Solved

One computer connecting to a home-LAN (probably VPN)

Posted on 2004-08-22
26
1,574 Views
Last Modified: 2010-04-11
I'm going to off to college in October and I will have my own computers where I live, but I want to be in control of the home-LAN, because I know the family will have the weekly computer trouble and I can't fly over every week eh?
So what is the best way of doing this simply?
We have 4 computers hooked up to a Router (3 Windows XP and 1 Win 2K) and the Router is then connected to the internet via WAN.

These are the main things I want be able to do: 1) being able to access the shared drives on the computers  
2) if possible, be in control of the computers (ie Remote troubleshooting feature) if something goes wrong.

Is this possible and fairly easy to setup? Or what kind of software can do this for me??
0
Comment
Question by:BabyJoe666
  • 9
  • 9
  • 3
  • +2
26 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 11864687
Hi BabyJoe666,

Good luck at college :-)

TightVNC (www.tightvnc.com) is a program that allows you to take remote control of a PC.  You install the server component on your family's PCs, and then you use the client component to control them.
For the Win XP machines, you could use the inbuilt Remote Desktop Connection (RDP) functionality, but this doesn't work with Win2000.

For TightVNC to work, you need to define ports for it to run on (I'd suggest I nice high one, in the 60000+ region) and a password to use when taking control.
You will also need to configure your router to allow incoming connections to the PCs on the relevant ports.  If you have any firewall software installed on the PCs, that'll need configuring too.

Do each of your PCs have a public IP address, or do you use NAT (have one Internet IP which everything shares) ?

If it's NAT, you'll need to configure different  TCP ports for VNC on each PC, and configure your router to do NAT forwarding based on these ports.
How practical that is depends on the exact model of your router.


Hope that this helps - let me know if you need any further info
0
 
LVL 1

Expert Comment

by:techi03
ID: 11864690
(for w2k use pcanywhere or VNC)
if the machine you are connecting to is XP then u can use the built in remote desktop option.

www.guidescentral.com
guides>>windows>>setting up XP terminal services.
then u need to open port 3389 on the router so that u can connect from the internet.

if the computer u are using to connect to the home network is XP then use remote desktop client in accessories>>communitacions.

if not then download the client from here
http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx

good luck
0
 

Author Comment

by:BabyJoe666
ID: 11865320
OK, thank you.
How is the security with the options you mention? It seems to me that exept a password there is nothing else to prevent other people from intruding in the lan?
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11865348
Security is a concern with this setup.  So, it's important to make sure that your router/firewall is configured correctly.

If you know the IP address or range that you'll be connecting from, you can configure VNC to only accept connections from that range.

You can also configure VNC so that it prompts the current user for permission before allowing someone to take control.

This would probably be useful in your environment.

It's important to ensure that the password is secure

So, for ideal security in this environment:
Configure your router/firewall only to allow connections from your IP address/range
Configure VNC to only allow connections from your IP address/range
Configure VNC to request permission before allowing someone to take control
Use a complex password

I reckon that lot would be sufficiently secure for most people! :-)

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 11866884
I'd recommend a VPN (IPSEC or PPTP) to secure the connection - most remote-control apps have had (and will continue to have) securtity holes such that you don't really want to open them up to the entire internet (yeah, I know most of the apps  can be configured to only accept connection from certain IPs - the problem is, the packet is still delivered to the app before it is rejected.)

An easier alternative might be to simply use your router to restrict the connections on an IP-basis, which might be a problem if you're getting a dynamic IP (and there are other issues - see below) - hence the VPN idea.

>Configure your router/firewall only to allow connections from your IP address/range

The problem with configuring a range is that you might have hacker neighbors in the dorm, and who know how well you might be protected from them by the school network admins.  The same problem actually exists, even if you receive a static IP (ARP spoofing, anyone?).  Better to just use the VPN (I'd go with IPSEC, and generate/copy the certs locally before you leave home).

Cheers,
-Jon
0
 
LVL 1

Expert Comment

by:techi03
ID: 11872286
If your using XP's remote desktop, i think you should be fine as it already has encryption.
http://www.microsoft.com/windowsxp/using/mobility/getstarted/webconoverview.mspx
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11872447
Techi: encryption is great, but I'd be more concerned about establishing the connection in the first place.
I agree with The--Captain's comments, but I assumed that a VPN was a little too complex :-)
0
 
LVL 1

Expert Comment

by:techi03
ID: 11872834
i dont see how secuirty whould be such a big concern on a home network.
if that is the case u will either need VPN on SSH.
here is some info on SSH
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
http://www.bitvise.com/remote-desktop.html


if u want to avoid complexity then block port 3389 on the router and ask whoever someone at home to open it when u need and close it again when your done.(email or msn or over the phone)
some routers also allow remote access from specific IP addresses, if your router has this option then u can set it up to only accept connections from your computer (assuming u have a static ip) and open /close ports as u need.

0
 
LVL 16

Expert Comment

by:The--Captain
ID: 11884488
>i dont see how secuirty whould be such a big concern on a home network

Becuase he's connecting from school!!!  Where do you think 90% of all script kiddies reside?  If it was from his office, or even from an internet cafe he could afford to be less concerned about security, but from college?!?  Get real.

