Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 54608
  • Last Modified:

Remote Desktop through a proxy server

Hello all! :o)

Here is the problem:

- I have several computers at home, one is the server that connects to the internet (always on broadband) and shares internet access with the other PCs.
- I recently set this server up so i can Remote desktop in from an outside computer (and from there I can RD to any computer on the home network).
  I did this by installing the appropriate IIS components and unblocking the appropriate ports through the firewall etc..
  This allows me to access the server by going to http://xxx.xxx.xxx.xxx:xxxx/tsweb/, where the x's are the computers external IP address and the port used.
- This setup works fine everywhere except where I want to use it!
  It works on a BT dialup connection, and my girlfriends internet connection where she works, but not from where I work.

I'm the admin at a middle school where all the computers access the internet via an external proxy server (so I can't change its settings), and I think it is this that is stopping the connection (blocking a port perhaps).

Does anyone know of a way around this, via some free tunnelling software, or perhaps another method of connecting to the server besides remote desktop?

All suggestions are welcome! :o)
0
Nilknarf
Asked:
Nilknarf
1 Solution
 
andydisCommented:
is there server 2000 ?
you could always set up a VPN?
0
 
ah_sonCommented:
Bypass the proxy server check the check box and key in the DNS if you know and it should work. Another way is to set up VNC in both computer.

0
 
NilknarfAuthor Commented:
My home server is only XP Pro. All the computers at the school are XP Pro also (except for the 2k servers)

I'm not sure a VPN would work as I can't even ping my server's IP address from work, seemingly again because of the Stafforshire proxy server (it simply says "Destination Host Unreachable" or something to that effect).
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
htjiawiCommented:
If you are able to access any https site from you office, then you can connect to your Terminal Server at home using RDP. All you need is to download freeware orenosp from:
http://hp.vector.co.jp/authors/VA027031/orenosp/index_en.html

On your PC at home:
- install orenosp service
- generate free certificate
- configure sproxy.conf to point to your XP Terminal Server
- open port 443 on your firewall to allow in coming traffic

On Office PC:
- configure otunnel.conf
- run: otunnel -c (from command prompt)
- run: RDP pointing to 127.0.0.2:port_number(configure in otunnel.conf)

The detail documentation can be found on the above website and I have tested this work from inside a restricted proxy network (provided you are still allowed to access https site).



0
 
NilknarfAuthor Commented:
I'll give that a try on Monday htjiawi, thankyou.

Also, not sure is this helps at all, but when I ping my home computer from work it says "Destination net unreachable"
0
 
htjiawiCommented:
SAMPLE for sproxy.conf setup on server:
------------------------------------------------
# this is configuration file user by ORENOSP service running on server with direct internet

connection
# the client PC from behind corporate proxy and firewall can access this server provided
# the client is allowed to access https site from inside corporate proxy

# using this program client will be able to access Terminal Server using Remote Desktop,
#                                                  Telnet, Proxy from Internet Explorer,
#                                                  Remotely Anywhere, and many other
#                                                  application including openvpn

# the advantage of this application is that it only require one port open on your home

firewall
# usually port 443 (HTTPS) and will allowed you to access multiple application on your home
# through this one open port and you can still access all this application even when you
# are behind corporate proxy and corporate firewall  

# sample provided here open 3 services: terminal service (rdp), telnet and webproxy
# to use it you will need to modify the following variables in this files:
# user_id
# password
# password_for_certificate (you create this when generating your certificate)
# change the port for services corresponding to your services setting
# for terminal service to work you will need windows 2000 server or windows 2003 server
#                                            or windows xp with terminal service enable
# all label must match on this file and to the corresponding otunnel.conf on client



#
# Very simple orensp ssl reverse proxy configuration
# for 0.4.0 or later
tunnel_enable=1


# proxy listens on standard HTTPS port
# and forwards all requests to http://localhost:80

# listen port
proxy_listen_name = lis-ssl   0.0.0.0@443  https

# proxy to tunneling gateway
proxy_sslvpn_label = /vpn/rdp
proxy_sslvpn_label = /vpn/telnet
proxy_sslvpn_label = /vpn/proxy

#if backend server is using non-standard port, use
# proxy_pass_by = lis  lis-ssl  http://localhost:2000

#proxy_auth_url = <extended-url-pattern> <user-password-list> [options]
proxy_auth_url = lis-ssl://*/* -u="user_id:password" -rlm="SERVERNAME"

#
# SSL: pass phrase for server private key
#
proxy_ssl_keypass = password_for_certificate

#
# --- tunneling settings ---
# Notice there's no tunnel-specific listen port defined (tunnel_listen_name)
#
#tunnel_listen_name = mpx   0.0.0.0@443  ssl -mpx=sslvpn
tunnel_dest_name = lan-rdp   localhost:3389  raw
tunnel_dest_name = lan-telnet localhost:23  raw
tunnel_dest_name = lan-proxy localhost:81 raw

tunnel_pass_by = label /vpn/rdp     lan-rdp
tunnel_pass_by = label /vpn/telnet   lan-telnet
tunnel_pass_by = label /vpn/proxy   lan-proxy


# access log file
#proxy_log_access_io = single logs/access.log

#
# HTTP compression
# uncomment both lines below to enable HTTP compression

#proxy_filter_define = comp-txtonly mod_filt_zlib    mtype="text/"
#proxy_filter_assign = *       comp-txtonly

#
# URL rewrite in contents (response bodies)
# uncomment both lines below AND create simple_subst.conf to describe
# replacement rules (see Users' Guide)
# Note: these must come after HTTP compression settings in config file.

