Hey all,

Ok i have a ADSL connection (using Dynalink rt210 router). Im running windows XP Pro and i wonder how can i connect to my PC from outside. I also have one 2003 server box (but using it for practising, and my home pc is in domain, but im working usually locally on my pc.

Coul anyone help to achive above task.

Any helpfull links with step by step instructions will be appraciated.

Cheers

What exactly do you want to do, just get to some files, like have some forms/ files etc available, or what?

Thanks for ur reply.

It would be good if i could do something like Remote desktop connection.

Thanks

Forward port 3389/tcp to the server.

http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx

http://www.microsoft.com/windowsxp/using/mobility/getstarted/remoteintro.mspx

http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/windows2000/en/advanced/help/telnet_topnode.htm

vnc > remote desktop IMO

I would use remote desktop as well. It's a built in feature of windows xp. If you're not behind a firewall or using a router, it is basically setup for you.

is it hard to achive?

What about setting up VPN server on my win 2003 server? Will it be hard?

Thanks

I don't know I was talking to a friend about setting up a VPN for this project we were working on. He said (he is in Cisco so he knows more about this than I do) that VPN's are very hard to maintain and secure, and that usually only multimillion dollar companies have them so it probably wouldn't be worth it to try.

If you care about your data and want to be secure, there is are two well recognised ways to do this. Either using SSH or VPN connections (or both, if you're a paranoia freak :)). Either way, it can be hard work setting up. Although it may be easy to set up simple port forwarding it is madness to use VNC or Remote Desktop Connection across non-encrypted connections. I'm going to talk about VPNs.

Setting up a Windows based VPN is very easy and relatively secure, as long as you take some precautionary measures. In an ideal world, you should be setting up an IPSEC VPN on your 2003 box as it offers the highest level of domain integration, standardisation and security, but that's something I'm still trying to get my head around, so here is another route you can try which may be more suited to you.

The quickest route for you would be to set up your XP box to accept incoming VPN connections. I would suggest a PPTP VPN as this hits the right balance between ease of setup and integrity, provided that you make some alterations to the default configuration. I just found this (http://http://www.onecomputerguy.com/networking/xp_vpn_server.htm) guide which goes through the setup describing it in more detail than I can here. The guide also tells you what ports you need to forward on your router, which I will summarise:

TCP1723 must be forwarded to your xp box, and your modem and router must also support PPTP VPN passthrough to allow Protocol47 (NOT port 47) to reach the XP box. You will need to take a look at the manuals for your modem/router to see how to do this/if it is supported.


So if you've managed to get this far then that's great, and now you need to work out how to connect to the VPN. HOWEVER. You need to make some changes to the authentication method used by your client. Here's why:

MSChap-1 is the standard authentication method used by PPTP. It is a very weak protocol and can be deciphered with relative ease (XOR attacks). You need to change the authentication method to either CHAP or MS-CHAP-2 and set the maximum encryption level to ensure the security of your connection. This is very easy to do and I found a great guide (http://www.wireless.ubc.ca/vpn/winxpvpn.html) that covers all of the above paragraph. Bear in mind that at the connection name stage of that guide, you will be entering your own public ip address or hostname. I suggest that you try connecting to the VPN using another pc on your LAN first, to confirm that the connection works, before trying to connect from a location outside your LAN.

OK so assuming you now have a VPN up, which has assigned a private IP to you on your LAN, and you want to use your XP desktop, the final stage is to choose a method for controlling your pc. Now that you have a secure connection you can use whatever you like, and it's down to personal choice. I tend to use RealVNC (http://www.realvnc.com) and occasionally Windows Terminal Server (AKA Remote Desktop Connection). If you haven't used either before, pray to Google (http://www.google.com) for your answers. :)

Hopefully this answers your question and isn't too complicated. Once you have everything up and running it's great piece of mind to know that you can access you LAN from any location with total security*. If you have any questions, feel free to ask.

* EDIT: OOPS I mean pretty good security, not _total_ security (there's no such thing, unless you own a quantum computer). :D

Information on remote deskop can be found here (http://support.microsoft.com/?kbid=275727)

also, has anyone ever tried using the remote desktop web connection (http://www.petri.co.il/install_remote_desktp_web_connection_on_windows_se rver_2003.htm) in IIS?

Your friend is definitely wrong about only big companies using VPNs as well. Anyone can set them up.

