This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my methods over that time frame.
This is an article about Remote Access in a variety of small business and client situations over more than a decade. I am a small business consultant and I need access to client systems frequently, and my own home office system from time to time. I will share a number of experiences culminating in my current situation where I can access any current client and my home office network from nearly anywhere in the world.
For a document-centric environment, iCloud (
), Microsoft Cloud or OneDrive (
, or Dropbox (
) may work fine for a lot of people in order to keep documents in a central location useable on most any machine. I use Dropbox on my Windows machines and my Apple iPhone, but my needs are broader than just documents.
A first step (2003 to 2008):
My first real exposure to remote access was about a dozen years ago at my first client. At the time I arrived, they had directly exposed their server to the internet at the hands of a consultant who apparently assured then that a virtual private network (VPN) had been installed. In fact, there was no VPN, and their server was at risk.
I engaged a good consultant (someone I continue to know and work with today) who suggested a small business client might find commercial Cisco to be too expensive and who eventually suggested a Juniper Netscreen box with the Juniper remote access client. The client had newly acquired XP Pro machines and the remote access client worked well with XP.
This arrangement generally worked well, and we now use Juniper Netscreen boxes at all clients However, I learned two key lessons: (1) Local and Remote subnets must be different (or traffic will not flow) and (2) the Juniper Netscreen client would not work through a double NAT, that is, it could not navigate the two levels of internal IP addresses. Double NATs are common in hotels, vacation properties and similar setups.
At that time, there was no workaround that I knew of, and indeed, we set up a back door to the server for one owner. She would web email or call us with her vacation IP address, we would enable the back door for that one IP only and she could connect. We would close the back door upon her return.
Adapting to 64-bit systems in 2008:
All this was in place and working until 2008 when I acquired a ThinkPad T61p with Vista Business 64-bit. This was a much faster machine and operating system than my ThinkPad T41 with 32-bit XP, but the Netscreen client would not run. I clearly could not continue this way. The ThinkPad T61p is one of the few machines ever made that could run XP Pro, Vista Business, Windows 7 Pro and Windows 8 Pro (64-bit). Back then, there was only XP and Vista and I was unwilling to go backwards.
Some rudimentary searching led to SafeNet SoftRemote. The 64-bit client was inordinately expensive (nearly $300 at the time), but I ordered it, set it up, and got it working with the help of a different consultant. That was my first exposure to Experts-Exchange. I joined, and remain an active member today. However, the SafeNet client was also not able to navigate a double NAT. We acquired a fractional ownership cottage in late 2008 and took possession in July, 2009, but I was not able to access clients through the cottage wireless.
As an aside, I had been using Sierra and Sony cellular air cards on my T41 with XP but neither worked in Vista, and so I acquired a Nokia CS-18 USB Internet stick that worked in Windows Vista, Windows 7, Windows 8 and the first build of Windows 10 (10240). I could always employ my Internet stick for VPN, and I was never stuck.
New VPN Application Software comes available:
As soon as Windows 7 Pro came out in mid-2009, I got a 500 GB 7200-rpm hard drive for my T61p and upgraded to Windows 7. Of course SafeNet SoftRemote would not work in Windows 7 (one gets numbly used to this issue). By that time NCP Secure Entry (
) was available and I purchased a license for NCP that worked fine on Windows 7 Pro. As a terrific added bonus, NCP works through a double NAT just fine. Life was much easier in our cottage weeks.
Entry level commercial VPN boxes and site to site tunnels:
About this time, I got a Cisco RV042 VPN router for my home office and hung my Netopia Wireless off this router. This worked well and I was able to establish Site to Site tunnels to my major clients with Juniper or Cisco VPN firewalls. I tried briefly to establish a connection to my home router with NCP but that was not successful. Since I synchronize vast quantities of files and documents between laptop and home desktop with Sync Back Pro, I really did not need access to my home desktop very often.
This all worked fine until early 2013 when I retired my T61p and got my current ThinkPad X230 with Windows 8. Before bringing the X230 into production, I tested my Nokia Internet stick (it worked), and I upgraded to the newest version of NCP and that worked. Sync Back Pro worked and I did not miss a step.
Somewhere in here, my ISP upgraded my home bandwidth but the best I could get was 8 Mbits/second download speed. I called the ISP and they suggested it was my equipment (don’t they always). I hooked up my laptop directly to the cable modem and promptly got 20 Mbits/second or better download speed. I researched the Cisco website and determined that Cisco had released the RV042G with 800 Mbits/second internal throughput and I promptly upgraded in order to get the speed advertised by my ISP. I installed the Site to Site tunnels, but still could not access the home router via NCP. To be truthful, I had not tried particularly hard.
