| Author |
Message |
renil.lambert@gmail.com
Guest
|
 Posted:
Mon Nov 28, 2005 5:21 pm Post subject:
Remote desktop over vpn |
|
|
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
renil |
|
| Back to top |
|
 |
Leythos
Guest
|
| Posted:
Mon Nov 28, 2005 5:21 pm Post subject:
Re: Remote desktop over vpn |
|
|
In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
| Quote: | Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
|
Run VNC on his computer and then connect to his private IP address back
through the VPN.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Tue Nov 29, 2005 8:12 am Post subject:
Re: Remote desktop over vpn |
|
|
"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
| Quote: | In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
Run VNC on his computer and then connect to his private IP address back
through the VPN.
|
Those will only work if the VPN is configured to allow that, i.e. he has to
have a virtual IP and policies to allow the traffic. Some boxes do that by
default, some allow you the option, some do not allow you to do it. Depends
on both ends of the VPN.
You can get remote control of just about any PC with internet access via
http://www.gotomeeting.com. A commercial service that I feel is well worth
the money for remote support of firewalled PC's.
If the VPN client doesn't allow Internet traffic out while on the VPN, and
doesn't allow a virtual IP connection back, you might be toast. That seems
like an unlikely combination though.
-Russ. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Tue Nov 29, 2005 8:43 am Post subject:
Re: Remote desktop over vpn |
|
|
In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
| Quote: | "Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
Run VNC on his computer and then connect to his private IP address back
through the VPN.
Those will only work if the VPN is configured to allow that, i.e. he has to
have a virtual IP and policies to allow the traffic. Some boxes do that by
default, some allow you the option, some do not allow you to do it. Depends
on both ends of the VPN.
|
Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Triffid
Guest
|
| Posted:
Tue Nov 29, 2005 9:22 am Post subject:
Re: Remote desktop over vpn |
|
|
Leythos wrote:
| Quote: | In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
Run VNC on his computer and then connect to his private IP address back
through the VPN.
Those will only work if the VPN is configured to allow that, i.e. he has to
have a virtual IP and policies to allow the traffic. Some boxes do that by
default, some allow you the option, some do not allow you to do it. Depends
on both ends of the VPN.
Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.
|
Unless expressly permitted, all traffic is implicitly denied.
That's how firewalls work. Why assume otherwise when responding to posts?
Triffid |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Tue Nov 29, 2005 5:09 pm Post subject:
Re: Remote desktop over vpn |
|
|
In article <EmQif.1580$Et5.123731@news20.bellglobal.com>,
triffid@nebula.net says...
| Quote: |
Leythos wrote:
In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
Run VNC on his computer and then connect to his private IP address back
through the VPN.
Those will only work if the VPN is configured to allow that, i.e. he has to
have a virtual IP and policies to allow the traffic. Some boxes do that by
default, some allow you the option, some do not allow you to do it. Depends
on both ends of the VPN.
Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.
Unless expressly permitted, all traffic is implicitly denied.
That's how firewalls work. Why assume otherwise when responding to posts?
|
Because that's not how many devices called Firewalls since the advent of
the NAT Router and Windows PPTP work. While my Watchguard or other
appliances may block by default, a simple Linksys/D-Link/Netgear where
the user creates a PPTP session to another network, will let the remote
network tunnel back through the VPN session to the host/host network
that created it without being blocked.
I am offended that the Marketing departments have been able to get away
with calling simple NAT solutions Firewalls when they are just routers.
While I can create, in essence, a 1-way VPN with port/IP limitations, in
my real firewalls, the cheap NAT units that also do IPSec tunnels (like
the Linksys BEFVP41) offer nothing more than a fully open 2-way
connection on their end. This means that unless one side is a real
firewall, one that allows rules to configure VPN traffic, that the user
could VNC back through the VPN to the users desktop (if they were
running VNC).
The reason I guess that they are not using real firewalls is based on
how the post was presented/worded - I suspect that neither side is using
a real firewall, only a cheap SOHO/residential solution. One other
thing, any admin that would post I have a firewall.... already knows how
to do what they asked here, so it was another reason to suspect they are
using cheap SOHO/Nat units.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Wed Nov 30, 2005 2:57 am Post subject:
Re: Remote desktop over vpn |
|
|
"Triffid" <triffid@nebula.net> wrote in message
news:EmQif.1580$Et5.123731@news20.bellglobal.com...
| Quote: |
Leythos wrote:
In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
Run VNC on his computer and then connect to his private IP address back
through the VPN.
