
  • 2Common Configuration scenarios
  • 5Browser Content Redirection (BCR)
  • 6HDX and Multimedia support
  • 8Advanced configuration

The following options are available how to configure the system:

  • Go directly into one published resource, e.g. a fullscreen desktop
  • Present a choice to users for multiple available resources, e.g. published applications
  • Use Firefox or Chromium web browsers and log in via browser
  • Use the 'selfservice' GUI to provide a browser-like experience

Browser-based login

If you want to log in via browser, create a connection, use either Firefox or Chromium, and point it to your Citrix URL. You will notice that you have the 'Citrix Workspace App'

On most modern PCs a browser is a good choice, and NoTouch cleans out the environment after the browser is closed. On older systems or the Raspberry Pi you may find a browser solely for the purpose of logging in uses too many resources, though.

Citrix Workspace App

In most cases a connection of type Citrix Workspace App and a Citrix URL as connection target are enough to successfully run a Citrix client.

'Citrix Workspace App', the mode of choice for using NoTouch with both on-premise and cloud-based Citrix deployments, including Citrix Workspace. It can be used to either run one resource (absolutely seamless to the end user) or show a menu where users can choose from - at your option!

If you want to connect to sites using the older PNA protocol or any earlier Citrix products, please visit Legacy Citrix configuration.

Note: Before version 2.40.4680 (i.e. end of 2018), the Citrix Workspace App connection mode was called Citrix/StoreFront

Creating a StoreFront connection

Setting up a connection to Citrix is really easy. Follow these simple steps:

  1. Create a connection
  2. Set its Connection Mode parameter to 'Citrix Workspace App' (older versions call this 'Citrix/StoreFront')
  3. Set the Citrix StoreFront URL into the Connection Target parameter
    • Use the real StoreFront API URL, typically like /Citrix/Store (as opposed to the user/web browser URL that ends in /StoreWeb)
    • You can also use the Citrix URL parameter of the Citrix options instead of Connection Target - both parameters work equally well
  4. Make sure the client has access to all necessary Certificates. StoreFront is SSL-only, it is mandatory to install proper root certificates!

NoTouch will display a chooser if more than one published resources are available (otherwise, if it is only one, it will launch that without further questioning). If you want to go directly into one resource, please read below.

Note: The Citrix Workspace App will display a choice between different stores. That is especially common if going through a NetScaler that bundles multiple stores. To avoid that, you must set up your URLs that it goes to one store. It is really all depending on the URL and the server configuration.

Starting directly into a specific application or desktop

If you want to start a specific resource instead of showing a chooser:

  • Set it into the Launch Resource parameter of the Citrix options, or
  • Make sure Citrix StoreFront offers only one resource. In that case, NoTouch will start the single available resource automatically.

Logoff timeout

By default NoTouch will close the StoreFront connection immediately after the actual published application or desktop is closed. This is expected in 99% of all use cases - you don't want your users to log off from a Windows desktop, walk away from the workstation but leave the StoreFront chooser open for anybody else...

However, if your use case is different, you can modify the StoreFront stay logged in parameter in the Citrix options. It is 0 by default (=immediate termination), any number of seconds is ok. Thus, if you type in 120, you would give your users two minutes (120 seconds) time to choose another connection out of the chooser window.

Selfservice

Selfservice is part of Citrix Workspace App. Any connection of type 'Citrix/StoreFront' can be simply switched to use selfservice, simply look for the 'Use selfservice GUI parameter' and switch it on.

Desktop Viewer Toolbar

The Desktop Viewer Toolbar is an overlay menu that allows to quickly end or modify a Citrix session. You can switch it off. Usually system administrators like it, but end users not so much.

The Raspberry Pi can display the Desktop Viewer Toolbar only when NOT in H.264 mode. That means, if you want it on the Raspberry Pi, you have to both disable H.264 and enable the Desktop Viewer Toolbar.

Help! It's not fullscreen!

Connection modes Citrix/One application or desktop and Citrix/Program Neighborhood as well as connecting to Citrix via browser means that the actual session specification will be created on the server. This includes for example the window size. It is not possible to modify such settings from the client side - you must do it in the Citrix management console, e.g. setting the 'window size' to Fullscreen.

