What is a free or inexpensive way of connecting to a clients computer securely?

I am a network consultant and several of my clients want me to connect to their servers and make sure everything is up to date and working properly (ie. backups, WSUS, antivirus, ect...). What is a free or inexpensive way of connecting to their network or server? i am looking for something like GOTOMYPC but without the expensive price. or something like VNC would likely work, but i dont want to open ports on the firewall and have them be accessable to the public. so if i do go with VNC, i would need to implement some kind of VPN software to make it secure. i am anticipating implementing this on about 25 clients or so to begin with.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

if you are looking for a vpn use hamachi


if you are looking for a way to connect to the desktops

use logmein free


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
So why wouldn't you use Remote Desktop?

I setup a VPN server for my clients and then use RDP once I'm connected via VPN.
jasonfarmerAuthor Commented:
lee, i'm happy to use remote desktop... but i need a vpn solution before i can do that. what do you use?
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

Rob WilliamsCommented:
You are right VNC requires port forwarding, and all but the paid version of  RealVNC are unencrypted. However you can get a free VPN utility from Hamachi that will allow you to connect securely and then use VNC  or windows Remote desktop over the VPN connection. Hamachi requires no port configuring of the routers as it makes an out going connection from each machine to a 3rd party server. The server assists with the handshaking and then allows the two to communicate independently of the server. It is free, easy to set up, and has received great reviews.
Installed in it's normal state it has to be started by the remote user. Your clients may prefer to have it that way so they know when you are accessing their machines. However, if you wish you can also configure it as a service so you can connect at any time:
Batch file (near the bottom) to automate service creation:
Both Windows XP and Windows 2003 Server include BOTH a remote desktop client/server and a VPN client/server.  You need nothing but what comes from Microsoft.  It's unclear to me why other solutions are being suggested.  with a Windows-Windows remote scenario, no 3rd party add-ons are needed.
Lee W, MVPTechnology and Business Process AdvisorCommented:
I use Windows 2003 Server Routing and Remote Access Services.  Is it the best VPN solution - absolutely NOT.  But it's a perfectly workable one - yes this does require Port Forwarding for VPN ports (I believe 1723), but unless you want to buy a third party VPN server which can be quite costly in either server or Client licenses, then it's your only real good choice.

jasonfarmerAuthor Commented:
jhance, not all my customers have windows 2003 server os's.
jasonfarmerAuthor Commented:
will the http://www.hamachi.cc/ vpn work with windows 2000/2003 server? i noticed this on their site: "Hamachi is currently available for Windows 2000/XP and Linux operating systems."
Rob WilliamsCommented:

>>"will the http://www.hamachi.cc/ vpn work with windows 2000/2003 server?"
Yes, it will. I used it the other day on 2003 server.

Jason another option you might want to consider is to use Ultra VNC with their Single Click option. Single Click is a little package you pre-configure for the end user. They then download it, or send it to them in an e-mail (very small file), they simply click to open and run the .exe, and it sets up temporary access for you to connect. This is supposed to be an encrypted version, and you can customize it with your logo and configuration options, but it is not an ideal method for connecting to regular clients to manage logs and such. It is however, perfect for on-demand support requests where you have not pre-configured access. There is no modification of the firewall necessary and the end user can be assured you are not eves dropping since there is no way to reconnect when the session ends. I haven't used this but it is very highly rated and I believe it is free.
If the user is behind a NAT router you will may also need:

you've got my vote for ultravnc with single click, I've been using it for help desk support for a couple of months.  It is very easy to deploy.  Because the user initiates the outbound tcp connection to your server, it is generally immune to firewalls.

Trouble is, it might not meet the needs here, because alot of these duties are afterhours.

the trick to using VNC with open ports is to make sure the server is set to logoff or screen saver after x minutes.  and always run it on a special port, not default of 5800/5900
oh and you have to offer VNC if you will occasionally have scenratios where the user wants to watch as you do something, or vice versa.  RDP closes off thier desktop for your exclusive use.

