Remote Desktop Application

OK, I'm in search of a remote desktop app - possibly... (and no, TeamViewer won't do).

So, what's the issue:

My university has a VPN to connect to local computers in connection with Windows' Remote Desktop Client - but for some reason someone thought it was a good idea to use Ports 80 and 443 for that... - i.e. my webserver ports.

Now I have sent a query to IT and I will see what they come back with, as I'm not taking my websites offline for that.
I can have software installed, so that's the least of my worries.

BUT: TeamViewer replaces the physical person in front of the computer which means anybody who walks by can access the computer, whatever I do, it cannot be an app that works like that.

I'm looking for suggestions - ideally free, but a small cost (less than 50 Pounds) would be acceptable. (If IT doesn't come up with a better answer) Edit: -> Price would be one-off, not monthly.

Why do I need it? - Software like Fluent can only be run on the university's computer.

 

the webserver exists on the college local network? or you local machine?

the vpn client is it an actual client or web based?

for RDP is that windows client or web based?
do you actually have to list servername:80 or servername:443 in the rdp client? if not then your VPN is already established and your connecting using the default port 3389.

If your webserver is not public but exists on the local college PC then it will still be accessible no matter.

there's a couple different scenarios that can play out here depending on firewall, vpn client, and rdp client.

 

Eh? Sounds like a slight mess?

-> The Webserver is on my home internet connection. (Dedicated HP x510 to be exact)

The VPN to Leeds runs via the Microsoft Network settings - Leeds University uses Microsoft Servers -> So basically "add connection -> VPN".
I basically need to set up a connection to vpn1.leeds.ac.uk and then log on with my username and password - this isn't possible for me when I am at home, as my webserver occupies Ports 80 & 443 (which Leeds has set up for the VPN). -> hope that makes it clearer.

My Webserver is public - hint, signature -> and I have that in other places too, so knocking it out doesn't sound like a good plan in my ears...

The Standard Remote Desktop Client used by Leeds University is the built in one in Windows, but that requires me to access their VPN, as otherwise I'm not going to get past their firewall - unless I have some dedicated software like TeamViewer (but that has its limitation - if someone walks by they'd have full access).

In theory I could have a server for the Remote Access Client on my webserver (something like a TeamViewer Server) with an app on my uni computer and an app on my home computer.

 

so when you connect to their VPN your server is no longer accessible?
Here's a possibility in the VPN connection profile you theres an option to either use the remote gateway or not. usually using the remote gateway will redirect all your traffic. you can try to uncheck that the test if you can still RDP once VPN is established and whether your website is publicly accessible

 

i have a problem understand your issue at all.

so you mean you U allows RDP but only via 80/443 ? and what has it anything to do with your home machine which use these two ports ?

 

Basically yes - but that's with the VPN running on my Home Server -> On my laptop I can't connect to it in the first place.

I can have a look out for the remote gateway setting - but it will be late in the evening today.
In the meantime - here are the publicly available information on the VPN system/setup:
University of Leeds - University of Leeds VPN service

I think you got it:
I need a VPN to Leeds so I can use Remote Desktop to get to my University computer. But the VPN only operates on ports 80 and 443.
Ports 80 and 443 are forwarded to my Home Server which runs a webserver.

No forwarding = no website.
But even on the webserver itself, if I connect to the university's VPN my website gets knocked out.

 

Forwarded on what device? I too am having trouble understanding the issue. Could you possibly map this out for us? Something like:

laptop --> router --> split 1: Internet connection --> Leeds U. VPN --> Your university computer
......................|__> split 2: Your web server at home

I need a physical map of some sort to help figure this out. I deall with all sorts of VPN issues all the time as I have outside clients who need to access resources inside my firewall. And often times they are coming in from corporate networks with similar issues.

Gary

 

Hmm, OK, didn't think my description would be that difficult... but here I go again:


ADSL Router
-> via LAN, my Home Server - forwarded ports 80, 443, 143, 25, 110
-> via Wi-Fi my laptop


On a side note, I heard from IT and apparently it isn't supposed to run on Ports 80 and 443 (which is what the public stuff says) but the standard VPN port 1723

I'm fiddling with this all the time right now...
From my home server I can connect to the VPN and then my computer just fine...
From my laptop I can't....