Multimonitor/Dualscreen operation

The Citrix Receiver will take advantage of multiple monitors automatically and it will report screen geometry to the server. Please make sure Multimonitor support works, more information can be found here: Multimonitor operation with NoTouch

Two parameters influence the dualmonitor/multimonitor behavior - the effects of these parameters are entirely up to Citrix and may change with different versions of the Citrix client:

  • Use screens (span)
    • Default. This is the default. All monitors are available will be used if present.
    • All. Force using all monitors.
    • No setting. NoTouch will not set this parameter at all when launching the Citrix client.
    • Custom. The values from the 'Custom span parameter' will be taken.
  • Custom span parameter (only if 'Use screens' is set to custom. The following excerpt is from the Citrix manual:

Most people will be fine with default settings, both in single- and in dual-monitor setups.


To operate Citrix Receiver properly with HTTPS connections, it must trust your StoreFront site's CA root certificate. In case you have publicly available Citrix URL you will most likely have used a well-known certification authority (CA) whose certificates are already in the system's trusted certificate store. On private, internal sites however you might use a self-signed certificate or one signed by your (private) Microsoft Active Directory Certification Service. In these latter cases, you must make the certification authority's (CA) root certificate available to NoTouch via the mechanisms defined in documentation on certificates.

  • Citrix does not accept SHA-1 certificates. SHA2 (e.g. SHA256) is required.
  • If your server certificate was signed by a sub-CA, the server must send the certificate chain or you must supply the intermediate CA certificates. This is a very common problem.
  • Certificates you upload must be named .crt and be in human-readable form (starting with ---- BEGIN CERTIFICATE ---, what is called 'Base64-encoded DER'). If the file you plan to upload is not human-readable, you are using the wrong format.
  • Please avoid having whitespaces and non-ASCII characters in the file name (no accented characters, no umlauts)

The Citrix Receiver for Linux does not have any switch to simply ignore the certificate check. That means you can not just turn the checks off. This is a Citrix policy (or 'limitation', depending on your point of view).

For more information please see the article on Certificates.

By default, USB forwarding is switched to on and USB devices will be forwarded to the server automatically. So called HIDs (human interface devices, such as keyboards, mice, but also mouse-emulating devices like digital dictation foot pedals) will not be forwarded, but rather handled locally and brought to the VDI desktop as keystrokes and mouse movements.

There are two parameters, both need to be enabled for USB forwarding to work (yes, the default is that both are on):

  • 'Citrix USB forwarder' in the 'Services' section
  • 'Generic USB forwarding' in the ICA parameters section of the actual connection.

The Citrix USB forwarder is a system service, thus it can be configured from the 'Services' parameters, not the Citrix ICA connection parameters. The startup behavior is controlled by the parameter named 'Citrix USB forwarder' parameter. It has these options:

  • 'with Citrix connection'. This is the default. Start the Citrix USB forwarder only if there is a Citrix connection configured.
  • 'off'. Do not start the Citrix USB forwarder.
  • 'on'. Start the Citrix USB forwarder after system boot.

Futhermore, you can allow or deny specific devices by using the 'Allow devices' and 'Deny devices' parameters in the 'Services'/'Citrix USB' parameters. These parameters directly modify Citrix' usb.conf file and thus accept the original Citrix syntax only [1]. Multiple stanzas, each one describing one device, stanzas separated by commas, can be added to either of these parameters. A stanza consists of tags that in turn have the form TAG=VALUE. Acceptable tags are:

  • VID Vendor ID from the device descriptor
  • REL Release ID from the device descriptor
  • PID Product ID from the device descriptor
  • Class Class from either the device descriptor or an interface descriptor
  • SubClass SubClass from either the device descriptor or an interface descriptor
  • Prot Protocol from either the device descriptor or an interface descriptor

Valid examples for either of the two parameters are:

  • VID=1460 PID=0008
  • Class=07 SubClass=06

The Information page of the local configuration application will present information about USB devices to you - this is the place how you can find out the VID or PID, for instance. Command line afficionados will prefer the lsusb command, preferably in lsusb -v form.

Please see the original Citrix documentation for more information [2]. Changes to these parameters need a reboot to become active.