I'm honestly not a fan of VNC and tend to prefer remote deskop.

... has anyone ever tried using the remote desktop web connection (http://www.petri.co.il/install_remote_desktp_web_connection_on_windows_se rver_2003.htm) in IIS?


Yes, I've used it on Server 2003. It is installed per default in SBS (Small Business Server) Edition and allows/comes with licenses for up two simultaneous terminals on the server. It forms part of the whole new M$ portal frontend in 2003 which provides an intranet website (called Sharepoint), web based Outlook2003 and remote desktop access. I'm still learning with terminal services, but the actual performance of the rdc applet seems sluggish at times, although that might be my old laptop. It's definitely worth looking into if you have a 2003 box running.

Thanks a lot guys,

Ok i have set up my XP box to accept incoming VPN connections.( i have specified range of IP Addresses for assigning) I have also forwared port 1723 and 47 to my XP box. I can establish VPN connection lacally (when connected i checked if ip was assigned from the rnge i specified and it was)but when i try to do it from my friends place it it shows that is connecting thn veryfinig user name and password and than en error 721: The remote computer did not responde message comes up. :(


Help !!!!

Cheers

one more thing, I have scanned my router for open ports and 1723 and 47 did not come up as opened. Is it beacause they are only forwared?

Cheers

Thanks a lot guys,

Ok i have set up my XP box to accept incoming VPN connections.( i have specified range of IP Addresses for assigning) I have also forwared port 1723 and 47 to my XP box. I can establish VPN connection lacally (when connected i checked if ip was assigned from the rnge i specified and it was)but when i try to do it from my friends place it it shows that is connecting thn veryfinig user name and password and than en error 721: The remote computer did not responde message comes up. :(


Help !!!!

Cheers


OK, firstly, you don't need to forward port 47 - what I meant was protocol 47, which is a protocol called GRE, and is required by the modems and routers at both ends of your connection. You can tell if this protocol is supported by your modems by looking at the specifications for your router and modem and noting a VPN pass-through feature. This is a necessity for connecting a VPN across a NAT layer.

I think that (well, hope that) the problem is more likely to be at your friend's end rather than yours. You must also ensure that port 1723 is forwarded on your friends router, or you will not be able to negotiate a connection. (I'm assuming that your friend has a similar setup to you i.e. modem->router->NAT->LAN

See if this helps, if not, we can try some more drastic measures to at least prove that you can make a VPN connection across the internet :)

one more thing, I have scanned my router for open ports and 1723 and 47 did not come up as opened. Is it beacause they are only forwared?

Cheers

What did you use to scan your PC? The ports in question won't be in state:open but rather state:filtered. If you are using a really basic scanner it might not pick that up. Also, your firewall may be doing a good job of killing any scan attempts, depending on what kind of firewall it is.

If you want to try the best scanner available, get yourself nmap (http://www.insecure.org/nmap/) :)

Thanks,

U right, my friend has simular setup only with a different ADSL Router. By the way i was able to ping my computer from my friends place.

Anyways i will forward 1723 port on his router and see how it goes.

Cheers

ok, I did try to connect from my friends computer (dialup) and i got the same error msg as before ( the romote computer did not respond) so it must be something with my setting)

Any ideas ?

Cheers

vnc > remote desktop IMO


To be safe for VNC, he would need SSH, cygwin SSH server, as well as Putty client with SSH2.

You must protect that tight VNC connection regardless if the password to the VNC server is encrypted. SSH would help him provide a secure encrypted tunnel via 22 or another option port. The same can be applied for Secure FTP.

Then to transfer files he can use the latest development VNC that has file transfer capability. http://www.tightvnc.com/screenshots.html

If he must run VPN without having to utilze certificates created from an appropriate certificate authority as you would IPSEC, he can use PPTP VPN with a program called Wingate VPN which has the blowfish algorithm and its own freebie certifcates. The last thing he would want to do is be caught with a bootleg copy and running a CA. I will not discuss this further.

It would be nice if he could run IPSEC, there has to be a quick and easy guide out there to get it running. But in most cases PPTP VPN is the easiest to set up with the mentioned MSCHAPv2 and strong encryption settings.

Hey guys,

Ive replaced ADSL outer, and VPN connection is fine, seems like my old router didnt support GRE protocol.

Anyways thanks for ur help.

Cheers

nice one :D