BabyJoe666
asked on
One computer connecting to a home-LAN (probably VPN)
I'm going to off to college in October and I will have my own computers where I live, but I want to be in control of the home-LAN, because I know the family will have the weekly computer trouble and I can't fly over every week eh?
So what is the best way of doing this simply?
We have 4 computers hooked up to a Router (3 Windows XP and 1 Win 2K) and the Router is then connected to the internet via WAN.
These are the main things I want be able to do: 1) being able to access the shared drives on the computers
2) if possible, be in control of the computers (ie Remote troubleshooting feature) if something goes wrong.
Is this possible and fairly easy to setup? Or what kind of software can do this for me??
So what is the best way of doing this simply?
We have 4 computers hooked up to a Router (3 Windows XP and 1 Win 2K) and the Router is then connected to the internet via WAN.
These are the main things I want be able to do: 1) being able to access the shared drives on the computers
2) if possible, be in control of the computers (ie Remote troubleshooting feature) if something goes wrong.
Is this possible and fairly easy to setup? Or what kind of software can do this for me??
(for w2k use pcanywhere or VNC)
if the machine you are connecting to is XP then u can use the built in remote desktop option.
www.guidescentral.com
guides>>windows>>setting up XP terminal services.
then u need to open port 3389 on the router so that u can connect from the internet.
if the computer u are using to connect to the home network is XP then use remote desktop client in accessories>>communitacion
if not then download the client from here
http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx
good luck
if the machine you are connecting to is XP then u can use the built in remote desktop option.
www.guidescentral.com
guides>>windows>>setting up XP terminal services.
then u need to open port 3389 on the router so that u can connect from the internet.
if the computer u are using to connect to the home network is XP then use remote desktop client in accessories>>communitacion
if not then download the client from here
http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx
good luck
ASKER
OK, thank you.
How is the security with the options you mention? It seems to me that exept a password there is nothing else to prevent other people from intruding in the lan?
How is the security with the options you mention? It seems to me that exept a password there is nothing else to prevent other people from intruding in the lan?
Security is a concern with this setup. So, it's important to make sure that your router/firewall is configured correctly.
If you know the IP address or range that you'll be connecting from, you can configure VNC to only accept connections from that range.
You can also configure VNC so that it prompts the current user for permission before allowing someone to take control.
This would probably be useful in your environment.
It's important to ensure that the password is secure
So, for ideal security in this environment:
Configure your router/firewall only to allow connections from your IP address/range
Configure VNC to only allow connections from your IP address/range
Configure VNC to request permission before allowing someone to take control
Use a complex password
I reckon that lot would be sufficiently secure for most people! :-)
If you know the IP address or range that you'll be connecting from, you can configure VNC to only accept connections from that range.
You can also configure VNC so that it prompts the current user for permission before allowing someone to take control.
This would probably be useful in your environment.
It's important to ensure that the password is secure
So, for ideal security in this environment:
Configure your router/firewall only to allow connections from your IP address/range
Configure VNC to only allow connections from your IP address/range
Configure VNC to request permission before allowing someone to take control
Use a complex password
I reckon that lot would be sufficiently secure for most people! :-)
I'd recommend a VPN (IPSEC or PPTP) to secure the connection - most remote-control apps have had (and will continue to have) securtity holes such that you don't really want to open them up to the entire internet (yeah, I know most of the apps can be configured to only accept connection from certain IPs - the problem is, the packet is still delivered to the app before it is rejected.)
An easier alternative might be to simply use your router to restrict the connections on an IP-basis, which might be a problem if you're getting a dynamic IP (and there are other issues - see below) - hence the VPN idea.
>Configure your router/firewall only to allow connections from your IP address/range
The problem with configuring a range is that you might have hacker neighbors in the dorm, and who know how well you might be protected from them by the school network admins. The same problem actually exists, even if you receive a static IP (ARP spoofing, anyone?). Better to just use the VPN (I'd go with IPSEC, and generate/copy the certs locally before you leave home).
Cheers,
-Jon
An easier alternative might be to simply use your router to restrict the connections on an IP-basis, which might be a problem if you're getting a dynamic IP (and there are other issues - see below) - hence the VPN idea.