Browser Content Redirection (BCR) is a Citrix feature to use the local, client CPU to render certain webpages instead of the VDA side. In other words, instead of the VDA side rendering the whole page, a Workspace-App-side rendering engine will be started and instructed to fetch the web content from the URL, render it locally and draw it into the browser window 'over' the rest of the Citrix session.

On the NoTouch side, BCR needs to be switched on with the 'Browser Content Redirection' parameter under the Citrix options - set it to 'on'. On the Citrix side, you'll have to deal with

  • certain Citrix policies,
  • browser plugin installation,
  • URL whitelisting (only whitelisted URLs will be redirected).

More information can be found here: Browser Content Redirection and Troubleshoot Browser Content Redirection.

Needless to say, all required components for BCR are part of NComputing NoTouch OS. You do not need to worry about installing GStreamer, WebKitGtk+, CEF etc.

To use BCR with multimedia content on the EX400 (x64) thin client, you will need the Fluendo codec pack. As of WSA 19.06, Citrix can not simply work with 'only free codecs'. See below for a more detailed explanation on the codec question.

Codes

A codec in this context is a program to playback a certain kind of video or audio stream. NComputing NoTouch OS only includes codecs that are free from any patent license fees. We understand many people don't care but we do. If you download any kind of desktop Linux and then additionally install these patented codecs such as AAC or H.264, you are at risk of being sued, at least in a commercial environment. That said, please don't report bugs to NComputing that sound like 'It works on Ubuntu, I just installed all these codecs...'. The proper way is to purchase the Fluendo codecs, which are high-performing and properly licensed codecs on Linux. This codec is relatively inexpensive and gives you legal safety as well as the highest performance. Note: This only applies to software. If your system has hardware decoders and the drivers can make use of them, the royalties are already being paid for by the HW manufacturer.

Typical free codecs are VP8, VP9, AV1, Theora (video), and Opus, FLAC, MP3 (audio). Yes, MP3 is now patent-free since the last patent expired in mid-2017. Typical codecs that require licensing are AAC (audio), MPEG-2, H.264, and HEVC/H.265, again, unless your hardware has such codecs built-in.

RX-HDX (based on Raspberry Pi platform)

Browser Content Redirection on the Raspberry Pi 3 does work in principle but is unsupported by NComputing as there are a few caveats. The Pi implementation, as of mid-2019, uses CEF (Chrome Extension Framework) as opposed to WebkitGtk+ which is actually the more modern approach. However,

The software is still very early and may not work in all circumstances (please direct support questions to Citrix)It does not work conceptually with a full-screen H.264 encoded session, obviouslyIt will degrade performance because the Pi 3's CPU is not made for rendering complete web pagesThe Raspberry Pi 4 with its improved CPU power changes the game - As the Raspberry Pi 4 emerges, both Citrix and NComputing are working together on next-generation BCR capabilities.

From within the 'HDX/Multimedia' parameter section (a subsection of Citrix 'ICA' parameters), several aspects of multimedia support of the ICA/HDX protocol can be configured.

HDX MediaStream Flash Redirection

Flash redirection is enabled by default. Please note that the list of software requirements on the server side is long and the list of supported software modules such as browsers is very short. You may have to adapt your VDI environment to meet Citrix requirements.

Notes:

  • You can use your own version of Flash. Sometimes this is necessary because NoTouch is shipped with newer Flash, but Citrix does not support the new Flash and instead requires an older Flash. Please look at this article for instructions on how to install your own version of Flash: Mozilla Firefox#Updating the Flash Player plugin
  • Taking that one step further, it is even possible to have a separate, different version of Flash installed just for Citrix purposes. This solves the problem that arises when you want the latest Flash in Firefox, but an older, Citrix-approved plugin for Citrix redirection. To install your own version of Flash specifically for use with Citrix Flash redirection, look for the 'Extension'->'Citrix Flash player URL' parameter, otherwise follow the instructions given above.

While for some time Citrix has required Flash version numbers to match on client and server, this is not required any more. In fact, the opposite is now true - Citrix suggests to disable the Flash version number check, as stated below and here: http://support.citrix.com/article/CTX134786

You should disable the Flash version check by adding/modifying Windows Registry Key on VDA, named “FlashPlayerVersionComparisonMask” which is a dword that should be set to zero.

