Can anyone give me a step by step guide to VPNing into my home machine and contolling it via VNC?

I know a few of you are doing this and with Virgin changing their traffic shaping policy it would be useful to kick off downloads during the day :)

Thanks

MB

If you're using an XP or above machine, then use Remote Desktop, it's much more bareable over a WAN link. Firstly, does your router have any VPN server functionality, and if not, are you sure it support VPN pass-through?

Seems to support it, its a WRT54GS but looking up VPN and WRT54GS on Google doesn't look promising :/

http://www.google.co.uk/search?hl=en&q=WRT54GS+vpn&meta=

MB

Windows XP has the ability to answer 1 incoming VPN connection, what you need to setup is your router passing the packets properly internally. Now, it's not as simple as a basic port mapping. While port 1723 does need to be mapped to your XP box, GRE (IP protocol 47) needs to be mapped also, and this is where a lot of consumer grade kit falls short.

Ideally, in your forwarding options you want to select a pre-configured option for PPTP VPN's. If there isn't one you're likely out of luck. Netgear's in particular were a bitch for this, even when they supposedly fixed the GRE mapping, it still didnt work for a firmware release or two. I'm not sure how Linksys fair, so suck it and see I guess.

[edit] To setup the VPN server side on XP, go to network connection, create a new connection, advanced connection, accept incoming connection, dont add a device, allow virtual private connection, allow your own user account, leave the protocols alone, click finish.

Should also say of course your router/proxy at work must allow the connection through, which if it's been setup by a seasoned techie, it shouldn't.

Should also say of course your router/proxy at work must allow the connection through, which if it's been setup by a seasoned techie, it shouldn't.
This is the key point. I spent a few days trying to troubleshoot a VPN connection I'd set up only to discover this. However, they didn't block SSH (as it's a point-to-point rather than network-to-network protocol) so I still have a way in, though I've yet to be able to figure out a way to tunnel Remote Desktop over SSH (I'm sure there is one).

Why do you need a VPN? Just connect to the VNC server and fire away. OK, so it's not as secure but if you just want to start a couple of downloads and then do that and disconnect.

As a purely personal opinion, it's the security that would bother me. VNC is well-known for being vulnerable and I'd never have it on an internet-facing connection.

Now I am confused :/

I have my media machine connected to the net via the Linksys router and the cable modem, whats the best way to 'dial' in.

Its only running normal XP not pro and I don't have pro at work.

MB

I run VNC on Phoenix and connect to it from work.

Pretty simple, download and install VNC server, set password and desired port number (defaults to 5900) forward the port on your router...

I use the standalone .exe at work as I can't install stuff, just double click, enter IP and port, enter password, skive off work :D

That sounds ideal, right now I use VNC locally to operate the downstairs machine without needing to switch the projector on, so I just need to open the port and write down my IP address, that shouldn't change to often I presume?

MB

Yup, if you're happy with that.

You could also use a service like dyndns.org to assign a name to the IP address (most routers these days support it, and those that don't can be worked around using software).

Like I said, I wouldn't personally, but then I'm paranoid about security.

That's pretty much it Matt :)

I've found that my IP doesn't change, even though it's dynamic and not static, the only time it has was when I used a different router for a bit, but when I went back to the old router it changed back to what it was before :p

That's pretty much it Matt :)

I've found that my IP doesn't change, even though it's dynamic and not static, the only time it has was when I used a different router for a bit, but when I went back to the old router it changed back to what it was before :p

Which VNC software do you use Dym? I use Real VNC, not sure if that has a non installable version?

MB

OR you can use port 58?? in a web browser to use the VNC servers java browser access. No need to install anything to view, just access from anywhere in the world :D

OR you can use port 58?? in a web browser to use the VNC servers java browser access. No need to install anything to view, just access from anywhere in the world :D


Hmmmm interesting, I'll have to give that a go :)

MB

Yup, use realVNC as well, can mail you the standalone .exe if you can't find it :)

Dont forget of course, the gateway needs to allow these connections. Access to anything which isn't on the standard web ports (80, 443, 21 etc) could be dropped.

Aye, you'll need to set up port forwarding on the router.

I meant the gateway his end :) Non standard port traffic will likely be dropped, and if they wanted to, it wouldn't be difficult to spot non HTTP traffic on HTTP ports. Depends on what degree of lock down the local gateway is in.

Hmmmm

Despite our IT department being muppets I can't seem to find any open ports :(

MB

Have you set up VNC at home and forwarded a port to it yet? Make sure the service is up and reachable before finding your way to it :)

I just tried one of those online things which are supposed to spot open ports, it seems to think nothing is open at all :(

MB

You're not trying to get back into work though, you want to get home. What a port scanner can find from the web, and what you can actually get out on are very very different. The fact you can browse the web is proof to that - outbound port 80, not inbound.

When I want to just kick something off quickly, I use www.logmein.com. It's not ideal, but it's certainly enough to do what I need it to do :)

Yeah, I've had a look at that. Seems like it might work quite well. Think it still uses odd ports though.

Matt, as Daz said pretty much, a port scanner will not help you - mainly because you're probably behind NAT at work, so all a port scanner would see there is the router/firewall. You could of course use a port scanner to tell you if the VPN connection at home is accepting connections.

I've been playing around with TightVNC which seems to do the job nicely. However, the reason i've been playing around with this is to offer remote access to possible clients PCs and I'm wondering how this could be done at the simpliest method at the clints end, remembering they know nothing and I may have to walk them through.

Your main problem will be security Huddy. Exposing your own machines to the web is your own choice, but exposing someone elses? Different ball game.

VNC is not a secure or encrypted protocol.

If you wanted to do it properly then you'd have to convince them to buy some hardware that supports you dialing into their network.

How does XP remote access differ?

Security wise it doesn't by default, though it can be secured with certificates if you have the infrastructure.

In a small business/SME scenario, you secure any non-local traffic through a VPN tunnel.

You're like a bloody encyclopaedia!! :)

So VPN is the best route?

Heh, I wish. I'm just lucky enough to be employed by a company that gives me a great deal of slack to investigate and play with new/relevant technologies :)

Heh, I wish. I'm just lucky enough to be employed by a company that gives me a great deal of slack to investigate and play with new/relevant technologies :)


Lucky sod! I think you'd give some of the guys here in the Bank a run...