As a drastic step I have moved my laptop to outside the firewall and switched the Vista Firewall off... instead of error 807 I now get error 638...

 

What happens if you connect the laptop via a wired connection just like the home server is?

Gary

 

I tried that yesterday evening and for some reason it doesn't seem to want to connect via LAN... - which has me rather confused.

At the same time, a wired connection is no option - there isn't even a good way of sitting down - only an ikea poeng with my laptop in my lap.

 

Little Update:

I just ordered a new router off Amazon - so that will be interesting. In theory allows a VPN to pass through, and will also support N which will be a nice little speed bum.

I'm fed up with that Belkin router at home... - on the plus side my mother also gets a N Wi-Fi dongle - because she complains about the speed of the home server... (my laptop is fine on g wi-fi - hers is slower)

 

OK, the new router is here... set up and all works apart from the VPN on my laptop...

Same as before, VPN works on my home server, it doesn't work on my laptop...
I can forward Port 1723 to my laptop, no difference...

I can take my Home Server off the port forwarding and still connect to the VPN with my Home Server...
My laptop on LAN (figured out that I issue, I assigned it a Static IP Address at some point - why ever?) or WLAN just won't connect to the VPN....

Any ideas? (Setup is the same as before, just a new and better router)
The VPN tunneling option will need help from IT an I'm not sure if that can be implemented, but I will ask.

 

Try turning on the logging options in the VPN client. (Sorry I don't remember off hand how to do so.) There is a simple and verbose mode. Turn on verbose and you should be able to see why it is failing. And don't forget to turn logging back off!

Gary

 

Do you know what VPN protocol you are using (VPN > Properties > Security) if the VPN server will accept a PPTP connection, try forcing that setting on your laptop instead of allowing the default of "Automatic".

I too am having a problem following exactly what the issue is and where you have made changes, but if the VPN server accepts both SSTP and PPTP then maybe something is getting confused at your end with your web server port forwarding if you are defaulting to SSTP (allows for PPTP packets to be encapsulated over HTTP).

A couple other things you may want to try:

If you temporarily disable the port forwarding on your router can you then connect with your laptop?

Do wifi and wired have separate settings in your router? If so is VPN passthrough enabled for your wifi?

 

I had one of the logs created once... but I can make neither head nor toe of it... (huge html file) - but I can try that again this evening and make it available.

It is PPTP.


On a side note - because I've been fiddling a bit:
Port forwarding can be on or off, it doesn't matter to the Home Server or Windows 8 Developer Preview (nearly 7 years old laptop -> doesn't even have a proper graphics driver... ATI card which is just trouble) - both will connect. The (headless) Home Server via LAN and Windows 8 via Wi-Fi.

Now my pre Vaio laptop has Windows 7 on it, and that will not connect, just like Vista. -> If you run the Vista diagnostics, it will come up with a claim that a firewall is possibly at fault, but placing the laptop outside of the router's firewall and switching Vista's firewall off does not help at all.

 

This is the same machine we have been dealing with all along, right? You have just changed it from Vista to Win 7?

Remind me again, have you tried connecting this machine with a WIRED connection rather than wireless?

Gary

 

My Vaio is still on Vista. It's another laptop that is on Windows 7 -> my pre-Vaio laptop.

I tried my Vaio (Vista) on LAN - no-go too.

 

If you take one of the laptops that won't establish the VPN when on your LAN and go to a friend's house or a public hotspot will it connect?

 

Okay, so I may not contribute much by saying I'm also somewhat bewildered to what's going on here.

Nevertheless, here's my input for w/e its worth.

Speaking on your OP; IMO connections should not be affected for ppl accessing your webserver/website because even though they may be on the same port one is incoming (ppl trying to access site) and the other is outgoing (you trying to vpn/remote outside network).

I'm sure I can RDP in to my network and out at the same time...the port changes at the remote end afaik.

Now leaving all that behind it seems we can safely say the issue now is with your laptop(s) as your HS is connecting out just fine.....?

What IP addressing scheme does your network have...for instance is there like a hardware FW in the mix limiting/allowing certain IP devices access to certain sites that another set/range of IPs can't? Or blocking ports?

Your HS has a static IP...most likely? what about the laptops?