This will need to set on each VDA:

  • 32 bit OS: HKLMSoftwareCitrixHdxMediaStreamForFlashServerPseudoServer
  • 64 bit OS: HKLMSoftwareWow6432NodeCitrixHdxMediaStreamForFlashServerPseudoServer

After making these modifications you need to restart IE on VDA.

HDX RealTime Webcam Video Compression

HDX RealTime Webcam Video Compression needs audio input to be enabled both on client and server to work. NoTouch typically has audio input ('microphone in') disabled by default, so you have to turn this on. Besides that, no extra switch is necessary to enable HDX RealTime Webcam Video Compression, but there's still an extra switch to force the redirection, 'HDX RealTime webcam video compression'.

HDX RealTime Media Engine (RTME)

The Citrix HDX RealTime Media Engine (RTME) is the client-side component of the Citrix HDX RealTime Optimization Pack for Skype for Business. To enable Skype for Business experience, both client side and server side need to be properly configured.On the client side, both RX-HDX and EX400 thin clients come with RTME integration. By default, the HDX RealTime Media Engine is disabled and must be enabled for the Citrix connection to optimize the Skype for Business experience. This can be done in Connection -> Citrix -> HDX/Multimedia settings by setting the “HDX Realtime Media Engine (Skype for Business)” parameter to “on” (see screenshot below).


Client

On the server side, the Citrix HDX RealTime Connector also needs to be installed (see screenshot below). The RealTime Connector starts when Skype for Business front-end application is launched and communicates with the HDX RealTime Media Engine in the end-user device.


Citrix HDX RealTime Media Engine and Citrix HDX RealTime Connector should ideally have matching versions. With all the prerequisites in place, the Connector and Media Engine should connect together and exchange some information (see screenshot below).


Please be sure to check the supported Skype for Business versions in this article to ensure compatibility with the HDX RealTime Optimization Pack:
https://docs.citrix.com/en-us/hdx-optimization/2-4-ltsr/system-requirements.html


Once the HDX RealTime Optimization Pack is setup, the audio and video devices connected to the thin client are enumerated locally by RTME (i.e. not redirected from the client to the VDA). The Audio and video settings can be modified directly from Skype for Business setting menu.


HDX 3D Pro GPU/H.264 acceleration

HDX 3D Pro GPU/H.264 acceleration is enabled by default. Switch it off by setting the 'HDX 3D Pro GPU/H.264 acceleration' parameter to off.

If there are any issues regarding the session's resolution while HDX 3D Pro is active, please have a look at the follwoing article:

HDX Mediastream Windows Media Redirection

NoTouch includes GStreamer, as required by Citrix Receiver to support Mediastream Windows Media Redirection [4].

Printing

Printing works fine with Citrix in NoTouch. Please consult our Printer configuration page.

Citrix can forward smartcard readers and use these for login purposes. U.S. Federal customers will enjoy the CAC card support. In that case, do not forward the smartcard reader with generic USB forwarding. Configure smartcard support according to these instructions:

  1. Switch on the 'Smartcard service (PCSCD)' in the 'Services' options
    • In most cases the default settings for the Smartcard driver parameter will be fine. Some readers need the Omnikey setting, not only Omnikey readers. You may have to experiment with that or contact support.
  2. Set the 'Smartcard login' parameter in the Citrix parameters to 'on'

Note: For XenDesktop, do not attempt to use the generic USB forwarding mechanism to forward the smartcard reader (it won't be default, you would have to play with the settings). The downside is that then you can't use the reader for login purpose. It would work to forward a reader into the session only (ie without login) if that is what you want.

NoTouch comes with reasonable default values and should accomodate all Citrix options that are used by 99% of the people. However sometimes even deeper configuration accesses are necessary. NoTouch comes with an easy-to-use method of modifying Citrix INI files: Citrix Receiver configuration files

Furthermore, you can totally rewrite the files that are used to generate the Citrix configuration, which would work by the template mechanism.

Selecting the Citrix Receiver version

Most NoTouch images have at least two Citrix Receiver versions included. Yes, you read that correctly, two different versions of the Citrix product, so you can select the one that fits your use case better. By default, the newer client will be used. At the time of writing, this is the 13.4 Receiver for Linux and the alternative, older Receiver is 12.1.

