DComTalk.com

Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??

In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??

Run VNC on his computer and then connect to his private IP address back
through the VPN.

"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...
Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??

Run VNC on his computer and then connect to his private IP address back
through the VPN.

Those will only work if the VPN is configured to allow that, i.e. he has to
have a virtual IP and policies to allow the traffic. Some boxes do that by
default, some allow you the option, some do not allow you to do it. Depends
on both ends of the VPN.

In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...

"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...

In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...

Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??

Run VNC on his computer and then connect to his private IP address back
through the VPN.

Those will only work if the VPN is configured to allow that, i.e. he has to
have a virtual IP and policies to allow the traffic. Some boxes do that by
default, some allow you the option, some do not allow you to do it. Depends
on both ends of the VPN.


Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.

Leythos wrote:
In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...

"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...

In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...

Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??

Run VNC on his computer and then connect to his private IP address back
through the VPN.

Those will only work if the VPN is configured to allow that, i.e. he has to
have a virtual IP and policies to allow the traffic. Some boxes do that by
default, some allow you the option, some do not allow you to do it. Depends
on both ends of the VPN.


Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.

Unless expressly permitted, all traffic is implicitly denied.

That's how firewalls work. Why assume otherwise when responding to posts?

Leythos wrote:
In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...

"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...

In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...

Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??

Run VNC on his computer and then connect to his private IP address back
through the VPN.

Those will only work if the VPN is configured to allow that, i.e. he has
to have a virtual IP and policies to allow the traffic. Some boxes do
that by default, some allow you the option, some do not allow you to do
it. Depends on both ends of the VPN.


Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.

Unless expressly permitted, all traffic is implicitly denied.

That's how firewalls work. Why assume otherwise when responding to posts?

Triffid

In article <EmQif.1580$Et5.123731@news20.bellglobal.com>,
triffid@nebula.net says...


Leythos wrote:
In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...

"Leythos" <void@nowhere.lan> wrote in message
news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...

In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
renil.lambert@gmail.com says...

Hi
one of my client is connecting to my network through vpn.
is there any possiblity to start a remote desktop or Dameware or some
desktop sharing tool to view his desktop??

Run VNC on his computer and then connect to his private IP address
back
through the VPN.

Those will only work if the VPN is configured to allow that, i.e. he
has to
have a virtual IP and policies to allow the traffic. Some boxes do
that by
default, some allow you the option, some do not allow you to do it.
Depends
on both ends of the VPN.


Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that
VNC
would work just fine.

Unless expressly permitted, all traffic is implicitly denied.

That's how firewalls work. Why assume otherwise when responding to posts?

Because that's not how many devices called Firewalls since the advent of
the NAT Router and Windows PPTP work. While my Watchguard or other
appliances may block by default, a simple Linksys/D-Link/Netgear where
the user creates a PPTP session to another network, will let the remote
network tunnel back through the VPN session to the host/host network
that created it without being blocked.

I am offended that the Marketing departments have been able to get away
with calling simple NAT solutions Firewalls when they are just routers.

While I can create, in essence, a 1-way VPN with port/IP limitations, in
my real firewalls, the cheap NAT units that also do IPSec tunnels (like
the Linksys BEFVP41) offer nothing more than a fully open 2-way
connection on their end. This means that unless one side is a real
firewall, one that allows rules to configure VPN traffic, that the user
could VNC back through the VPN to the users desktop (if they were
running VNC).

The reason I guess that they are not using real firewalls is based on
how the post was presented/worded - I suspect that neither side is using
a real firewall, only a cheap SOHO/residential solution. One other
thing, any admin that would post I have a firewall.... already knows how
to do what they asked here, so it was another reason to suspect they are
using cheap SOHO/Nat units.

The reason I guess that they are not using real firewalls is based on
how the post was presented/worded - I suspect that neither side is using
a real firewall, only a cheap SOHO/residential solution. One other
thing, any admin that would post I have a firewall.... already knows how
to do what they asked here, so it was another reason to suspect they are
using cheap SOHO/Nat units.

Guys, it's software on the remote end, not hardware.

So as I've said, some software allows the remote end to be addressed from
the head office, some does not, some depends on the configuration.

Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that
VNC would work just fine.

90% of people, when configuring a VPN, configure it wide open, all
ports and protocols.

Yes, but in most cases people posting to this group don't have their
firewall setup to restrict at the port/service level. I suspect that VNC
would work just fine.

90% of people, when configuring a VPN, configure it wide open, all ports
and protocols.

Can you define ASSUME? Murphy will bite the user and the enterprise that
is silly enoungh to do either!

Even Joe XP/Home edition users are implementing deny all/all, so lot's of
luck.

--
---
Jeff B (remove the No-Spam to reply)

The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but no
more.

Somebody. <somebody.@spamout.russdoucet.com> wrote:
The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but
no
more.

The nicest I saw was at a company in Saragoza (Spain): VPN over several
locations in Spain, and then an unencrypted WiFi (WLAN) access point at
the center location in Saragoza, and _repeating_ all packages of the VPN
onto it ;-)

Yours,
VB.

The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but no
more.

One of the first things we typically address when consulted.

The reason is that they use the tunnel to run a workstation from remote as
if it were on the LAN. Have you ever tried to enumerate all the ports and
protocols required for a typical corporate workstation to do a domain log
in, run exchange, read file shares, print, hit a few client/server
applications, and allow the centrally managed coprorate update/virus/support
tools? Once you open that much stuff up, you may as well open up the rest
because your behind is hanging out so far anyway on so many interesting
services...

In article <V9Ynf.5062$43.2112@nnrp.ca.mci.com!nnrp1.uunet.ca>,
somebody.@spamout.russdoucet.com says...
The suggestion that 90% of people configure a VPN wide open is, in my
*experience* approximately correct. Perhaps 10 to 20 percent high, but
no
more.

One of the first things we typically address when consulted.

The reason is that they use the tunnel to run a workstation from remote
as
if it were on the LAN. Have you ever tried to enumerate all the ports
and
protocols required for a typical corporate workstation to do a domain log
in, run exchange, read file shares, print, hit a few client/server
applications, and allow the centrally managed coprorate
update/virus/support
tools? Once you open that much stuff up, you may as well open up the
rest
because your behind is hanging out so far anyway on so many interesting
services...

Wide open is not needed to permit a workstation to access the company
network - as most remote workstations only need to hit a limited number
of IP, you can setup a rule that only permits Remote IP to access Local
IP, while it's not a good solution, it does limit them to the resources
required.

I personally use VPN with IP:3389 to a fixed location so that they can
only RD into one node, no other ports, and it works quite well for all
of the users.