Accessing a PC behind IP VPN

Discussion in 'Windows Desktop Systems' started by Digdis, Jul 21, 2005.

  1. Digdis

    Digdis OSNN Addict Political User

    Messages:
    91
    Hi,
    This might be a bit long but please bear with me:

    I have a PC at work on which I need to run some tests from time to time. As some of these tests may fail, or finish ahead of time (when I'm not at work), I would like to be able to connect to my PC from home to check the status of these tests (and maybe run new ones).
    Now, the only way to login to my work's network is using IP-VPN; This means that I can connect to the network, but I don't get an IP that enables me to contact to my PC (not even with a ping). This of course prevents me from logging into my PC (say via remote desktop).
    Now to my question: Is there an application I can run on my work PC, that will enable PCs on the outside world (like my home PC) to connect to me in an authenticated manner? Say using user & password and/or list of allowed IPs?

    D.
     
  2. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    My post is more advice, than a suggestion.

    If your network at work is that secure, and you are trying to find ways to exploit it, I would recommend against it. I'm sure that it is setup the way it is supposed to be setup for a reason. If you need access, talk to your Network Administrators, and if they feel you need to have it, they will set it up for you. Otherwise, do something else when you aren't working :)

    Even if you were to find a way, someone who is that on top of things will find out, and won't be good for your job security :speechless:
     
  3. Digdis

    Digdis OSNN Addict Political User

    Messages:
    91
    Thanks for the advice. I did talk to my net admin. We are a small company getting our VPN services from our ISP, including this whole "IP-VPN" concept, so there's nothing much he can really do (other than switching ISP or program, which ain't practical). I'm not trying to exploit our network at any way.

    That's the whole point. Otherwise, I would have to go to work. :)

    D.
     
  4. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Well, your replies would change my solution a little bit. Is your work PC getting a static address, or is the network running DHCP? If it is static, couldn't you memorize, or write down the IP of the node, then once you have VPN'ed in, connect to it? Just because you can't ping doesn't mean you can't connect. If ICMP is blocked on your network (although it's not common) that would prevent you from pinging. Have you tried to connect through the NETBIOS name of the PC?

    That is what makes sense to me, since in essence if you VPN in you are authenticated to the network. Is your PC running Windows XP SP2? If that is the case, you would have to configure the computer to accept incoming RDC requests. Also, do you have a domain controller, would this be affecting any settings at all?

    No offense at all, but this is such a loaded question and I think it's a little sad that your own Admin can't figure it out. Reason being he would know how everything is setup whereas I would have to keep asking all these questions. I don't mind, and I like to brainstorm, just my opinion....

    Let's start with the focal point, is your workstation Static or Dynamic in regards to IP?
     
  5. Nismo83

    Nismo83 OSNN AZN Addict

    Messages:
    383
    i seconded that. It is not wise to do that unless you are trying to blow your job off.

    "Everything happen for a reason"
     
  6. Digdis

    Digdis OSNN Addict Political User

    Messages:
    91
    Thanks for the help. Here are some details:
    My work PC is getting a dynamic IP address. In order to check this, I memorized it. I don't think this is a problem - I don't intend to do this too often, and even if I do - there are ways to figure it out (like some tools that can send your IP address to an email address). The PC runs Win2K. We're planning to upgrade to XP SP2, but in the meantime it remains Win2K. Win2K hasn't got RDP natively installed, so I currently have a VNC server running. I have an RDP installation CD here (which I generally prefer), but didn't install it yet - just wanted to figure out I'd be able to contact my PC first. I didn't try contacting my NETBIOS name - will try it soon enough. Anyway I don't think ICMP is blocked here. Not sure about the domain controller - is this something I can see from my adapter's TCP properties dialog?

    Cheers,
    D.
     
  7. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    OK, first, if you are having your VPN setup through your ISP and you guys are running WIN2K, we need to discuss budget :) LOL just kidding, sorry I couldn't resist :)

    First, DHCP would be a slight problem when trying to remote connect. Reason being if your computer reboots, or the lease on the IP expires, there is a chance, while it may be small, that your IP will not be the same. If anything, the 4th octet would change. For example, if you had 192.168.1.100 you could perhaps get 192.168.1.101 or something similar. You would receive the next available address within the pre-defined IP scope.

