Solved

Remote Desktop through a proxy server

Posted on 2004-04-19
12
54,388 Views
Last Modified: 2013-11-21
Hello all! :o)

Here is the problem:

- I have several computers at home, one is the server that connects to the internet (always on broadband) and shares internet access with the other PCs.
- I recently set this server up so i can Remote desktop in from an outside computer (and from there I can RD to any computer on the home network).
  I did this by installing the appropriate IIS components and unblocking the appropriate ports through the firewall etc..
  This allows me to access the server by going to http://xxx.xxx.xxx.xxx:xxxx/tsweb/, where the x's are the computers external IP address and the port used.
- This setup works fine everywhere except where I want to use it!
  It works on a BT dialup connection, and my girlfriends internet connection where she works, but not from where I work.

I'm the admin at a middle school where all the computers access the internet via an external proxy server (so I can't change its settings), and I think it is this that is stopping the connection (blocking a port perhaps).

Does anyone know of a way around this, via some free tunnelling software, or perhaps another method of connecting to the server besides remote desktop?

All suggestions are welcome! :o)
0
Comment
Question by:Nilknarf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 4

Expert Comment

by:andydis
ID: 10861048
is there server 2000 ?
you could always set up a VPN?
0
 
LVL 1

Expert Comment

by:ah_son
ID: 10861541
Bypass the proxy server check the check box and key in the DNS if you know and it should work. Another way is to set up VNC in both computer.

0
 
LVL 4

Author Comment

by:Nilknarf
ID: 10861565
My home server is only XP Pro. All the computers at the school are XP Pro also (except for the 2k servers)

I'm not sure a VPN would work as I can't even ping my server's IP address from work, seemingly again because of the Stafforshire proxy server (it simply says "Destination Host Unreachable" or something to that effect).
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 1

Expert Comment

by:htjiawi
ID: 10895908
If you are able to access any https site from you office, then you can connect to your Terminal Server at home using RDP. All you need is to download freeware orenosp from:
http://hp.vector.co.jp/authors/VA027031/orenosp/index_en.html

On your PC at home:
- install orenosp service
- generate free certificate
- configure sproxy.conf to point to your XP Terminal Server
- open port 443 on your firewall to allow in coming traffic

On Office PC:
- configure otunnel.conf
- run: otunnel -c (from command prompt)
- run: RDP pointing to 127.0.0.2:port_number(configure in otunnel.conf)

The detail documentation can be found on the above website and I have tested this work from inside a restricted proxy network (provided you are still allowed to access https site).



0
 
LVL 4

Author Comment

by:Nilknarf
ID: 10906521
I'll give that a try on Monday htjiawi, thankyou.

Also, not sure is this helps at all, but when I ping my home computer from work it says "Destination net unreachable"
0
 
LVL 1

Expert Comment

by:htjiawi
ID: 10909961
SAMPLE for sproxy.conf setup on server:
------------------------------------------------
# this is configuration file user by ORENOSP service running on server with direct internet

connection
# the client PC from behind corporate proxy and firewall can access this server provided
# the client is allowed to access https site from inside corporate proxy

# using this program client will be able to access Terminal Server using Remote Desktop,
#                                                  Telnet, Proxy from Internet Explorer,
#                                                  Remotely Anywhere, and many other
#                                                  application including openvpn

# the advantage of this application is that it only require one port open on your home

firewall
# usually port 443 (HTTPS) and will allowed you to access multiple application on your home
# through this one open port and you can still access all this application even when you
# are behind corporate proxy and corporate firewall  

# sample provided here open 3 services: terminal service (rdp), telnet and webproxy
# to use it you will need to modify the following variables in this files:
# user_id
# password
# password_for_certificate (you create this when generating your certificate)
# change the port for services corresponding to your services setting
# for terminal service to work you will need windows 2000 server or windows 2003 server
#                                            or windows xp with terminal service enable
# all label must match on this file and to the corresponding otunnel.conf on client



#
# Very simple orensp ssl reverse proxy configuration
# for 0.4.0 or later
tunnel_enable=1


# proxy listens on standard HTTPS port
# and forwards all requests to http://localhost:80

# listen port
proxy_listen_name = lis-ssl   0.0.0.0@443  https

# proxy to tunneling gateway
proxy_sslvpn_label = /vpn/rdp
proxy_sslvpn_label = /vpn/telnet
proxy_sslvpn_label = /vpn/proxy

#if backend server is using non-standard port, use
# proxy_pass_by = lis  lis-ssl  http://localhost:2000

#proxy_auth_url = <extended-url-pattern> <user-password-list> [options]
proxy_auth_url = lis-ssl://*/* -u="user_id:password" -rlm="SERVERNAME"

#
# SSL: pass phrase for server private key
#
proxy_ssl_keypass = password_for_certificate

#
# --- tunneling settings ---
# Notice there's no tunnel-specific listen port defined (tunnel_listen_name)
#
#tunnel_listen_name = mpx   0.0.0.0@443  ssl -mpx=sslvpn
tunnel_dest_name = lan-rdp   localhost:3389  raw
tunnel_dest_name = lan-telnet localhost:23  raw
tunnel_dest_name = lan-proxy localhost:81 raw

tunnel_pass_by = label /vpn/rdp     lan-rdp
tunnel_pass_by = label /vpn/telnet   lan-telnet
tunnel_pass_by = label /vpn/proxy   lan-proxy


# access log file
#proxy_log_access_io = single logs/access.log

#
# HTTP compression
# uncomment both lines below to enable HTTP compression

#proxy_filter_define = comp-txtonly mod_filt_zlib    mtype="text/"
#proxy_filter_assign = *       comp-txtonly

#
# URL rewrite in contents (response bodies)
# uncomment both lines below AND create simple_subst.conf to describe
# replacement rules (see Users' Guide)
# Note: these must come after HTTP compression settings in config file.