To switch to an alternative version of the Citrix Receiver, use the 'Client version (if present)' parameter in the Citrix options. You may have to scroll down a bit to find it, it is pretty far down below.

Proxy settings

The Citrix Receiver can connect via a proxy server. While these parameter may seem obvious, it is important to note that from OS 2.40.1310 on the Citrix Receiver will inherit the Firefox proxy settings of the same connection, if you switch the 'Use Firefox proxy settings' parameter to on. This will inherit exactly your NoTouch settings that you made in the 'Firefox' parameters.

Certainly you can configure the proxy settings directly and even specify to inherit from the system-level proxy settings. Here are the parameters in more detail:

Raspberry pi citrix client
  • Use Firefox proxy settings. If set to on, all parameters below will be ignored and the Firefox configuration parameters of the same connection will be evaluated.
  • Proxy type. Master switch denoting the kind of proxy configuration used:
    • No setting. Do not mention anything about proxy in the Citrix configuration files.
    • None. No proxy is to be used.
    • System settings. The system-level proxy settings will be used.
    • Auto config (Script). The system will download a .pac file from the 'Proxy autoconfig URL' and evaluate it.
    • Secure Host. Think of this as the 'manual configuration'. The system will use the 'Proxy hostname' parameter and the 'proxy bypass list'.
    • SOCKS. Uses the 'proxy hostname' as a SOCKS proxy.
  • Proxy hostname. Hostname:port combination of the proxy server to be used. It must be configured to accept HTTPS traffic.
  • Proxy bypass list. A comma-separated list of hostnames and IP addresses that Receiver will always contact directly.
  • Proxy autoconfig URL. A URL to the .pac file providing proxy auto-configuration, if the Proxy type parameter is set to 'Auto config (Script)'.
  • Fallback to direct if no autoconfig received. In case the autoconfig URL (see above) can not be reached, Receiver will connect directly. This can be useful if people are traveling.

Citrix considerations

Citrix has a lot of options, some combinations may have strange effects. Most people are fine with the defaults, in fact, NComputing recommends to change something only when a) necessary and b) advised to do so. Stratodesk can not provide support for Citrix installation, be sure to have a Citrix professional at hand when troubleshooting.

More detailed information can be found in Citrix Receiver for Linux 13.4 eDocs - you can skip the part about installation and integration since this is already done in NoTouch.

Also please check out the Citrix Receiver Feature Matrix.

In case something does not work as expected, always open a Citrix support case before contacting NComputing.

The Raspberry Pi 4 single board computer supports dual screen configurations andthus has become a silent, serious candidate for Home Office work.

I am using a Raspberry Pi 4 4GB, with Raspberry PI OS Buster, 2x screen with an USB speakerphone.The assumption is that Raspberry PI OS is installed with the LXDE-pi desktop and that the displays are working.

What you will find in this HowTo

  • Configuration of Raspberry PI OS to be able to use a dual screen setup with the Citrix Workspace App.
  • Setup echo cancellation with Pulseaudio to be able to make Teams / Skype4Business via Citrix Workspace.

Ths HowTo uses nano as text editor. So wherever you see nano you can use a different editor.

Positives and Negatives

  • The Citrix Workspace App
    + can be downloaded as armhf Debian package for Buster on the Citrix website
    + comes with it’s own outdated certificate store, that most likely requires an update
    + the memory usage is low enough that even the 1GB model should suffice
    - requires a different window manager than openbox due to missing multi-monitor hints
    - no optimization for realtime audio (Skype calls, etc.)
  • Raspberry PI OS Desktop
    + the LXDE-pi desktop is sleek and nicely customized
    - the lightweight LXDE desktop does not fulfil all assumptions expected by “business” apps
    - I could not get a Bluetooth headset to work on Raspberry Pi OS, if the headset had the hands-free profile, the microphone could not be used and if the microphone got detected (a different device), the audio quality was really bad and the recording unstable.
    - from my personal experience the Alsa sound system is not nearly as usable as Pulseaudio for an end user
    - Raspberry Pi Desktop starts to slow down after a few hours of use and the Xorg process shows almost 100% CPU.Logging out and in again workarounds this problem.
    I discovered that this does not happen if gpu_mem is bumped to 320MB and 4k60Hz mode is activatedin /boot/config.txt:

Citrix Workspace App Installation

The Citrix Workspace App can be downloaded via the Citrix homepage.