    Not much else to say about your chatter, except the best way to find out if you are logging into a domain controller is how you login. Do you get a CTRL + ALT + DEL screen, do you login locally or through an authentication process. You can also right-click my computer, go to properties. Select the computer name tab. On this tab it will tell you if it is a member of a Domain or a Workgroup. I would be really shocked at this point if you had a domain controller, based on your other budgeting woes. But, if you do, this could control policies that would not allow remote connections unless you are a member of a certain security group. Like I said, loaded question.
     
  8. Digdis

    Digdis OSNN Addict Political User

    Messages:
    91
    LOL:laugh: No it's not a budgetary problem. We've been working on Win2K for quite some time, and the move to XP was postponsed mainly due to laziness.

    As far as I've noticed, my IP never changed (even between reboots). I think the DHCP policy is based on a per MAC address database (or something similar), so I really don't think this would be a problem.

    Surprisingly enough we have a domain controller (now I figured out your question). :nervous: I don't think our company runs such security group policies - how can I check (besides asking our NG IT guy)?

    D.
     
  9. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Actually after I posted that, I realize it could have be a compatibility issue as well. Some of your apps might not have been stress tested on XP yet.

    If your DHCP is tied to a MAC Database, that is actually refered to as an IP Reservation, just to clear that up. That works well, and would make remote connections easier.

    As far as whatever polices are in effect, you can go to start -> run -> cmd

    When at the CMD prompt, type "gpresult" without the quotes. That will tell you the name of the policy enforced, and in result also confirm there are policies being pushed out. Individual settings are impossible for me to help you with, because there are about 500 or so on WIN2K server, and close to 900 on WIN2K3 server. My numbers might be off, but with all those unique settings, only your Admin would have knowledge of how things are configured.

    Have you asked him to help you at all with this? Just out of curiosity?
     
  10. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    Or the network admin set the ip lease to expire at much longer periods than the standard (is it 7 days if i'm not mistaken?). For example, on our network we've set it up to expire in 2028, that way every new pc on the network gets a new IP but they stick with it until they release/renew for whatever reason :) To check this, go to the command prompt and type ipconfig /all
    and it will tell you when your pc's ip lease expires.

    So basically, even though you have a dhcp address, for all intents and purposes it could be considered static.
     
  11. Bootsy

    Bootsy Huh?

    Messages:
    1,124
    Location:
    Miami, Fl
    Hi,
    At the place where I work I have set up a system where users will connect using the Mobile User VPN software in order to get into the network and then use PC Anywhere to access their local desktops. I realize this is not the case for you, but in the past, we bypassed the firewall and VPN restrictions altogether by using http://www.gotomypc.com, this software does not need to be passed through the VPN because it is a service that periodically sends outbound keepalive packets to a gotomypc server and therefore is not a traditional "inbound" connection.
     
  12. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    If and when you upgrade to Windows XP you can use RDP (Remote Desktop Protocol) which you could use the computer name instead (so you wouldn't have to worry about IP addresses). However, you would need VPN access to be able to do this.
     
  13. Digdis

    Digdis OSNN Addict Political User

    Messages:
    91
    Thanks guys for all the help. I'll try all your suggestions when I'm back at work on Monday.

    Bootsy - this seems exactly like the kind of app I was looking for. How would you describe your experience with it? The only thing that bothers me there, is that I need to rely on their site in order to login into my work's PC. Seems like both a security and a reliability problem to me.
    Cheers,
    D.
     
  14. Digdis

    Digdis OSNN Addict Political User

    Messages:
    91
    OK. Did my research during the weekend, and here are my findings:
    First tried the GoToMyPc app. Works well. Only problem is that it's not free -I'm willing to pay, but its charging model is monthly subscription, which is unreasonable for sporadic uses such as mine.
    Looked around, and found LogMeIn (logmein.com). Has the same functionality as GoToMyPc, but it's free :). Their reasoning behind it BTW is that they do charge for complementary services like file management and file sharing. I also like their security model - user & password are needed to log into the LogMeIn account, and then you need the standard windows authentication to log into your machine. Good enough for me. The remote control has a VNC style (I like RDP better), but it does the job.
    The following link compares between apps of this kind: http://www.pcmag.com/article2/0,1759,1812747,00.asp

    Thanx everyone for the help.
    D.