Try putting your laptop in the routers DMZ 'to test'? Try connecting it directly to the ISPs modem, bypassing your own equipment all together 'to test'?

Just trying to throw out ideas....

 

I don't have a friend's house around here (closest one is in Sheffield -> 30km in the wrong direction). I also have no idea where to find a public hotspot, save for maybe the station (which isn't ideal as I don't carry my laptop with me every day any more, I replaced it with a BlackBerry Bold 9900 as I have a dedicated desktop machine at university -> that the VPN would allow me to connect to)

BUT I was at university with my laptop today and I could NOT get a connection to the VPN from the eduroam network that the university utilizes.

 

Well, if I connect to my Home Server via a Remote Desktop connection or TeamViewer the website works - but if I launch the VPN on the Home Server it gets knocked out.
-> I can go Remote Desktop to Home Server, VPN on Home Server which allows the Home Server to create a Remote Desktop connection to the University via the VPN. And then the website is dead.

Now with respect to the Router: I got a TP-Link 8960 (because it has overall good reviews).
The old Belkin had dynamic IP addresses for all - now my laptop AND the home server have a dedicated IP address assigned according to their MAC address. (Home Server ends in .2 and my laptop on Wi-Fi on .5)

I would also suspect the issue on my laptop to be honest -> mainly because Win8 works, but then Win7 fails too.

There is a firewall in the router - and that obviously forwards the http and https ports to the server. Still, the server can connect without any port forwarding (LAN), and Win8 (Wi-Fi) connected with the http(s) ports forwarded to the Home Server.

I have placed my laptop outside of the firewall - I have even switched off Vista's firewall off and it didn't help...

Doing some googling, I found a comment that apparently other VPN adapters can cause issues:
There is a TeamViewer VPN installed on my laptop (Vista), but removing it doesn't help. I'm not sure about VPN on Win7, but TeamViewer ist installed. However, that cannot be the issue, as TeamViewer with its VPN adapter runs on my Home Server and that connects.

 

Ok, well once the HS connects to the VPN its Public facing IP address most likely changes so that would definitely cause the site to be inaccessible for the outside world. So using the HS is a no go for sure, period.

But have you tried connecting to the ISPs modem directly with the laptop via cable to troubleshoot?

 

I have done that when I was setting up the router - no go.
-> The fact though that the Windows 8 laptop connects via Wi-Fi states that it should be doable on another laptop too.

On a side note, there are two ways of generating reports - I've uploaded them to the skydrive, if anybody wants to have a look:
They are rather huge, even the compressed or compact one is 12,4MB... - So I'm not sure what the difference is.
(And no, my password isn't in there, I checked with Firefox searching the HTML)

https://skydrive.live.com/?cid=8b58...c=documents&nl=1&uc=2&id=8B58D94A5DBBBB06!507

 

Sorry I should have mentioned that you should clear the log, try one round of connecting, pull a copy of the log then turn it off. Otherwise you WILL get these HUGE logs. If you can do that, I'll take a look at the log and see if anything is obvious. I don't relish the idea of going thru a 12 MB log. ...big ol' grin...


Gary

 

Can you tether off your Blackberry? The idea being that you can eliminate your Router/LAN settings entirely if you can get the laptop on a different network and try to connect from there.

Have you tried comparing the details of the Win8 VPN properties to the Win7 VPN properties?

Since you have a setup that works (Win8), check:
PPP Settings
Type of VPN
Data Encryption
EAP
Allowed protocols
DHCP in the IPv4 properties

And make sure that Win7 is using the exact same thing.

One of the problems with troubleshooting something like this, especially where the elements keep changing, is that it is easy to "flip a switch" at some point and forget to flip it back. you don't want to find out that everything works fine, just that at some point you disabled DHCP in the VPN's TCP/IP properties.

 

I took a look at the logs, and I am admittedly not sure what I am looking for, but are you certain that your Win7 is setup to connect using PPTP and not L2TP?

 

Updated the files - ironically the compact one is larger than the full report...

OK... I am very confused... Win 8 now also gets an error - the same that Win7 got (Error 619)
I am very much surprised by this because it DEFINITELY worked yesterday...

I tried tethering but I immediately get hit with error 769 - normal browsing works though... telling the computer to dial O2 first doesn't work either (tethering works via the BlackBerry Desktop)

(Note: I will need to head to bed soon -> to get my sleep)

 

The logs are from Vista.
Yes, I am sure.