Navigate to Available DownloadsDebian PackagesFull Packages and click Download file

Since version Dec 12, 2019 the package can be directly installed via gdebi package manager. All required packages will automatically be downloaded.To install open the Downloads folder in the file manager, right-click on the icaclient*.deb package and install the package.

You now can launch Citrix Workspace via MenuInternetCitrix Workspace

SSL Connection Problems

Should you be unable to connect, and get a SSL connection could not be established error then it is highly likely that this is dueto missing certificate authority (ca) certificates delivered with the Citrix Workspace App.In order to make Citrix Workspace use the ca cert’s of Raspberry Pi OS:

Now you should be able to connect.

Notable User Settings in wfclient.ini

In the user settings folder of the Citrix Workspace App (former ICAClient) is wfclient.ini where several adjustments can be made.
Citrix Workspace App for Linux Product Documentation
Citrix Workspace App for Linux OEM Reference Guide

To edit

Force a switch of the Keyboard Layout

I had to change KeyboardLayout=(User Profile) to KeyboardLayout=German to get a german keyboard layout, the automatic detection did not work on Raspberry Pi OS, maybe there is a smarter way.

Set medium audio quality

I found that for using online meetings via Skype4Business tunneled through the SSL connection setting medium audio quality works best for me.To set medium audio quality on the client add a line with AudioBandwithLimit=1 to the [WFClient] section.

Dual-Screen Fullscreen

Citrix Workspace supports fullscreen over dual screens layouts and so does the Raspberry Pi. Unfortunately the default window manager Openbox lacks the correct hints for the Citrix Workspace App. The only way around it is to us a different window manager.

I didn’t use the icwm window manager, but went for Marco, the window manager of the Mate desktop environment. So if you have installed Mate, instead of LXDE, everything is fine.Marco does not require one gazillion of additional libraries, is still relatively light weight and can be configured via command line.

Installation

Install the packages via apt

In order for mate to be used, the window manager of the LXDE-pi desktop has to be changed.

This can either be accomplished for all users or just for a single user by changing the window manger in desktop.conf.

For a global configuration, edit the file:

For a configuration for the current user only, copy desktop.conf to your user directory and change the window manager.

Change

to

If you log out of your X11 session an login again, the desktop will no longer use openbox as window manager, but marco instead.

Configure marco

I configured marco to use a single workspace (the default is 4), the Blue-Submarine theme because it is a good fit for Raspberry Pi OS colors and sloppy window focus mode. Sloppy means that an open window will get the focus once you hover the mouse over it.

Once you have done that Citrix Workspace will look like

Speakerphone or Headset with Echo Cancellation via Pulseaudio

I was trying to use Skype4Business calls via Citrix Workspace App and a cheap USB Speakerphone, because I hate wearing headsets. My first experience was abysmal.I had to fiddle with the microphone volume and then there always was an echo effect where colleagues could here themselves or sounding like “Mr. Roboto”.

As I was able to use the speakerphone without any echo effect in a local Microsoft Teams session on both a PC and a Mac, I suppose that Teams does echo cancellation all by itself if it is running locally. I also suppose that this is the case for it’s predecessor Skype4Business. I guess that it does not work over Citrix Workspace App on armhf, because there is no optimized “realtime” Citrix HDX audio available over a TLS connection.

Luckily there is Linux the tinker-os. You can install, compile or configure almost anything, although you may rip your hair out on the voyage to achieve the goal.The goal in this case is to do not rely on Skype4Business to do echo cancellation, but to use a locally running software, so that the cheap speakerphone will behave like an expensive speakerphone and performs acoustic echo cancellation.

The software that can do that on Raspberry Pi OS is the pulseaudio daemon with it’s module-echo-cancel.

Installation

First you need to install pulseaudio and it’s graphical mixer application pavucontrol:

Switching from Alsa to Pulseaudio

Raspberry Pi OS buster is using the Alsa sound system for audio an not Pulseaudio as it did in Raspberry Pi OS stretch. In my personal experience Alsa is not as user friendly, it lacks some features of Pulseaudio and is more complicated to configure.

Alsa can be configured to use Pulseaudio for input / output and mixer control.To do that make a backup copy of your ~/.asoundrc and set pulse as default audio device and mixer.

