Setting up Remote access (Mix of XP and Windows 2000 computers)???

[David Nelms]

Need some help!!! I know just enough about remote networking, setting up a
network, etc to get me in trouble. Here's the setup.

4 computers in the office.
Computer #1 - Running Windows 2000, has a DSL modem that is host to our DSL
connection. A Network NIC that hooks to a D-Link switch that allows the
computers in the network to see each other. Internet is shared to all
computers thru this connection. Running Zonealarm as the firewall.
Computer #2 - running XP Pro, is used as a central place for all our files,
but is not running server software.
Computers 3 & 4 - running Windows 2000

When I set this up, I did not set up a domain name, just a workgroup. Our
DSL is NOT a static IP.

Here's what I'd like to do, please tell me if the setup as now can support
it?

Allow anyone with access at home to log into the network...
Allow Remote Desktop to be run (I may be mistaken, but since my host is not
running XP, I cannot utilize the Remote Desktop feature from my XP Pro setup
at home??)

We have used GotoMyPC and it works fine,but we'd like to find a solution
that we maintain and does not cost?

Thanks for any direction and advice.

David Nelms

 

[Pegasus \(MVP\)]

Need some help!!! I know just enough about remote networking, setting up a
network, etc to get me in trouble. Here's the setup.

4 computers in the office.
Computer #1 - Running Windows 2000, has a DSL modem that is host to our DSL
connection. A Network NIC that hooks to a D-Link switch that allows the
computers in the network to see each other. Internet is shared to all
computers thru this connection. Running Zonealarm as the firewall.
Computer #2 - running XP Pro, is used as a central place for all our files,
but is not running server software.
Computers 3 & 4 - running Windows 2000

When I set this up, I did not set up a domain name, just a workgroup. Our
DSL is NOT a static IP.

Here's what I'd like to do, please tell me if the setup as now can support
it?

Allow anyone with access at home to log into the network...
Allow Remote Desktop to be run (I may be mistaken, but since my host is not
running XP, I cannot utilize the Remote Desktop feature from my XP Pro setup
at home??)

We have used GotoMyPC and it works fine,but we'd like to find a solution
that we maintain and does not cost?

Thanks for any direction and advice.

David Nelms

Let's first agree on the terminology:
- The PCs at the office are called "hosts".
- The home PCs are called "clients".

Now to your question:
- Hosts must run Windows XP Professional or any Windows Server
flavour for a Remote Desktop session.
- Clients can run any version of Windows. The software is freely available
here: http://www.microsoft.com/windowsxp/pro/downloads/rdclientdl.asp

Since some of your hosts are Win2000, you cannot use Remote Desktop.
You could use WinVNC - it's free. Note that file transfer or printing
are not supported under WinVNC.

 

[DavidN]

Well I got WinVNC and can get on my work computer with no problem.
However getting on my home computer from work is proving difficult. I've
read thru everything possible on the VNC website and documentation as
well as the Linksys site for info on my router. I'm using a Linksys
Broadband Router (BEFW11S4). I've got a dynamic IP so I gotten an
account with dyndns.org and an updater so it will know if my IP address
has changed. But each time the VNC viewer tries to connect, I get a
"Connection Refused" message.

For anyone familar with the WinVNC program or anyone that knows about
the LInksys router, is it possible to use with Dynamic IP's since the
VNC server still is seeing only my internal network IP's??

Thanks for any help!

David Nelms

 

[Steven L Umbach]

I have not used it myself but the link below may help.

http://www.winproxy.com/support/using_vnc.asp

First off you need to configure your router to accept connections on and port forward
the ports used by the application to your internal computer that will accept
connections. The link above lists port 5900 TCP as the default. Then the application
needs to be configured to accept connections. You can scan your router from the
internet to see if the proper ports are open. I like to use the free Superscan 4 that
can be downloaded from Foundstone. I would first try to connect by specifying the
current IP address that you are assigned by your ISP and when you get that to work
try the host name. Be sure to use complex passwords as this is a backdoor into your
network. --- Steve

 

[Pegasus \(MVP\)]

Well I got WinVNC and can get on my work computer with no problem.
However getting on my home computer from work is proving difficult. I've
read thru everything possible on the VNC website and documentation as
well as the Linksys site for info on my router. I'm using a Linksys
Broadband Router (BEFW11S4). I've got a dynamic IP so I gotten an
account with dyndns.org and an updater so it will know if my IP address
has changed. But each time the VNC viewer tries to connect, I get a
"Connection Refused" message.

For anyone familar with the WinVNC program or anyone that knows about
the LInksys router, is it possible to use with Dynamic IP's since the
VNC server still is seeing only my internal network IP's??

Thanks for any help!

David Nelms

Here are the steps you need to take to test your remote access with WinVNC:

1. Determine your external IP address. Many routers will tell you what it
is.
You can also send an EMail message to yourself, and extract it from the
mail header.

2. Ping this address from the outside. If you cannot ping it then WinVNC
will not work.

3. Double-check the port-forwarding rule in your router.

4. Turn off your software firewall during testing.

5. Leave WinVNC at its default "Display" number, at least during
testing. The default is "0", which corresponds to port 5900.

6. Run this command from the office PC:
telnet dnelms.homedns.org 5900
You must get a response. If you don't then there is no point in
trying WinVNC.