#proxy_filter_define = ext-rewrite mod_filt_ext int=rewrite_simple mtype="text/html"
#proxy_filter_assign = * ext-rewrite


#end
0
 
htjiawiCommented:
SAMPLE for otunnel.conf setup on client PC
----------------------------------------------------
# configuration for orenosp-cli (in otunnel.conf)
# this is a sample configuration and it is used with otunnel.exe
# command line to activate this configuration from client PC from inside corporate proxy
# provided user is allowed to access any https site
# command line: otunnel -c
# this sample configuration provide 3 services by only opening one port on external server
# with direct internet connection (port 443, see server configuration: sproxy.conf file for detail)

# you need to change the following items on this file:
# your.internet.ip.address
# user_id (set when generating key on ORENOSP server and also on sproxy.conf)
# password (set when generating key on ORENOSP server and also on sproxy.conf)
# note: tunnel_listen_name must match with tunnel_pass_by
#       tunnel_pass_by must match with proxy_ssl_vpnlabel on sproxy.conf)
# your can used any port on client PC as long as your client application allowed it


tunnel_listen_name = rdp   0.0.0.0@88  raw
tunnel_listen_name = telnet 0.0.0.0@28   raw
tunnel_listen_name = proxy 0.0.0.0@81   raw
tunnel_dest_name = your.internet.ip.address   your.internet.ip.address:443  ssl  -mpx=sslvpn -proxy=proxy_server:8080
tunnel_pass_by = lis rdp    your.internet.ip.address  -mpxlabel=/vpn/rdp -auth=user_id:password
tunnel_pass_by = lis telnet  your.internet.ip.address  -mpxlabel=/vpn/telnet -auth=user_id:password
tunnel_pass_by = lis proxy   your.internet.ip.address   -mpxlabel=/vpn/proxy  -auth=user_id:password

0
 
NilknarfAuthor Commented:
Tried a few times, can't seem to get it to work.

Is it possible for you to explain how to set up the programs a little more tjiawi?

I copied the sample files that you posted and changed the 'your.internet.ip.address' bit and the username and password.

Is the username and password supposed to match an account on the server, or is it just for orenosp?

I also changed 'SERVERNAME' to the name of the computer I'm trying to connect to if that's correct.

Sorry I haven't said anything for a while, work has been hectic so I haven't had much time.
0
 
htjiawiCommented:
Are you able to browse any https (SSL) site from behind firewall? As this is a pre-requirement to established tunnel connection. You do not need to be able to ping your home server from behind the proxy, however you need to be able to access to your port 443 using otunnel.exe. The userid/password only need to match your orenosp setting, you will be prompted to sign-in to teminal server once you get the connection setablished. You will also need to check your IE proxy setting and place this proxy setting on your otunnel.conf file. And also make sure all configuration within sproxy.conf and otunnel.conf is related and must match to each other. Make sure you turn off firewall on your PC with  orenosp installed and on client PC with otunnel.exe. You will also need RemoteDesktop Client running on your PC from behind firewall to connect to your home terminal server.
0
 
NilknarfAuthor Commented:
I can't switch off the firewall on the PC with orenosp at home, last time I did that it got attacked and somebody tried to make themselves a windows account on it!
(Not to mention a few viruses and trojans - thank God for McAfee!)
Will opening port 443 to incomming traffic suffice?

Also, is it possible to use another port number, or does it have to be 443?
0
 
htjiawiCommented:
Since HTTPS/SSL use port 443 and on restrictive proxy only this connection is allowed, therefore this will most probable setup.

If you have high speed internet connection at home, I would recommend you to get a DSL router, since with this unit you will be protected from the internet with their build-in firewall. You will also have ability to connect multiple computers to the internet at the same time. With DSL router in place, you can safely turn off your firewall on your PC at home and make sure nothing is blocking port 443. You can than open port 443 on your router and fine tune it to your requirement. You will have to follow instruction that come with your DSL router to setup your particular DSL router.
0
 
NilknarfAuthor Commented:
I have a computer setup a bit like a router, it shares the internet throughout the house via a few switches.

It also doubles as a media center for the living room as it's in a flash little case next to the TV!
Great for watching movies DVD's or simply surfing the net. :o)

After installing the firewall software we have never had any more problems with Trojans and Virus', so I'll leave it as it is for now. I can easily open port 443 through the firewall, I just needed to know if it had to be port 443.

Thanks for all your input htjiawi! :o)
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now