Solved

Remote Desktop through a proxy server

Posted on 2004-04-19
12
54,060 Views
Last Modified: 2013-11-21
Hello all! :o)

Here is the problem:

- I have several computers at home, one is the server that connects to the internet (always on broadband) and shares internet access with the other PCs.
- I recently set this server up so i can Remote desktop in from an outside computer (and from there I can RD to any computer on the home network).
  I did this by installing the appropriate IIS components and unblocking the appropriate ports through the firewall etc..
  This allows me to access the server by going to http://xxx.xxx.xxx.xxx:xxxx/tsweb/, where the x's are the computers external IP address and the port used.
- This setup works fine everywhere except where I want to use it!
  It works on a BT dialup connection, and my girlfriends internet connection where she works, but not from where I work.

I'm the admin at a middle school where all the computers access the internet via an external proxy server (so I can't change its settings), and I think it is this that is stopping the connection (blocking a port perhaps).

Does anyone know of a way around this, via some free tunnelling software, or perhaps another method of connecting to the server besides remote desktop?

All suggestions are welcome! :o)
0
Comment
Question by:Nilknarf
12 Comments
 
LVL 4

Expert Comment

by:andydis
Comment Utility
is there server 2000 ?
you could always set up a VPN?
0
 
LVL 1

Expert Comment

by:ah_son
Comment Utility
Bypass the proxy server check the check box and key in the DNS if you know and it should work. Another way is to set up VNC in both computer.

0
 
LVL 4

Author Comment

by:Nilknarf
Comment Utility
My home server is only XP Pro. All the computers at the school are XP Pro also (except for the 2k servers)

I'm not sure a VPN would work as I can't even ping my server's IP address from work, seemingly again because of the Stafforshire proxy server (it simply says "Destination Host Unreachable" or something to that effect).
0
 
LVL 1

Expert Comment

by:htjiawi
Comment Utility
If you are able to access any https site from you office, then you can connect to your Terminal Server at home using RDP. All you need is to download freeware orenosp from:
http://hp.vector.co.jp/authors/VA027031/orenosp/index_en.html

On your PC at home:
- install orenosp service
- generate free certificate
- configure sproxy.conf to point to your XP Terminal Server
- open port 443 on your firewall to allow in coming traffic

On Office PC:
- configure otunnel.conf
- run: otunnel -c (from command prompt)
- run: RDP pointing to 127.0.0.2:port_number(configure in otunnel.conf)

The detail documentation can be found on the above website and I have tested this work from inside a restricted proxy network (provided you are still allowed to access https site).



0
 
LVL 4

Author Comment

by:Nilknarf
Comment Utility
I'll give that a try on Monday htjiawi, thankyou.

Also, not sure is this helps at all, but when I ping my home computer from work it says "Destination net unreachable"
0
 
LVL 1

Expert Comment

by:htjiawi
Comment Utility
SAMPLE for sproxy.conf setup on server:
------------------------------------------------
# this is configuration file user by ORENOSP service running on server with direct internet

connection
# the client PC from behind corporate proxy and firewall can access this server provided
# the client is allowed to access https site from inside corporate proxy

# using this program client will be able to access Terminal Server using Remote Desktop,
#                                                  Telnet, Proxy from Internet Explorer,
#                                                  Remotely Anywhere, and many other
#                                                  application including openvpn

# the advantage of this application is that it only require one port open on your home

firewall
# usually port 443 (HTTPS) and will allowed you to access multiple application on your home
# through this one open port and you can still access all this application even when you
# are behind corporate proxy and corporate firewall  

# sample provided here open 3 services: terminal service (rdp), telnet and webproxy
# to use it you will need to modify the following variables in this files:
# user_id
# password
# password_for_certificate (you create this when generating your certificate)
# change the port for services corresponding to your services setting
# for terminal service to work you will need windows 2000 server or windows 2003 server
#                                            or windows xp with terminal service enable
# all label must match on this file and to the corresponding otunnel.conf on client



#
# Very simple orensp ssl reverse proxy configuration
# for 0.4.0 or later
tunnel_enable=1


# proxy listens on standard HTTPS port
# and forwards all requests to http://localhost:80

# listen port
proxy_listen_name = lis-ssl   0.0.0.0@443  https

# proxy to tunneling gateway
proxy_sslvpn_label = /vpn/rdp
proxy_sslvpn_label = /vpn/telnet
proxy_sslvpn_label = /vpn/proxy

#if backend server is using non-standard port, use
# proxy_pass_by = lis  lis-ssl  http://localhost:2000

#proxy_auth_url = <extended-url-pattern> <user-password-list> [options]
proxy_auth_url = lis-ssl://*/* -u="user_id:password" -rlm="SERVERNAME"

#
# SSL: pass phrase for server private key
#
proxy_ssl_keypass = password_for_certificate

#
# --- tunneling settings ---
# Notice there's no tunnel-specific listen port defined (tunnel_listen_name)
#
#tunnel_listen_name = mpx   0.0.0.0@443  ssl -mpx=sslvpn
tunnel_dest_name = lan-rdp   localhost:3389  raw
tunnel_dest_name = lan-telnet localhost:23  raw
tunnel_dest_name = lan-proxy localhost:81 raw

tunnel_pass_by = label /vpn/rdp     lan-rdp
tunnel_pass_by = label /vpn/telnet   lan-telnet
tunnel_pass_by = label /vpn/proxy   lan-proxy


# access log file
#proxy_log_access_io = single logs/access.log

#
# HTTP compression
# uncomment both lines below to enable HTTP compression

#proxy_filter_define = comp-txtonly mod_filt_zlib    mtype="text/"
#proxy_filter_assign = *       comp-txtonly

#
# URL rewrite in contents (response bodies)
# uncomment both lines below AND create simple_subst.conf to describe
# replacement rules (see Users' Guide)
# Note: these must come after HTTP compression settings in config file.