Also if you do go the RDP router, remember that usually when connecting to 2000/2003 server you should use
mstsc /console /v:hostname_or_ipaddress
if your not connecting to console session you are not going to see foreground programs that are running
Rob WilliamsCommented:
Hi Carl,
As mentioned, I haven't used it, but read some great articles. Would Jason need to use the nat2nat option with it, where the units are behind a router, or does single click have that feature included?
TIGHT VNC is the answer.  It is free, and it works across the web, and has better encryption than VNC.

www.tightvnc.com -- download it now, install client on your system and server on theirs.
Rob WilliamsCommented:
"Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted .......So using TightVNC over the Internet can be a security risk."
From TightVNC site:  http://www.tightvnc.com/faq.html#howsecure
for a couple of years VNC has had a 'listening viewer' mode that you the consultant run.
the person to be helped (assuming they already have VNC installed) click the tray icon and do "add new client" this initiates a port 5900 connection from them to you.  You have to be ready for it with a port forward on your side.

the single click software offers three tiny changes away from this paradigm.
1- it is a ready to go execuatble , email or have them download it from your server
2- it presents a menu, you can offer them to connect to you by several ways, just add more menu items.
3- they initiate the connection to you.  They don;t need to program a port forward because nat will always allow connects that are initatiate from the inside.

you are the consultant, you are expected to know how to get the connection working inbound initiated into your VNC viewer.
All the VNC's have a provision for encryption.  Real VNC (the more commercial of them) has the easiest, but it has a $39 licensing fee.
nat to nat is a differnet technique of fooling nat routers into thinking that connections were initiated from inside of nat.  It appears to be contingent on their (UVNC) proxy server running for it to work.  Your server has to run (in addition to VNC) a server piece and the client ( in addition to VNC) the viewer helper piece.  Both sides are initiating connections to this third party server on port 5900, and when you wish to open a vnc connection , the tcp connection that existed between the VNC server and the third party server is transferred to you via some clever packet spoofing.
Rob WilliamsCommented:
Thanks Carl, sounds like nat2nat works in a similar way to Hamachi.
Although I have not researched it much, I'm concerned about what security can be had via Hamichi.  It is peer to peer, [read: kazaa, old napster, edonkey]  it helps you build a VPN, and does so by finding a third party computer which is not behind NAT.  In peer to peer file sharing,  the ad-hoc serverless self healing network between peers is built and as needed computers with real IP addresses and no nat or firewall (or peers/clients who have port forwarding setup) help propogate the network and help facilitate communications between peers who are stuck behind tighter firewalls, or in the case of P2P file sharing, usually naieve users who just don't read the directions for optimal setup.

So in hamichi world you are using other users computer's to initate your VPN.  There is a lack of proof that this is truly secure, but it is probably secure enough for many non business non private content.
Rob WilliamsCommented:
I must say I have had my concerns about Hamachi. Though I have used it a couple of times in a pinch for short term monitoring, I'll feel safer with my hardware VPN's. Having been concerned about the security I have looked for articles discrediting it and haven't found any. Steve Gibson of www.grc.com , supposedly a security guru, rates it very highly. I have been a little concerned with the third party involvement, but told it is handed off once the tunnel is establish.
However, my big worry is it's possible installation and use by non-authorized employees, creating a back door to the company.
oh absolutly! there are a couple of spywares that initate VPN tunnels out to china.  That cannot be good.

Gibson- I love him.  I don't trust him, but he is fun to watch.  He hypes up what helps his wallet.  I guess I would do the same thing, capitalism rules.  In the end if he increases awareness of some XP security flaws and gets them fixed quicker, it is all a good thing.
Rob WilliamsCommented:
Gibson certainly is entertaining, and I do believe he is "some kind" of a genius, however I must agree, you wonder about the motivation $ome time$.
In Linux there are many free tools like freeswan or ssh that from anywere in the world you can connect, and it is very secure and its free. There is also many vpn clients and servers.
jasonfarmerAuthor Commented:
i went with hamachi for VPN and RealVNC for remote desktop. this so far is working out very well. the transmission speeds are great. thank you everyone for your help and suggestions.
Rob WilliamsCommented:
Thank you Jason,
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.