Those will only work if the VPN is configured to allow that, i.e. he has
to have a virtual IP and policies to allow the traffic. Some boxes do
that by default, some allow you the option, some do not allow you to do
it. Depends on both ends of the VPN.
Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.
Unless expressly permitted, all traffic is implicitly denied.
That's how firewalls work. Why assume otherwise when responding to posts?
Triffid
|
90% of people, when configuring a VPN, configure it wide open, all ports and
protocols.
However, some devices allow traffic in only one direction for a software VPN
some both. I suspect that is the OP's issue.
-Russ. |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Wed Nov 30, 2005 2:58 am Post subject:
Re: Remote desktop over vpn |
|
|
"Leythos" <void@nowhere.lan> wrote in message
news:HFWif.145588$tD4.88536@tornado.ohiordc.rr.com...
| Quote: | In article <EmQif.1580$Et5.123731@news20.bellglobal.com>,
triffid@nebula.net says...
Leythos wrote:
In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??
Run VNC on his computer and then connect to his private IP address
back
through the VPN.
Those will only work if the VPN is configured to allow that, i.e. he
has to
have a virtual IP and policies to allow the traffic. Some boxes do
that by
default, some allow you the option, some do not allow you to do it.
Depends
on both ends of the VPN.
Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that
VNC
would work just fine.
Unless expressly permitted, all traffic is implicitly denied.
That's how firewalls work. Why assume otherwise when responding to posts?
Because that's not how many devices called Firewalls since the advent of
the NAT Router and Windows PPTP work. While my Watchguard or other
appliances may block by default, a simple Linksys/D-Link/Netgear where
the user creates a PPTP session to another network, will let the remote
network tunnel back through the VPN session to the host/host network
that created it without being blocked.
I am offended that the Marketing departments have been able to get away
with calling simple NAT solutions Firewalls when they are just routers.
While I can create, in essence, a 1-way VPN with port/IP limitations, in
my real firewalls, the cheap NAT units that also do IPSec tunnels (like
the Linksys BEFVP41) offer nothing more than a fully open 2-way
connection on their end. This means that unless one side is a real
firewall, one that allows rules to configure VPN traffic, that the user
could VNC back through the VPN to the users desktop (if they were
running VNC).
The reason I guess that they are not using real firewalls is based on
how the post was presented/worded - I suspect that neither side is using
a real firewall, only a cheap SOHO/residential solution. One other
thing, any admin that would post I have a firewall.... already knows how
to do what they asked here, so it was another reason to suspect they are
using cheap SOHO/Nat units.
|
Guys, it's software on the remote end, not hardware.
So as I've said, some software allows the remote end to be addressed from
the head office, some does not, some depends on the configuration.
-Russ. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Wed Nov 30, 2005 3:04 am Post subject:
Re: Remote desktop over vpn |
|
|
In article <6i3jf.4281$43.3327@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
| Quote: | The reason I guess that they are not using real firewalls is based on
how the post was presented/worded - I suspect that neither side is using
a real firewall, only a cheap SOHO/residential solution. One other
thing, any admin that would post I have a firewall.... already knows how
to do what they asked here, so it was another reason to suspect they are
using cheap SOHO/Nat units.
Guys, it's software on the remote end, not hardware.
So as I've said, some software allows the remote end to be addressed from
the head office, some does not, some depends on the configuration.
|
I think I've said the same - since we don't know, based on the
description, I figured it was not a quality VPN solution.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Jeff B
Guest
|
| Posted:
Wed Dec 14, 2005 3:56 am Post subject:
Re: Remote desktop over vpn |
|
|
| Quote: | Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that
VNC would work just fine.
90% of people, when configuring a VPN, configure it wide open, all
ports and protocols.
|
Can you define ASSUME? Murphy will bite the user and the enterprise
that is silly enoungh to do either!
Even Joe XP/Home edition users are implementing deny all/all, so lot's
of luck.
--
---
Jeff B (remove the No-Spam to reply) |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Wed Dec 14, 2005 5:21 pm Post subject:
Re: Remote desktop over vpn |
|
|
"Jeff B" <jbeardNo-Spam1185@adelphia.net> wrote in message
news:Q7adnTBdjf_i3gLenZ2dnUVZ_tydnZ2d@adelphia.com...
| Quote: | Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.
90% of people, when configuring a VPN, configure it wide open, all ports
and protocols.
Can you define ASSUME? Murphy will bite the user and the enterprise that
is silly enoungh to do either!
Even Joe XP/Home edition users are implementing deny all/all, so lot's of
luck.
--
---
Jeff B (remove the No-Spam to reply)
|
Jeff, how many corporate VPN's have you had experience with?
