Remote connection with dynamic IP's

[Richard]

How do we configure a remote connection when the host and client computers
have dynamically assigned IP addresses that change periodically? Also a
little confused by the different IP addresses assigned to the modem, LAN,
and WAN. On our DSL connection I understand that the DSL modem IP address
is a permanent assignment for that manufacturer or modem model. The ISP
apparently also assigns the modem a daynamic WAN IP address when it connects
and the modem, in turn, assigns the computer with a dynamic LAN IP address.
Which of these IP addresses are visible on the internet and how do we
connect to them when they are dynamically assigned?

 

[Sooner Al [MVP]]

First you need to assign a static IP address on the local LAN to the PC you
want to connect to...

http://www.portforward.com/networking/static-xp.htm

Then forward TCP Port 3389 through the router to that IP address...

http://theillustratednetwork.mvps.o...pSetupandTroubleshooting.html#Port_forwarding

Lastly you can use a free dynamic naming service like No-IP.com, or another
similar one, that assigns a Fully Qualified Domain Name (FQDN) to your ISPs
dynamically assigned IP address. Call using the FQDN from a remote site...

http://theillustratednetwork.mvps.o...ktopSetupandTroubleshooting.html#Call_Schemes

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Joe]

I use a free program called Keep Me Posted that emails me when IP changes
and auto re-configures most brand name routers with new IP's so your web/ftp
sites are never down.

 

[Shenan Stanley]

I use a free program called Keep Me Posted that emails me when IP
changes and auto re-configures most brand name routers with new
IP's so your web/ftp sites are never down.

How is that better than just having to remember "joeshouse.dyndns.org"?
(In other words, using a dynamic dns service - many free ones - to just keep
up with the IP and assign the name, well, dynamically...)

 

[Guest]

One note: we use the no-ip.org service for our dynamic internet connection;
we cannot use the "domain name' they gave us; it does not work to connect
Remote Desktop; we have to go look up the new ip address at no-ip's website
and enter that before we can connect RD.

 

[Shenan Stanley]

Shenan Stanley wrote:

I use a free program called Keep Me Posted that emails me when IP
changes and auto re-configures most brand name routers with new
IP's so your web/ftp sites are never down.

How is that better than just having to remember
"joeshouse.dyndns.org"? (In other words, using a dynamic dns
service - many free ones - to just keep up with the IP and assign
the name, well, dynamically...)

One note: we use the no-ip.org service for our dynamic internet
connection; we cannot use the "domain name' they gave us; it does
not work to connect Remote Desktop; we have to go look up the new
ip address at no-ip's website and enter that before we can connect
RD.

Interesting.

I mainly utilize/recommend www.dynamicdns.org <- and have not seen that
issue with their service. Most of my customers use it for remote desktop -
many through routers they configured to forward different ports for
different machines behind said router - so they enter (in the remote desktop
client) things like "myhouse.dyndns.org:4500" and (if they have a machine
whose listening port for Remote desktop was changed to 4500) they get to
their machine. Some manage their routers that way as well.

 

[Richard]

Al,

Thank you for the reply, it was most helpful. Nevertheless, being a
relative novice, I have a few more questions if that is okay:

STEP 1: No problem, the information on assigning a static IP to computer is
pretty straight forward.

STEP 2: You indicated in step two that we needed to forward TCP Port 3389
requests through the router to the host computer's static IP address
assigned above. We read the article you suggested, but are still a little
confused. Do we need to configure setup options for port forwarding both in
our Qwest ActionTec DSL router AND in the Norton Personal Firewall on our
computer? What if a system has a DSL/Cable Modem connected to a network
switch or router connected to a computer with firewall. Does the port
forwarding setup have to be configured on ALL of the above components?

STEP 3: We're just a little curious about the dynamic IP naming service
(No-IP.com) mentioned in step three. How does the service know or acquire
the new IP assignments made to our DSL router by our ISP? Does our ISP map
the changes and make the mapping available to these services?

Finally, we understand that remote desktop will only allow a computer with
Windows XP Professional to act as a host. If this is the case, how do we
remotely access our home computer from the office which is running Windows
XP Home? Do we need to use a program, such as Symantec Norton PC Anywhere,
in order to make that type of a connection? We assume that Windows Remote
Desktop and PC Anywhere have similar capabilites?

Thanks again, your information is proving extremely useful!

**************************************

 

[Richard]

Is it possible that your remote is inadvertently configured to access the
host's "dynamic IP address" rather than the "Domain Name" from No-IP.org?