>Configure your router/firewall only to allow connections from your IP address/range
The problem with configuring a range is that you might have hacker neighbors in the dorm, and who know how well you might be protected from them by the school network admins. The same problem actually exists, even if you receive a static IP (ARP spoofing, anyone?). Better to just use the VPN (I'd go with IPSEC, and generate/copy the certs locally before you leave home).
Cheers,
-Jon
If your using XP's remote desktop, i think you should be fine as it already has encryption.
http://www.microsoft.com/windowsxp/using/mobility/getstarted/webconoverview.mspx
http://www.microsoft.com/windowsxp/using/mobility/getstarted/webconoverview.mspx
Techi: encryption is great, but I'd be more concerned about establishing the connection in the first place.
I agree with The--Captain's comments, but I assumed that a VPN was a little too complex :-)
I agree with The--Captain's comments, but I assumed that a VPN was a little too complex :-)
i dont see how secuirty whould be such a big concern on a home network.
if that is the case u will either need VPN on SSH.
here is some info on SSH
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
http://www.bitvise.com/remote-desktop.html
if u want to avoid complexity then block port 3389 on the router and ask whoever someone at home to open it when u need and close it again when your done.(email or msn or over the phone)
some routers also allow remote access from specific IP addresses, if your router has this option then u can set it up to only accept connections from your computer (assuming u have a static ip) and open /close ports as u need.
if that is the case u will either need VPN on SSH.
here is some info on SSH
http://pigtail.net/LRP/printsrv/cygwin-sshd.html
http://www.bitvise.com/remote-desktop.html
if u want to avoid complexity then block port 3389 on the router and ask whoever someone at home to open it when u need and close it again when your done.(email or msn or over the phone)
some routers also allow remote access from specific IP addresses, if your router has this option then u can set it up to only accept connections from your computer (assuming u have a static ip) and open /close ports as u need.
>i dont see how secuirty whould be such a big concern on a home network
Becuase he's connecting from school!!! Where do you think 90% of all script kiddies reside? If it was from his office, or even from an internet cafe he could afford to be less concerned about security, but from college?!? Get real.
A VPN is not that hard, and is the correct solution here.
Cheers,
-Jon
Becuase he's connecting from school!!! Where do you think 90% of all script kiddies reside? If it was from his office, or even from an internet cafe he could afford to be less concerned about security, but from college?!? Get real.
A VPN is not that hard, and is the correct solution here.
Cheers,
-Jon
ASKER
Exactly, I'm hooked to the college network and we all now what kind of traffic results from these networks in the late night hours.....
OK, I initially also thought that VPN was the way to go.
Now I've been trying to set up a IPSec/L2TD connection between two XP computers (both XP pro) but am not able to get them to communicate. What is the right way in setting up a VPN with XP?
The communication was not local (so 1 was hooked to the LAN, and the other was on internet via Dial-up line, so there was no local data rerouting that could cause conflict).
OK, I initially also thought that VPN was the way to go.
Now I've been trying to set up a IPSec/L2TD connection between two XP computers (both XP pro) but am not able to get them to communicate. What is the right way in setting up a VPN with XP?
The communication was not local (so 1 was hooked to the LAN, and the other was on internet via Dial-up line, so there was no local data rerouting that could cause conflict).
P.S u will also need to open port 1723 on your router, and check the router documentation to make sure it supports GRE tunneling.
You don't want to configure the VPN to run on one of your internal workstations if you can avoid it in any way, especially one that runs an insecure operating system (XP) when security is of significant concern. You'll want to configure a VPN on your router if it supports it. May I ask what router you have at home? Does it perform NAT as well?
Cheers,
-Jon
Cheers,
-Jon
ASKER
It is a US Robotics Broadband router, wich does perform NAT.
I'm not sure about VPN, it is not documented.
I can't seem to find it on their site, the closest one to ours is this one:
http://www.usr-emea.com/products/p-wired-product.asp?prod=net-bb-rout02&loc=bene
would it be necessary to change the router to a VPN type, or is this just a little modality?
I'm not sure about VPN, it is not documented.
I can't seem to find it on their site, the closest one to ours is this one:
http://www.usr-emea.com/products/p-wired-product.asp?prod=net-bb-rout02&loc=bene
would it be necessary to change the router to a VPN type, or is this just a little modality?
ASKER
For the weekly family problem, Remote Desktop should do the trick. The session is temporary - relatively safe.
