What's the most secure way to remote desktop to server/workstation?

I think you'll find connecting using a VPN is probably the most secure. It does have an overhead as it encrypts the data and also encapsulates the packets adding an overhead. It is a case of trade-offs for security against performance, but depending on what you're running, it may be fast enough and secure enough. That's my opinion in my limited experience of this

I assume you are wanting to connect from outside your network, if this is the case then I agree with the above post that you should use a VPN connection to connect to the network and then use the built-in RDP client for the Remote Desktop connection.

Of the ones you've listed, I would say that logmein is very secure. it uses 256bit SSL encription. It also is very user friendly and has multipule layers of password protection.

But VPN is too slow. And logmein... I think it's passing through their server, I am wondering it's really secure.
Any one know ssh connection? or any better solution?

I've only used SSH for linux/unix systems. I am not sure of a faciility to remote control a windows machine with SSH.

You can certainly question the security of LogMeIn - but like I said, it is the most secure solution you listed, and free for that matter.

I'd also comment that with some confidence I can say that form what I've seen of their applicaiton they don't cache any login information. So, although you sign into their website, you still need to have a login to the pc/server you want to control.

thanx acroment!! But for a business environment, do you really think this is good to go through someone's server? Is there really no better option out there?

If you are looking for an SSH alternative for Windows check out the following...
http://sshwindows.sourceforge.net/
Also, VPN shouldn't be too slow if you have decent network equipment like a good VPN router.

As far as logmein goes, you can get a pro version (I forget what it's called, but you need to pay free it)  that means you don't have to login to their server. No such thing as a free lunch!

Thank you very much! I checked my router which is a linksys dd-wrt version. There is a option to setup vpn server and client. Since I never done this, how can I accomplish this?
Is this like 1 router act as server, the other remote router act as client?
Which ip should I enter here? the router's public ip?
pptp.JPG

There you go then, just use the PPTP VPN capabilities of your router. If the speed doesn't meet your needs, you can try another method.

You can find instructions here:

Setting up your router:

http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

Setting up your client:

http://www.dd-wrt.com/wiki/index.php/VPN_%28tutorial%29

Hi AdamsConsult& thank you for the tip. I followed the instrcution, but when I connect from client... I always get error 800... cannot establish vpn.

The setting I did in the v24 sp1 are:
Enable PPTP Server
Server IP:192.168.1.1 (I also tested with 192.168.1.2...same error message)
client IP range: 192.168.1.100-120 (I also disabled DHCP in setup)
CHAP-Secrets: myname * 1234 *
--------------------------------------------------------------------------------------------------------
Run "sed -i -e 's/mppe .*/mppe required,stateless/' /tmp/pptpd/options.pptpd" in command
Disabled loopback
DMZ not enabled
-------------------------------------------------------------------------------------------------------

You need the public IP address of the router and the public IP address of the client in those fields. What you're entering is a private non-routeable IP address. You need the IP address that you use that is actually on the Internet.

Please refer to my screenshot above:

Server IP: now I entr my static public ip
client IP range: 192.168.1.100-120 -> do you mean here I have to enter public ip???
CHAP-Secrets: myname * 1234 *

And I just tried with this setting.. still same error message

And Do you also mean I have to configure PPTP client section?? But the client is connecting using MS-xp built-in VPN software

Just un update, i read the tutorial again, Server IP should be

"Local IP of the PPTP Server. This should be almost the Local LAN IP.".... It shouldn't be the public ip I think.

The Server IP should be the public Internet IP address of your Linksys router. The Client IP should be the public Internet IP address of the client. Don't fill out the PPTP Client section. Local does not mean private, it means your IP address and not the IP address of the other party. The IP address of the other party is the Client.

This is what I hev now:

Server IP: my public static ip of my router.
Client IP(s): Remote client's public ip
CHAP-Secrets: myname * 1234 *

Still not working.. same error message.

Try from another client to rule out problems with the client.

Honestly, I don't think we're going to be able to resolve this further without you providing real IP addresses, as I'm not sure that you have things configured correctly.

I would say that perhaps you should just use SSH.

That's weired... but do you think it's the firewal?? Do I have to open any port?

With log me in, you would have this setup already.
https://secure.logmein.com/security.asp

The SSH option I suggested is much easier than this, is very configurable, and doesn't require a third party service.

I use it all the time...if you have issues setting it up let me know and I can still assist.

I believe that dd-wrt will open the hole in the firewall when you enable the PPTP server. But you still need to open a hole in your firewall on the client. The SSH tunnel may be easier for you, as we wouldn't have to try to get this configuration correct and rely on your actually trying to test this correctly.

"I believe that dd-wrt will open the hole in the firewall when you enable the PPTP server. But you still need to open a hole in your firewall on the client."

What's the port do I need to open in client? I didn't open any..

I believe the ports for VPN are 10000 UDP and 500 UDP.  You could try opening these ports to see if it corrects the issue.

You show the allowed sender list named "GM", but then you show that you enabled the "Consultants" sender list. If you want to allow e-mail from the GM sender list, you need to enable it also. Additionally, you show that you enabled the Consultants list for the SMTP Scan Job, but make sure that you have it enabled for the MTA Scan Job also.

If it still doesn't work after correcting those issues, please explain how you are testing it and what results you are getting.

Sorry guys, wrong question. Please disregard previous response.

bubuko, try taking your client firewall down completely (briefly) just to rule it out as the culprit first. Or optionally log all dropped packets and look in your log to see if any VPN traffic is being dropped.

Just an update. Today I tired the client connection at different place. Surprisingly, I was able to make vpn connection to my router.

But it was not like what AdamsConsult& said, I need to use private ip of the router in server and for the client, it should be private address that are assigned to client when client connected to VPN.


I don't know why I was not able to make it at other place.... maybe because I was doing that through logmein and teamviewer?? anyone can answer this question?

Hi adamhealy, I am also trying the SSH method, could you please take a look here?
I am not sure how you can do it with dd-wrt..

https://www.experts-exchange.com/questions/24160684/How-to-use-ssh-on-DD-WRT-v24sp1-wrt54gl-ROUTER.html