#proxy_filter_define = ext-rewrite mod_filt_ext int=rewrite_simple mtype="text/html"
#proxy_filter_assign = * ext-rewrite


#end
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 1

Expert Comment

by:htjiawi
Comment Utility
SAMPLE for otunnel.conf setup on client PC
----------------------------------------------------
# configuration for orenosp-cli (in otunnel.conf)
# this is a sample configuration and it is used with otunnel.exe
# command line to activate this configuration from client PC from inside corporate proxy
# provided user is allowed to access any https site
# command line: otunnel -c
# this sample configuration provide 3 services by only opening one port on external server
# with direct internet connection (port 443, see server configuration: sproxy.conf file for detail)

# you need to change the following items on this file:
# your.internet.ip.address
# user_id (set when generating key on ORENOSP server and also on sproxy.conf)
# password (set when generating key on ORENOSP server and also on sproxy.conf)
# note: tunnel_listen_name must match with tunnel_pass_by
#       tunnel_pass_by must match with proxy_ssl_vpnlabel on sproxy.conf)
# your can used any port on client PC as long as your client application allowed it


tunnel_listen_name = rdp   0.0.0.0@88  raw
tunnel_listen_name = telnet 0.0.0.0@28   raw
tunnel_listen_name = proxy 0.0.0.0@81   raw
tunnel_dest_name = your.internet.ip.address   your.internet.ip.address:443  ssl  -mpx=sslvpn -proxy=proxy_server:8080
tunnel_pass_by = lis rdp    your.internet.ip.address  -mpxlabel=/vpn/rdp -auth=user_id:password
tunnel_pass_by = lis telnet  your.internet.ip.address  -mpxlabel=/vpn/telnet -auth=user_id:password
tunnel_pass_by = lis proxy   your.internet.ip.address   -mpxlabel=/vpn/proxy  -auth=user_id:password

0
 
LVL 4

Author Comment

by:Nilknarf
Comment Utility
Tried a few times, can't seem to get it to work.

Is it possible for you to explain how to set up the programs a little more tjiawi?

I copied the sample files that you posted and changed the 'your.internet.ip.address' bit and the username and password.

Is the username and password supposed to match an account on the server, or is it just for orenosp?

I also changed 'SERVERNAME' to the name of the computer I'm trying to connect to if that's correct.

Sorry I haven't said anything for a while, work has been hectic so I haven't had much time.
0
 
LVL 1

Expert Comment

by:htjiawi
Comment Utility
Are you able to browse any https (SSL) site from behind firewall? As this is a pre-requirement to established tunnel connection. You do not need to be able to ping your home server from behind the proxy, however you need to be able to access to your port 443 using otunnel.exe. The userid/password only need to match your orenosp setting, you will be prompted to sign-in to teminal server once you get the connection setablished. You will also need to check your IE proxy setting and place this proxy setting on your otunnel.conf file. And also make sure all configuration within sproxy.conf and otunnel.conf is related and must match to each other. Make sure you turn off firewall on your PC with  orenosp installed and on client PC with otunnel.exe. You will also need RemoteDesktop Client running on your PC from behind firewall to connect to your home terminal server.
0
 
LVL 4

Author Comment

by:Nilknarf
Comment Utility
I can't switch off the firewall on the PC with orenosp at home, last time I did that it got attacked and somebody tried to make themselves a windows account on it!
(Not to mention a few viruses and trojans - thank God for McAfee!)
Will opening port 443 to incomming traffic suffice?

Also, is it possible to use another port number, or does it have to be 443?
0
 
LVL 1

Accepted Solution

by:
htjiawi earned 430 total points
Comment Utility
Since HTTPS/SSL use port 443 and on restrictive proxy only this connection is allowed, therefore this will most probable setup.

If you have high speed internet connection at home, I would recommend you to get a DSL router, since with this unit you will be protected from the internet with their build-in firewall. You will also have ability to connect multiple computers to the internet at the same time. With DSL router in place, you can safely turn off your firewall on your PC at home and make sure nothing is blocking port 443. You can than open port 443 on your router and fine tune it to your requirement. You will have to follow instruction that come with your DSL router to setup your particular DSL router.
0
 
LVL 4

Author Comment

by:Nilknarf
Comment Utility
I have a computer setup a bit like a router, it shares the internet throughout the house via a few switches.

It also doubles as a media center for the living room as it's in a flash little case next to the TV!
Great for watching movies DVD's or simply surfing the net. :o)

After installing the firewall software we have never had any more problems with Trojans and Virus', so I'll leave it as it is for now. I can easily open port 443 through the firewall, I just needed to know if it had to be port 443.

Thanks for all your input htjiawi! :o)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now