 

[Phillip Windell]

You wouldn't have to worry about any of this stuff if you just used VPN to
connect from home to work in the first place,...then connecting to your
workstation with VNC would be a "no-brainer".

 

[DavidN]

You wouldn't have to worry about any of this stuff if you just used VPN to
connect from home to work in the first place,...then connecting to your
workstation with VNC would be a "no-brainer".

That's fine... from everything I read and been told...given my setups
at work and home, setting up a VPN would a)not be so easy and B) incure
additional costs. If you want to take a look at my first message in this
thread and see what my setup is, and then suggest a way I can do it
getting thru my Linksys router at home, I'm all for trying it.

Thanks
David

 

[DavidN]

You wouldn't have to worry about any of this stuff if you just used VPN to
connect from home to work in the first place,...then connecting to your
workstation with VNC would be a "no-brainer".

That's fine... from everything I read and been told...given my setups
at work and home, setting up a VPN would a)not be so easy and B) incure
additional costs. If you want to take a look at my first message in this
thread and see what my setup is, and then suggest a way I can do it
getting thru my Linksys router at home, I'm all for trying it.

Thanks
David

 

[DavidN]

Here are the steps you need to take to test your remote access with WinVNC:

1. Determine your external IP address. Many routers will tell you what it
is.
You can also send an EMail message to yourself, and extract it from the
mail header.

2. Ping this address from the outside. If you cannot ping it then WinVNC
will not work.

3. Double-check the port-forwarding rule in your router.

4. Turn off your software firewall during testing.

5. Leave WinVNC at its default "Display" number, at least during
testing. The default is "0", which corresponds to port 5900.

6. Run this command from the office PC:
telnet dnelms.homedns.org 5900
You must get a response. If you don't then there is no point in
trying WinVNC.

Did everything suggested, was able to ping the address... made sure of
the port setting. When I run the telnet command from the work computer,
it says it can't make a connection to port 5900. Any more ideas of
things to try...I've searched the net and Linksys over and over and it
seems I'm doing all the things I should be doing. Actually the
connection to work was the most important and that works flawlessly, but
I hate it when something does not work that I know should and I just
don't want to give up on it, I want to figure it out.

Thanks
David

 

[Pegasus \(MVP\)]

Did everything suggested, was able to ping the address... made sure of
the port setting. When I run the telnet command from the work computer,
it says it can't make a connection to port 5900. Any more ideas of
things to try...I've searched the net and Linksys over and over and it
seems I'm doing all the things I should be doing. Actually the
connection to work was the most important and that works flawlessly, but
I hate it when something does not work that I know should and I just
don't want to give up on it, I want to figure it out.

Thanks
David

To be sure that you're pinging the correct address from the outside,
do this:
- Start a Command Prompt on the office PC.
- Type this:
ping dnelms.homedns.org -t
- Ask a friend to turn off your DSL modem

If you're pinging the correct address then the ping must fail
the very moment that the DSL modem is turned off. If it
does not fail then you're pinging somebody elses's device.

 

[Phillip Windell]

I'm not familiar with the Linksys box, and I don't know of any *good* way to
do this without VPN. However one *bad* way to do it would be to setup a
Static-NAT such that when a request hits the external IP of the Linksys on
the VPN port it is then forwarded to the same port# on your machine running
as the VNC host. Linksys may use other terminology for the same process
rather than "static nat", you'll have to figure that out. This is the "bad"
way because it limits you to only this one machine, if you decide later that
you wish to connect with VNC to other machines then you are screwed.
Another problem is that you are also depending 100% on the security of VNC
instead of the combined security of VPN and VNC.

 

[Carl Sagar]

You can configure VNC to run on different ports so that PC1 can forward on
port 5900, PC2 5901, PC3 5902, etc. VNC calls these displays by default,
port 5900 = display 0, so you would connect with the string PC1:0, or PC2:1
all without the use of a VPN. If you wanted to use non standard port
numbers it will be less obvious, so set up VNC on a high numbered port or
translate a high numbered port to a standard VNC port if your router has
support for that. So PC1:62392, PC2:23850 - not many random scanners would
easily locate such an obscure port. You can also tunnel VNC through SSH
using cygwin SSH server libraries for Windows, which will add encryption and
a little compression to VNC to make it more secure if you're worried about
having your VNC connection data captured in transit. A VPN is ideal but SSH
is just as effective and if you're running this at home then even non
standard port numbers, while not truly secure, are more than enough to deter
any random attacker.
----------------------------------------

I'm not familiar with the Linksys box, and I don't know of any *good* way to
do this without VPN. However one *bad* way to do it would be to setup a
Static-NAT such that when a request hits the external IP of the Linksys on
the VPN port it is then forwarded to the same port# on your machine running
as the VNC host. Linksys may use other terminology for the same process
rather than "static nat", you'll have to figure that out. This is the "bad"
way because it limits you to only this one machine, if you decide later that
you wish to connect with VNC to other machines then you are screwed.
Another problem is that you are also depending 100% on the security of VNC
instead of the combined security of VPN and VNC.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


VPN

to
That's fine... from everything I read and been told...given my setups
at work and home, setting up a VPN would a)not be so easy and B) incure
additional costs. If you want to take a look at my first message in this
thread and see what my setup is, and then suggest a way I can do it
getting thru my Linksys router at home, I'm all for trying it.

Thanks
David