The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but no
more.
One of the first things we typically address when consulted.
The reason is that they use the tunnel to run a workstation from remote as
if it were on the LAN. Have you ever tried to enumerate all the ports and
protocols required for a typical corporate workstation to do a domain log
in, run exchange, read file shares, print, hit a few client/server
applications, and allow the centrally managed coprorate update/virus/support
tools? Once you open that much stuff up, you may as well open up the rest
because your behind is hanging out so far anyway on so many interesting
services...
-Russ. |
|
| Back to top |
|
|
Volker Birk
Guest
|
| Posted:
Wed Dec 14, 2005 5:21 pm Post subject:
Re: Remote desktop over vpn |
|
|
Somebody. <somebody.@spamout.russdoucet.com> wrote:
| Quote: | The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but no
more.
|
The nicest I saw was at a company in Saragoza (Spain): VPN over several
locations in Spain, and then an unencrypted WiFi (WLAN) access point at
the center location in Saragoza, and _repeating_ all packages of the VPN
onto it ;-)
Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Wed Dec 14, 2005 5:21 pm Post subject:
Re: Remote desktop over vpn |
|
|
"Volker Birk" <bumens@dingens.org> wrote in message
news:43a050c2@news.uni-ulm.de...
| Quote: | Somebody. <somebody.@spamout.russdoucet.com> wrote:
The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but
no
more.
The nicest I saw was at a company in Saragoza (Spain): VPN over several
locations in Spain, and then an unencrypted WiFi (WLAN) access point at
the center location in Saragoza, and _repeating_ all packages of the VPN
onto it ;-)
Yours,
VB.
|
Egad...
Thanks for sharing... LOL...
-Russ. |
|
| Back to top |
|
|
Leythos
Guest
|
| Posted:
Wed Dec 14, 2005 5:21 pm Post subject:
Re: Remote desktop over vpn |
|
|
In article <V9Ynf.5062$43.2112@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
| Quote: | The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but no
more.
One of the first things we typically address when consulted.
The reason is that they use the tunnel to run a workstation from remote as
if it were on the LAN. Have you ever tried to enumerate all the ports and
protocols required for a typical corporate workstation to do a domain log
in, run exchange, read file shares, print, hit a few client/server
applications, and allow the centrally managed coprorate update/virus/support
tools? Once you open that much stuff up, you may as well open up the rest
because your behind is hanging out so far anyway on so many interesting
services...
|
Wide open is not needed to permit a workstation to access the company
network - as most remote workstations only need to hit a limited number
of IP, you can setup a rule that only permits Remote IP to access Local
IP, while it's not a good solution, it does limit them to the resources
required.
I personally use VPN with IP:3389 to a fixed location so that they can
only RD into one node, no other ports, and it works quite well for all
of the users.
--
spam999free@rrohio.com
remove 999 in order to email me |
|
| Back to top |
|
|
Somebody.
Guest
|
| Posted:
Fri Dec 16, 2005 2:27 am Post subject:
Re: Remote desktop over vpn |
|
|
"Leythos" <void@nowhere.lan> wrote in message
news:duYnf.190535$tD4.148773@tornado.ohiordc.rr.com...
| Quote: | In article <V9Ynf.5062$43.2112@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but
no
more.
One of the first things we typically address when consulted.
The reason is that they use the tunnel to run a workstation from remote
as
if it were on the LAN. Have you ever tried to enumerate all the ports
and
protocols required for a typical corporate workstation to do a domain log
in, run exchange, read file shares, print, hit a few client/server
applications, and allow the centrally managed coprorate
update/virus/support
tools? Once you open that much stuff up, you may as well open up the
rest
because your behind is hanging out so far anyway on so many interesting
services...
Wide open is not needed to permit a workstation to access the company
network - as most remote workstations only need to hit a limited number
of IP, you can setup a rule that only permits Remote IP to access Local
IP, while it's not a good solution, it does limit them to the resources
required.
I personally use VPN with IP:3389 to a fixed location so that they can
only RD into one node, no other ports, and it works quite well for all
of the users.
|
Using just 3389 is a pretty easy way to grant pretty wide access with pretty
minimal exposure; one of my favorite methods. And your other comments are
valid, I'm just relating what I've seen in the field. When (if?) people try
to lock it down, application X doesn't work, application X's vendor doesn't
seem to be able to come up with a good explanation of what it does and it's
all over the map such that logging doesn't reveal a satisfactory answer, so
they leave it open.
Much better to use RDP IMHO.
-Russ. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in