Is TightVNC less secure?
Why not upgrade the 4th machine to XP and now you can use Remote Desktop to access them all?
Cheers
ASKER
That is correct, but the rest of the week the port will remain open for other people...
I don't know how secure RD is, but is seems to me that the last thing you want is to keep such an important part of your computer exposed 7/7
I don't know how secure RD is, but is seems to me that the last thing you want is to keep such an important part of your computer exposed 7/7
looks like your router doesnt support VPN only VPN passthrough.
you could setup one machine as a VPN server then once connected to the VPN a third party remote desktop software or XP remote desktop to connect to the others.
or
u open 3389 on the router when needed and disable it when your done.
you could setup one machine as a VPN server then once connected to the VPN a third party remote desktop software or XP remote desktop to connect to the others.
or
u open 3389 on the router when needed and disable it when your done.
ASKER
Yes, but the problem is, when I do set up one as a server, the others don't recognize it, so I don't know what I'm doing wrong...
What is the way of doing a VPN? I have done the link mentioned here above also, but that doesn't work.
What is the way of doing a VPN? I have done the link mentioned here above also, but that doesn't work.
what do u mean the others dont recognize it?
do u mean u cant connect to the VPN server, or that the network machines cant access the VPN server through NN?
can u provide more info?
do u mean u cant connect to the VPN server, or that the network machines cant access the VPN server through NN?
can u provide more info?
ASKER
I have set up the VPN, but I don't know how to connect an outside-LAN computer to the insiders wich have incoming VPN connections accepted.
ASKER
BTW, I have just checked last weeks Router Log, and every day there has been a portscan, and people trying to logon to port 3389....
So, just Remote D with no other security measure seems too pover to me.
So, just Remote D with no other security measure seems too pover to me.
No no...
You do not leave Remote Desktop enabled... What I meant was a variation of it... the commonly used remote assistance by MS as well.
The party inside your home LAN initiates the session every time they need your help. You will not be able to go in at will, only when someone from the inside initiates it. The 'invitation' has an expiry period, therefore RD port will not remain open.
Not ideal but the most straight forward solution for what you specify you need.
You do not leave Remote Desktop enabled... What I meant was a variation of it... the commonly used remote assistance by MS as well.
The party inside your home LAN initiates the session every time they need your help. You will not be able to go in at will, only when someone from the inside initiates it. The 'invitation' has an expiry period, therefore RD port will not remain open.
Not ideal but the most straight forward solution for what you specify you need.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, I did not know that.
Now I can connect from the network internally.
However there is still the problem that I cannot connect the VPN from outside the LAN.
I blaim this on my router wich is NATting, so I can only connect on router IP....
It should support PPTP, but does it only support 1 computer wich has the ports open?
Anyway, my problems are almost solved, just this last step: connecting to the VPN from outside the LAN.
Now I can connect from the network internally.
However there is still the problem that I cannot connect the VPN from outside the LAN.
I blaim this on my router wich is NATting, so I can only connect on router IP....
It should support PPTP, but does it only support 1 computer wich has the ports open?
Anyway, my problems are almost solved, just this last step: connecting to the VPN from outside the LAN.
your router will only support one VPN connection, so u will need to setup the router to forward any requests on the external ip on port 1723 to the internal servers ip.
then the clients from the outside should be configured with the external ip of the router.
then the clients from the outside should be configured with the external ip of the router.
Good luck at college :-)
TightVNC (www.tightvnc.com) is a program that allows you to take remote control of a PC. You install the server component on your family's PCs, and then you use the client component to control them.
For the Win XP machines, you could use the inbuilt Remote Desktop Connection (RDP) functionality, but this doesn't work with Win2000.
For TightVNC to work, you need to define ports for it to run on (I'd suggest I nice high one, in the 60000+ region) and a password to use when taking control.
You will also need to configure your router to allow incoming connections to the PCs on the relevant ports. If you have any firewall software installed on the PCs, that'll need configuring too.
Do each of your PCs have a public IP address, or do you use NAT (have one Internet IP which everything shares) ?
If it's NAT, you'll need to configure different TCP ports for VNC on each PC, and configure your router to do NAT forwarding based on these ports.
How practical that is depends on the exact model of your router.
Hope that this helps - let me know if you need any further info