[CoLoCo] Remote Access

Kevin Fries kfries at cctus.com
Wed May 7 14:18:56 BST 2008 

On Tue, 2008-05-06 at 16:22 -0600, Mitch Mahan wrote:
> On Tue, 2008-05-06 at 15:24 -0600, David L. Willson wrote:
> > On Tue, 06 May 2008 14:51:15 -0600, Kevin Fries wrote
> > > Anybody trying to do a remote desktop in Hardy over the Internet?
> > > 
> > > I need to do a remote desktop later this month across a double nat
> > > setup.
> > > 
> > >   A <-> FW <-> Internet <-> FW <-> B
> > > 
> > > Machine A needs to see and control machine B where both firewalls are
> > > NAT firewalls.  I thought of Hamachi, but have never found that program
> > > to be overly reliable.  I know I could easily do this with persistent
> > > tunnels to a server on the Internet.  But keeping persistent tunnels up
> > > and running can sometimes be even more problematic than Hamachi.
> > > 
> > > Anybody got any ideas I have not thought of?
> > 
> > Do you have the ability to setup a port forward or an IP forward and open port on either
> > side?  The controlling side can setup a listening vnc viewer on port 5500, or you can
> > forward port 5900 to the controlled box.  I recommend the listening viewer as a ~much~
> > more secure option.  You'll need the full vncserver on the controlled end, and the full
> > vncviewer (xvncviewer, or whatever else has the '-listen' switch) to do it.
> > 
> > 
> Remote... "Desktop" ?
> 
> What's wrong with ssh?

Dynamic IPs.  One side will be a cable modem, the other will be my
satellite connection.  I have solved this problem in the past using SSH
to build persistent tunnels over the Internet before.  I have found this
solution to be a "Works 85% -95%" type solution.  The persistent tunnel
could carry either a SSH or a vnc connection without any problems.
Hamachi can also be used in the same way to provide a private network
over 5.x.x.x networks.  Again, a solid "85% - 95%" type solution.  I
have had issues with Hamachi remaining up in a Linux environment.  Much
more stable in Windows, and even in Windows I have seen lots of
problems.  I was just probing to see if anyone knew of anything else,
like a "GoToMyPc for Linux".



Newbie lesson: You can create a communication between two machines that
do not have visibility from the Internet (i.e. no publicly available IP
address) by using a intermediate server that is visible on the Internet.
The idea is to create an SSH connection from both of the "hidden"
machines to the Internet server, then route traffic between those
connections at the server.  The only software you need to use is
Openssh.  Its accomplished using the Remote and Local forwarding feature
of OpenSSH.  Neat trick.  This technique is the one I was referring to
as persistent tunnels.  The difficulty in using this technique for
support is building the SSH tunnels with the remote or local forwarding,
and keeping the connections up.  Monitoring them, and when you detect
that they have gone down, reestablish them immediately and
automatically.  After all, what good is remote access, if you can not
access it?


-- 
Kevin Fries
Senior Linux Engineer
Computer and Communications Technology, Inc
A Division of Japan Communications Inc.

More information about the Ubuntu-us-co mailing list