Remote Desktop through a proxy server

Posted on 2004-04-19
Medium Priority
Last Modified: 2013-11-21
Hello all! :o)

Here is the problem:

- I have several computers at home, one is the server that connects to the internet (always on broadband) and shares internet access with the other PCs.
- I recently set this server up so i can Remote desktop in from an outside computer (and from there I can RD to any computer on the home network).
  I did this by installing the appropriate IIS components and unblocking the appropriate ports through the firewall etc..
  This allows me to access the server by going to http://xxx.xxx.xxx.xxx:xxxx/tsweb/, where the x's are the computers external IP address and the port used.
- This setup works fine everywhere except where I want to use it!
  It works on a BT dialup connection, and my girlfriends internet connection where she works, but not from where I work.

I'm the admin at a middle school where all the computers access the internet via an external proxy server (so I can't change its settings), and I think it is this that is stopping the connection (blocking a port perhaps).

Does anyone know of a way around this, via some free tunnelling software, or perhaps another method of connecting to the server besides remote desktop?

All suggestions are welcome! :o)
Question by:Nilknarf

Expert Comment

ID: 10861048
is there server 2000 ?
you could always set up a VPN?

Expert Comment

ID: 10861541
Bypass the proxy server check the check box and key in the DNS if you know and it should work. Another way is to set up VNC in both computer.


Author Comment

ID: 10861565
My home server is only XP Pro. All the computers at the school are XP Pro also (except for the 2k servers)

I'm not sure a VPN would work as I can't even ping my server's IP address from work, seemingly again because of the Stafforshire proxy server (it simply says "Destination Host Unreachable" or something to that effect).
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Expert Comment

ID: 10895908
If you are able to access any https site from you office, then you can connect to your Terminal Server at home using RDP. All you need is to download freeware orenosp from:

On your PC at home:
- install orenosp service
- generate free certificate
- configure sproxy.conf to point to your XP Terminal Server
- open port 443 on your firewall to allow in coming traffic

On Office PC:
- configure otunnel.conf
- run: otunnel -c (from command prompt)
- run: RDP pointing to in otunnel.conf)

The detail documentation can be found on the above website and I have tested this work from inside a restricted proxy network (provided you are still allowed to access https site).


Author Comment

ID: 10906521
I'll give that a try on Monday htjiawi, thankyou.

Also, not sure is this helps at all, but when I ping my home computer from work it says "Destination net unreachable"

Expert Comment

ID: 10909961
SAMPLE for sproxy.conf setup on server:
# this is configuration file user by ORENOSP service running on server with direct internet

# the client PC from behind corporate proxy and firewall can access this server provided
# the client is allowed to access https site from inside corporate proxy

# using this program client will be able to access Terminal Server using Remote Desktop,
#                                                  Telnet, Proxy from Internet Explorer,
#                                                  Remotely Anywhere, and many other
#                                                  application including openvpn

# the advantage of this application is that it only require one port open on your home

# usually port 443 (HTTPS) and will allowed you to access multiple application on your home
# through this one open port and you can still access all this application even when you
# are behind corporate proxy and corporate firewall  

# sample provided here open 3 services: terminal service (rdp), telnet and webproxy
# to use it you will need to modify the following variables in this files:
# user_id
# password
# password_for_certificate (you create this when generating your certificate)
# change the port for services corresponding to your services setting
# for terminal service to work you will need windows 2000 server or windows 2003 server
#                                            or windows xp with terminal service enable
# all label must match on this file and to the corresponding otunnel.conf on client

# Very simple orensp ssl reverse proxy configuration
# for 0.4.0 or later

# proxy listens on standard HTTPS port
# and forwards all requests to http://localhost:80

# listen port
proxy_listen_name = lis-ssl  https

# proxy to tunneling gateway
proxy_sslvpn_label = /vpn/rdp
proxy_sslvpn_label = /vpn/telnet
proxy_sslvpn_label = /vpn/proxy

#if backend server is using non-standard port, use
# proxy_pass_by = lis  lis-ssl  http://localhost:2000

#proxy_auth_url = <extended-url-pattern> <user-password-list> [options]
proxy_auth_url = lis-ssl://*/* -u="user_id:password" -rlm="SERVERNAME"

# SSL: pass phrase for server private key
proxy_ssl_keypass = password_for_certificate

# --- tunneling settings ---
# Notice there's no tunnel-specific listen port defined (tunnel_listen_name)
#tunnel_listen_name = mpx  ssl -mpx=sslvpn
tunnel_dest_name = lan-rdp   localhost:3389  raw
tunnel_dest_name = lan-telnet localhost:23  raw
tunnel_dest_name = lan-proxy localhost:81 raw

tunnel_pass_by = label /vpn/rdp     lan-rdp
tunnel_pass_by = label /vpn/telnet   lan-telnet
tunnel_pass_by = label /vpn/proxy   lan-proxy

# access log file
#proxy_log_access_io = single logs/access.log

# HTTP compression
# uncomment both lines below to enable HTTP compression

#proxy_filter_define = comp-txtonly mod_filt_zlib    mtype="text/"
#proxy_filter_assign = *       comp-txtonly

# URL rewrite in contents (response bodies)
# uncomment both lines below AND create simple_subst.conf to describe
# replacement rules (see Users' Guide)
# Note: these must come after HTTP compression settings in config file.