A VPN is not that hard, and is the correct solution here.

Cheers,
-Jon
0
 

Author Comment

by:BabyJoe666
ID: 11886140
Exactly, I'm hooked to the college network and we all now what kind of traffic results from these networks in the late night hours.....
OK, I initially also thought that VPN was the way to go.
Now I've been trying to set up a IPSec/L2TD connection between two XP computers (both XP pro) but am not able to get them to communicate. What is the right way in setting up a VPN with XP?
The communication was not local (so 1 was hooked to the LAN, and the other was on internet via Dial-up line, so there was no local data rerouting that could cause conflict).
0
 
LVL 1

Expert Comment

by:techi03
ID: 11887532
try here for info on setting up VPN on XP
http://www.guidescentral.com/internet.html
0
 
LVL 1

Expert Comment

by:techi03
ID: 11887552
P.S u will also need to open port 1723 on your router, and check the router documentation to make sure it supports GRE tunneling.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 11888926
You don't want to configure the VPN to run on one of your internal workstations if you can avoid it in any way, especially one that runs an insecure operating system (XP) when security is of significant concern.  You'll want to configure a VPN on your router if it supports it.  May I ask what router you have at home?  Does it perform NAT as well?

Cheers,
-Jon
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:BabyJoe666
ID: 11895427
It is a US Robotics Broadband router, wich does perform NAT.
I'm not sure about VPN, it is not documented.
I can't seem to find it on their site, the closest one to ours is this one:
http://www.usr-emea.com/products/p-wired-product.asp?prod=net-bb-rout02&loc=bene

would it be necessary to change the router to a VPN type, or is this just a little modality?
0
 

Author Comment

by:BabyJoe666
ID: 11895473
0
 
LVL 1

Expert Comment

by:JohnItem
ID: 11899567

For the weekly family problem, Remote Desktop should do the trick.  The session is temporary - relatively safe.
Is TightVNC less secure?

Why not upgrade the 4th machine to XP and now you can use Remote Desktop to access them all?

Cheers
0
 

Author Comment

by:BabyJoe666
ID: 11906273
That is correct, but the rest of the week the port will remain open for other people...
I don't know how secure RD is, but is seems to me that the last thing you want is to keep such an important part of your computer exposed 7/7
0
 
LVL 1

Expert Comment

by:techi03
ID: 11906772
looks like your router doesnt support VPN only VPN passthrough.
you could setup one machine as a VPN server then once connected to the VPN a third party remote desktop software or XP remote desktop to connect to the others.
or
u open 3389 on the router when needed and disable it when your done.
0
 

Author Comment

by:BabyJoe666
ID: 11907983
Yes, but the problem is, when I do set up one as a server, the others don't recognize it, so I don't know what I'm doing wrong...

What is the way of doing a VPN? I have done the link mentioned here above also, but that doesn't work.
0
 
LVL 1

Expert Comment

by:techi03
ID: 11908647
what do u mean the others dont recognize it?
do u mean u cant connect to the VPN server, or that the network machines cant access the VPN server through NN?
can u provide more info?
0
 

Author Comment

by:BabyJoe666
ID: 11911388
I have set up the VPN, but I don't know how to connect an outside-LAN computer to the insiders wich have incoming VPN connections accepted.
0
 

Author Comment

by:BabyJoe666
ID: 11911946
BTW, I have just checked last weeks Router Log, and every day there has been a portscan, and people trying to logon to port 3389....
So, just Remote D with no other security measure seems too pover to me.
0
 
LVL 1

Expert Comment

by:JohnItem
ID: 11913599
No no...

You do not leave Remote Desktop enabled... What I meant was a variation of it... the commonly used remote assistance by MS as well.

The party inside your home LAN initiates the session every time they need your help.  You will not be able to go in at will, only when someone from the inside initiates it.  The 'invitation' has an expiry period, therefore RD port will not remain open.
Not ideal but the most straight forward solution for what you specify you need.

 
0
 
LVL 1

Accepted Solution

by:
techi03 earned 500 total points
ID: 11916638
I think John is talking about remote assistance.
right click my computer>>properties>>remote tab>>enable remote assistance.

as for the VPN
on the machine u'r taking with u go to
my network places>>
in the menu from the left "NETWORK TASK
>select view network connections
>> from the same menu select >>Create new connection.

then follow the wizard
>select connect to network at my workplace
>>VPN and enter the VPN info.
0
 

Author Comment

by:BabyJoe666
ID: 11927598
Thanks, I did not know that.
Now I can connect from the network internally.
However there is still the problem that I cannot connect the VPN from outside the LAN.
I blaim this on my router wich is NATting, so I can only connect on router IP....
It should support PPTP, but does it only support 1 computer wich has the ports open?

Anyway, my problems are almost solved, just this last step: connecting to the VPN from outside the LAN.
0
 
LVL 1

Expert Comment

by:techi03
ID: 11968308
your router will only support one VPN connection, so u will need to setup the router to forward any requests on the external ip on port 1723 to the internal servers ip.
then the clients from the outside should be configured with the external ip of the router.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now