 

[Richard]

Joe,

Not sure this is as clean of a solution, but where do you get the free
program "Keep Me Posted?" Curious, but why would it auto configure the
router? The ISP is generally assigning the dynamic address to the host
computer's router, so what needs to change is the the IP address configured
in the remote computer that tries to access the host. Did you mean to say
that the program reconfigures the remote desktop so that it is aware of the
new IP address assigned to the host router?

 

[Richard]

Hello Shenan,

How do the free DNS name services know what the IP re-assignments are? Do
the ISP's map changes and then make them available to these dynamic naming
services? Also wondering what security risks arise due to dynamic IP
address assignments. If I get someone's old dynamic IP address assigned to
my computer by my ISP, does that mean someone who used to connect to that IP
address might now inadvertently connect to my computer?

 

[Sooner Al [MVP]]

Step 2...

You would need to forward TCP Port 3389 through each firewall/router between
the PC you want to remotely access/control. Keep in mind some DSL modems are
routers also.

Step 3...

In the case of No-IP.com you run a small program on one of the PCs on your
LAN. On a time scheduled basis, which is configurable, the No-IP.com program
contacts the No-IP.com servers. The servers then know what your current IP
is and map that to your FQDN. That information is then propagated over the
public internet so users can call your PC using the FQDN. I use No-IP.com to
call my home OpenVPN server and that works very well...

If the PC you want to remotely access/control is running XP Home then you
can *NOT* use Remote Desktop. An alternative that I recommend is UltraVNC
(its *FREE*) with its encryption plug-in. Get the UltraVNC server, client,
encryption plug-in and XP video driver (installed on the UltraVNC server
only) from...

http://ultravnc.sourceforge.net/

In the case of UltraVNC you need to forward TCP Port 5900 through any
firewall/router...

PCAnywhere is another option although it costs a bit last time I checked...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[Richard]

Thank you, Al, you have helped us resolve a long-standing issue. Hopefully,
your assistance will help us finally get our businesses and homes connected
together. One remaining question however, does the fact our ISP dynamically
assigns IP addresses create a security issue? For example, let us assume
our ISP assigns our router an IP address that belonged to someone else who
was also accessing their computer remotely. By trying to access their old
IP address might this individual theoretically be able to access our
computer instead? If so, how do we safeguard against this possibility?

 

[Sooner Al [MVP]]

They best way to guard against unauthorized users is to use a *strong*
password or run your RDP sessions through a VPN or SSH tunnel and use a
cert/private/public key pair (protected by a strong password) for
authentication. Personally I use a VPN and have used SSH in the past...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[gazza]

Try VNC through stunnel !!! Like Al said it is a secure SSH tunnel and
it is free.
Here is a good how too, not 100% clear in some places but very good...
I have set this up in a production environment and it is sweet !!!!
You cold also try cygwin to create the tunnel and use putty on the
client side .

http://www.securityfocus.com/infocus/1677

Gareth

 

[gazza]

KEEP ME POSTED is here.....

http://www.download.com/Keep-Me-Posted/3000-2381_4-7952208.html


Gareth

 

[Sooner Al [MVP]]

Here is another like page concerning RDP through a SSH tunnel...

http://theillustratednetwork.mvps.org/Ssh/SecureShell.html

Currently I use RDP through an OpenVPN tunnel...

http://theillustratednetwork.mvps.org/OpenVPN/OpenVPN.html

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

 

[mark.lore]

Try this free software. It works behind routers and with dynamic IP's.

http://www.antesoft.com/remotepc

 

[jtpryan]

Try this free software. It works behind routers and with dynamic IP's.

http://www.antesoft.com/remotepc

SPAM

And it doesn't work at all... I made the mistake of trying it.

-jtpr

 

[mark.lore]

SPAM

And it doesn't work at all... I made the mistake of trying it.

-jtpr

This is no spam. I just inserted the link in a few well chosen posts.
Antesoft Corporation is a real company based in Canada, this software
is secure and contains no spyware, virus or any malicious intend.

I've made this software for my own usage. I needed to access unattended
customer computers behind firewall. I decided to share it and see if
that can be useful to other peoples. It will not work on every computer
as it only supports NT/2000/2003/XP and, 16 or 32 bits screen display.
It is not as performant as Remote Desktop but has its advantages.

http://www.antesoft.com/remotepc

 

[scrammit]

Try Email My IP. Its a free utility that monitors your public IP and
sends you an email notification when that changes. You can also add
comments to distinguish which network the email is coming form. With
this info you will know the IP to connect to.

www.scrammit.com

HTH