Add the lines in the editor.

Raspberry PI OS uses the volume control in the panel to configure alsa, so it is best to remove it from the panel to prevent an accidental use and destruction of .asoundrc.

To remove the Volume Control (Alsa/BT) from the panel right-click on the iconand select “remove volume control from the panel”.

After that, log out of your X11 session or reboot. The pulseaudio daemon will be started when you log in into your X11 session.

To test if there is audio via pulseaudio, open the Pulseaudio Mixer, where you should have an output and an input audio device.

Now you can add back a different Volume control applet to the panel, by right clicking on an empty space in the panel and selecting Add/remove panel entities.Choose Add and select Volume Control - not Volume Control (Alsa/BT).

After adding the Volume Control to the panel you can configure it’s settings:

The important part is to select “pavucontol” as Command to Open Mixer.

Now any app, for example when Chromium is playing audio, should be using Pulseaudio.

Finally it is time to configure acoustic echo cancellation in /etc/pulse/default.pa

Configuring Acoustic Echo Cancellation

I forcefully enabled echo cancellation and set the device with echo cancellation to be used as default microphone and default speaker. For acoustic echo cancellation to work the output audio signal from the speaker that is received by the microphone is removed before sending it to the application.

General documentation about this module can be found at the Pulseaudio documentation: module-echo-cancel

Here is what worked best for me with the omnidirectional microphone in the speakerphone. With the setting below I can listen to music and perform conference calls via the speakerphone without too many audio distortions.

Webrtc with extended filter

It uses the webrtc method developed by Google. It turns off analog gain control (moving the volume slider), turns on digital gain control (audio gain controlled via signal processing) and enables the extended filter. The standard filter was not good enough without reducing the signal sampling rate of the microphone and speaker.This setting is the best for me when it comes to echo cancellation. It is almost perfect, almost. It has a big drawback, however. During double-talk it reduces the volume of your voice, so that you almost cannot be understood by the other people in the meeting.

Raspberry

In the default.pa file add at the end:

Alternative Setting: Speex with mono mic channel

This setup works fairly well, but has some problems with slight echo from time to time. Especially after double-talk during conferences. It uses the speex echo cancellation with the source reduced to a single channel. A small frame size of 5ms finally resulted in good echo cancellation with speex. I never got it to work properly with the default settings. Due to the fiddly experience I had, I guess most people will need to do tuning of these parameters.

In the default.pa file add at the end:

Alternative Setting: Low quality mono audio

I found another combination, that did work out ok’ish for audio calls with the effect that the audio is muffled. You can forget to listen to music with this setting, it will sound like you listen to music on the other end of a transatlantic call at the beginning of the 90’s. It could be best if you are on a slow connection.

These settings are from here: Using PulseAudio: module echo cancel

In the default.pa file add at the end:

Alternative Setting: Beam forming with directional microphones

If you have a device with multiple directional microphones, for example a webcam, the beam forming method may work best for acoustic echo cancellation. For details see the module-echo-cancel documentation. Here is the example from it, which I couldn’t test.

If you have a webcam with 2 microphones 8cm apart, and you want to point it forwards, you could use

In the default.pa file add at the end:

Testing Acoustic Echo Cancellation

After you have changed the Pulseaudio configuration, you need to reload the pulseaudio daemon in your user session.

If you re-open pavucontrol, you should now see one output and one input device that has echo cancellation enabled. Because this device has been set as default all audio will be played through the output device and all recordings happen through the input device with echo cancellation.

In order to the setup you need a program that plays audio and an audio recording software. For playing audio, I can recommend to play a Youtube Covid talk show via Chromium, because the spoken audio is very similar to an online meeting.
For recording, I’d recommend Audacity, which needs to be installed first.

You can now start it from the menu.

The real test:

  1. Start Chromium and play a talk show
  2. Press the record button and start talking, after that press the stop button
    If everything went well, there should be no signal for all that was played through the speaker and a waveform when you were talking.
  3. To check, press the play button in Audacity

Installing Citrix Client On Raspberry Pi 4

Ideally, everything played through the speaker should be completely gone, but echo cancellation is not perfect. Thus you may want to experiment with the module-echo-cancel settings until you find a setup that works for you.