#proxy_filter_define = ext-rewrite mod_filt_ext int=rewrite_simple mtype="text/html"
#proxy_filter_assign = * ext-rewrite


#end
0
 
LVL 1

Expert Comment

by:htjiawi
ID: 10909965
SAMPLE for otunnel.conf setup on client PC
----------------------------------------------------
# configuration for orenosp-cli (in otunnel.conf)
# this is a sample configuration and it is used with otunnel.exe
# command line to activate this configuration from client PC from inside corporate proxy
# provided user is allowed to access any https site
# command line: otunnel -c
# this sample configuration provide 3 services by only opening one port on external server
# with direct internet connection (port 443, see server configuration: sproxy.conf file for detail)

# you need to change the following items on this file:
# your.internet.ip.address
# user_id (set when generating key on ORENOSP server and also on sproxy.conf)
# password (set when generating key on ORENOSP server and also on sproxy.conf)
# note: tunnel_listen_name must match with tunnel_pass_by
#       tunnel_pass_by must match with proxy_ssl_vpnlabel on sproxy.conf)
# your can used any port on client PC as long as your client application allowed it


tunnel_listen_name = rdp   0.0.0.0@88  raw
tunnel_listen_name = telnet 0.0.0.0@28   raw
tunnel_listen_name = proxy 0.0.0.0@81   raw
tunnel_dest_name = your.internet.ip.address   your.internet.ip.address:443  ssl  -mpx=sslvpn -proxy=proxy_server:8080
tunnel_pass_by = lis rdp    your.internet.ip.address  -mpxlabel=/vpn/rdp -auth=user_id:password
tunnel_pass_by = lis telnet  your.internet.ip.address  -mpxlabel=/vpn/telnet -auth=user_id:password
tunnel_pass_by = lis proxy   your.internet.ip.address   -mpxlabel=/vpn/proxy  -auth=user_id:password

0
 
LVL 4

Author Comment

by:Nilknarf
ID: 11022288
Tried a few times, can't seem to get it to work.

Is it possible for you to explain how to set up the programs a little more tjiawi?

I copied the sample files that you posted and changed the 'your.internet.ip.address' bit and the username and password.

Is the username and password supposed to match an account on the server, or is it just for orenosp?

I also changed 'SERVERNAME' to the name of the computer I'm trying to connect to if that's correct.

Sorry I haven't said anything for a while, work has been hectic so I haven't had much time.
0
 
LVL 1

Expert Comment

by:htjiawi
ID: 11027877
Are you able to browse any https (SSL) site from behind firewall? As this is a pre-requirement to established tunnel connection. You do not need to be able to ping your home server from behind the proxy, however you need to be able to access to your port 443 using otunnel.exe. The userid/password only need to match your orenosp setting, you will be prompted to sign-in to teminal server once you get the connection setablished. You will also need to check your IE proxy setting and place this proxy setting on your otunnel.conf file. And also make sure all configuration within sproxy.conf and otunnel.conf is related and must match to each other. Make sure you turn off firewall on your PC with  orenosp installed and on client PC with otunnel.exe. You will also need RemoteDesktop Client running on your PC from behind firewall to connect to your home terminal server.
0
 
LVL 4

Author Comment

by:Nilknarf
ID: 11031676
I can't switch off the firewall on the PC with orenosp at home, last time I did that it got attacked and somebody tried to make themselves a windows account on it!
(Not to mention a few viruses and trojans - thank God for McAfee!)
Will opening port 443 to incomming traffic suffice?

Also, is it possible to use another port number, or does it have to be 443?
0
 
LVL 1

Accepted Solution

by:
htjiawi earned 430 total points
ID: 11039143
Since HTTPS/SSL use port 443 and on restrictive proxy only this connection is allowed, therefore this will most probable setup.

If you have high speed internet connection at home, I would recommend you to get a DSL router, since with this unit you will be protected from the internet with their build-in firewall. You will also have ability to connect multiple computers to the internet at the same time. With DSL router in place, you can safely turn off your firewall on your PC at home and make sure nothing is blocking port 443. You can than open port 443 on your router and fine tune it to your requirement. You will have to follow instruction that come with your DSL router to setup your particular DSL router.
0
 
LVL 4

Author Comment

by:Nilknarf
ID: 11039200
I have a computer setup a bit like a router, it shares the internet throughout the house via a few switches.

It also doubles as a media center for the living room as it's in a flash little case next to the TV!
Great for watching movies DVD's or simply surfing the net. :o)

After installing the firewall software we have never had any more problems with Trojans and Virus', so I'll leave it as it is for now. I can easily open port 443 through the firewall, I just needed to know if it had to be port 443.

Thanks for all your input htjiawi! :o)
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question