Then Cisco introduced the RV325 router with 900 Mbits/second internal throughput and 16 ports (the RV042 series had 4 ports). This was worth upgrading as I was able to remove the 1 Gbit switch and make my network simpler. By this time, I had upgraded the Wi-Fi to a Cisco RV220W router that matched the N Wi-Fi card in my ThinkPad X230.
Windows 10, new Mi-Fi capabilities and refining my thinking:
In August of 2015, my X230 abruptly upgraded Windows 10 even though I had not reserved an upgrade. This has happened to more than a few people. I quickly whipped Windows 10 into shape, and in December 2015, I replaced my aging Lenovo desktop with a new Lenovo M73 desktop with Windows 10 Pro preinstalled.
I still have the Cisco RV325, the Cisco RV220W, the Site to Site tunnels and the most current version of NCP (new in April, 2016). Everything works as it always did.
In November, 2015 or thereabouts, Microsoft issued Build 10586 for Windows 10. My trusty Nokia stick worked at first, but in early 2016, I did a Windows 10 Repair Install on my X230, the Nokia stick had to be reinstalled and it would not install correctly. I visited my local ISP and they had a HUAWEI Internet stick that has an operating cost one quarter of the Nokia stick and operates at over 20 Mbits/second. This is much faster than the Nokia stick if I do not happen to have Wi-Fi available.
Now in one of the threads active at the time I wrote this article, I was searching for a way to scan for active devices on a network and came across Active IP Scanner and Active Port Scanner free from Famatech. I quickly saw that Famatech also produced the Radmin Tools. I had seen Radmin on and off over a period of years and in my recall is that collection cost over $300 some years back and Radmin had never interested me. However basic Radmin Remote Control is $50 today and the Radmin viewer is free.
Complete Client and Home Network access capabilities:
I purchased a license in April, 2016 and quickly determined that I could see my Windows 10 desktop as it sat (no logging in) from the viewer on my laptop. Further, at a client where I had Site to Site tunnel connection, I could see my home desktop from the Radmin viewer. To those wondering, the Radmin server on my desktop is heavily secured and I have the only way to access my home network from a Radmin viewer.
Now it seemed more compelling at this point to get remote access to my home network. I set up a Client to Gateway tunnel on my RV325 using a standard setup on all my tunnels, set up an NCP Profile, hooked up my HUAWEI stick, tried to connect and could not. By reviewing the logs and some trial and error, I got connected. Over the next 36 hours, I found the first attempt disabled all my RV325 tunnels. I do not know exactly why but after a process of thoughtful elimination, I deleted the home tunnel setup on my RV325 and discovered all the other tunnels started working.
I carefully rebuilt the Home Client to Gateway tunnel and this time, the other tunnels stayed up. I revised the NCP Profile and now have it working reliably. We are at our cottage as I write this, I left my desktop computer on (it normally is on 24x7 anyway), but I found I could not access my home network, however, I could access all my other clients. I expect this is because of the firewall or other issue within the cottage network, and I need to do more research. However, I
access my home network just fine from other remote locations with NCP.
So what has 10 years of working with remote access brought me? In summary, with a Cisco RV325 VPN Router ($350 - $400), NCP Secure Entry ($150), and Internet or HUAWEI Internet stick ($200 plus $15 per month to operate), I can hook up to my Home Desktop with Radmin Remote Control, and any client server via Windows RDP. Assuming I am using my HUAWEI Internet stick, I have access to every system I need including Home Office from almost anywhere I happened to be.
My RV235 Router (the right one is the 16 port router). 900 Mbits/second throughput
My RV220W N Wireless Router
NCP Universal Secure Entry for remote access
Radmin Server (not much to see - it just sits as a service waiting to be contacted)
Was this easy to do? Not really. I have been working with remote access for a decade and finally brought a number of pieces together to make it work the way I want it to work.
Was it worth it? Absolutely. Almost wherever I happen to be, I can access anything I need securely – secure for me and secure for my clients.
Can you do it? It depends. Anyone can purchase the commercial stuff I purchased, but it was not cheap (not real expensive either). It is not plug and play, and it takes skill, knowledge and experience to knit the pieces together so as to work anywhere with any connection. If you think this might be interesting for you but you have never done remote access yourself, you will need competent assistance to help you knit together your pieces together.
Microsoft has said that Windows 10 is their last operating system, so my setup should be good for a few years.