#proxy_filter_define = ext-rewrite mod_filt_ext int=rewrite_simple mtype="text/html"
#proxy_filter_assign = * ext-rewrite


Expert Comment

ID: 10909965
SAMPLE for otunnel.conf setup on client PC
# configuration for orenosp-cli (in otunnel.conf)
# this is a sample configuration and it is used with otunnel.exe
# command line to activate this configuration from client PC from inside corporate proxy
# provided user is allowed to access any https site
# command line: otunnel -c
# this sample configuration provide 3 services by only opening one port on external server
# with direct internet connection (port 443, see server configuration: sproxy.conf file for detail)

# you need to change the following items on this file:
# your.internet.ip.address
# user_id (set when generating key on ORENOSP server and also on sproxy.conf)
# password (set when generating key on ORENOSP server and also on sproxy.conf)
# note: tunnel_listen_name must match with tunnel_pass_by
#       tunnel_pass_by must match with proxy_ssl_vpnlabel on sproxy.conf)
# your can used any port on client PC as long as your client application allowed it

tunnel_listen_name = rdp  raw
tunnel_listen_name = telnet   raw
tunnel_listen_name = proxy   raw
tunnel_dest_name = your.internet.ip.address   your.internet.ip.address:443  ssl  -mpx=sslvpn -proxy=proxy_server:8080
tunnel_pass_by = lis rdp    your.internet.ip.address  -mpxlabel=/vpn/rdp -auth=user_id:password
tunnel_pass_by = lis telnet  your.internet.ip.address  -mpxlabel=/vpn/telnet -auth=user_id:password
tunnel_pass_by = lis proxy   your.internet.ip.address   -mpxlabel=/vpn/proxy  -auth=user_id:password


Author Comment

ID: 11022288
Tried a few times, can't seem to get it to work.

Is it possible for you to explain how to set up the programs a little more tjiawi?

I copied the sample files that you posted and changed the 'your.internet.ip.address' bit and the username and password.

Is the username and password supposed to match an account on the server, or is it just for orenosp?

I also changed 'SERVERNAME' to the name of the computer I'm trying to connect to if that's correct.

Sorry I haven't said anything for a while, work has been hectic so I haven't had much time.

Expert Comment

ID: 11027877
Are you able to browse any https (SSL) site from behind firewall? As this is a pre-requirement to established tunnel connection. You do not need to be able to ping your home server from behind the proxy, however you need to be able to access to your port 443 using otunnel.exe. The userid/password only need to match your orenosp setting, you will be prompted to sign-in to teminal server once you get the connection setablished. You will also need to check your IE proxy setting and place this proxy setting on your otunnel.conf file. And also make sure all configuration within sproxy.conf and otunnel.conf is related and must match to each other. Make sure you turn off firewall on your PC with  orenosp installed and on client PC with otunnel.exe. You will also need RemoteDesktop Client running on your PC from behind firewall to connect to your home terminal server.

Author Comment

ID: 11031676
I can't switch off the firewall on the PC with orenosp at home, last time I did that it got attacked and somebody tried to make themselves a windows account on it!
(Not to mention a few viruses and trojans - thank God for McAfee!)
Will opening port 443 to incomming traffic suffice?

Also, is it possible to use another port number, or does it have to be 443?

Accepted Solution

htjiawi earned 1720 total points
ID: 11039143
Since HTTPS/SSL use port 443 and on restrictive proxy only this connection is allowed, therefore this will most probable setup.

If you have high speed internet connection at home, I would recommend you to get a DSL router, since with this unit you will be protected from the internet with their build-in firewall. You will also have ability to connect multiple computers to the internet at the same time. With DSL router in place, you can safely turn off your firewall on your PC at home and make sure nothing is blocking port 443. You can than open port 443 on your router and fine tune it to your requirement. You will have to follow instruction that come with your DSL router to setup your particular DSL router.

Author Comment

ID: 11039200
I have a computer setup a bit like a router, it shares the internet throughout the house via a few switches.

It also doubles as a media center for the living room as it's in a flash little case next to the TV!
Great for watching movies DVD's or simply surfing the net. :o)

After installing the firewall software we have never had any more problems with Trojans and Virus', so I'll leave it as it is for now. I can easily open port 443 through the firewall, I just needed to know if it had to be port 443.

Thanks for all your input htjiawi! :o)

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question