I really cannot understand what happened with Win8 - it worked yesterday...
And the Home Server continues to connect just fine.

On a side note: Apparently there is something called MS-vCHAP1 which is no longer supported since Vista. Could that be used by Leeds University? (though I couldn't see why considering it is ancient - and they don't lack any money)

 

Yay... OK - Win 8 works again.

-> I placed the Win8 laptop outside of the routers firewall and forwarded port 1723 to it - connection type was left on automatic...

Everything except the automatic connection type was tried on my Vaio (Vista)

Edit:
Except that IPv6 was ticked and "require encryption" was also ticked - contrary to instructions (which work on my Home Server)

The same settings do not work on Vista... which actually lead to error 800 (wrong security settings).

On this note... I'll pick this up again tomorrow - but now I must head to bed.

 

I'm grasping at straws here, hopefully someone with more experience will take a look at the logs and find something that helps.

You might want to take a look at this MS KB article and follow the steps for Vista (should be the same on Win7) How to determine and to recover from Winsock2 corruption in Windows Server 2003, in Windows XP, and in Windows Vista.

 

Ok, one step forward before I need to leave for university again...

-> The winsock reset didn't do anything (that I noticed).
Heck, I even reset all firewall settings... (which will possibly annoy me in the next few days) BUT:

I also deleted the Leeds connection, and set it up again. I left the Windows Default on the Security settings - which isn't their suggested settings, i.e. left it like that:


Uploaded with ImageShack.us

And tethered to my phone, I was able to connect to the VPN - and as it is apparently on, also my computer at university.
It isn't a solution yet, but a step forward. So to summarize:

Still a no-go on Wi-Fi
(doesn't matter if port 1723 is forwarded or not... - or wether my laptop is outside of the router's firewall or not)
-> The error I get now is 638 -> reply timeout... possibly more fiddling for me this afternoon...

Works on tethering (via BlackBerry) with a setup contrary to instructions

After:
Resetting Winsock and wiping out all firewall settings on my laptop.

 

OK, if the VPN works when you tether, then I think the problem is in your router settings.

Can you try this setup in your Router just to see if it works.
- NAT on
- SPI Firewall off
- NAT > Virtual Server > Home Server's IP > just do ports 443 & 80 for your website
- Remove all other port forwards/triggers for this test
Give the laptop a static IP in your LAN's subnet
Put the laptop's static IP in NAT > DMZ Host IP Address
Reboot the router and the laptop.
Try the VPN.

Good luck

 

I'm on a PPPoA connection - from what it seems I can't turn the SPI firewall off - I killed the mailserver ports on my home server, so it is just ports 80 & 443 -> so I'll try with my laptop on DMZ.

 

Ok, little update before I go to bed:

So I sat down next to the router and found that for my laptop (Vista, Vaio SZ) it will happily connect to the VPN on LAN (without port forwarding, DMZ, etc.).
OK... so I thought, lets isolate clients on the VPN - and it worked... - moving to without kept the VPN running... (isolated clients = no Home Server access)

BUT
A reboot later I can't connect on Wi-Fi - no matter whether clients are isolated or not...
-> This just drives me mad... I will need another go tomorrow.

But as this progresses, I somehow feel I need to send TP-Link an email...

 

...OK... out of nowhere it now works...

-> The only change that occurs is that I disallowed other computers to share the Wi-Fi connection on my laptop.
Else I switched off the option to switch to a "more preferred" network...

-> strange, but hey, if it works. I wonder if this persists though.
(Note: Client isolation on the router is switched on)

 

I'm not sure I followed what state you have the router and laptops in now, but if it is working for you . . . good!

 

OK, sorry for taking a while to respond but I was kept busy or on a train.

Router:
No special settings, client isolation can be activated but doesn't have to be.
No port forwarding to my laptop, just to the webserbver on LAN.

Laptop:
No sharing of the Wi-Fi connection with another computer.
No special firewall rules, but I have opened port 1723, not sure if it is required though.
The first point for the laptop is key though, enabling this will break use of a VPN.
I suspect that the winsock reset was also a part to solving the problem, but there isn't hard evidence for that.

PS: might be a few typos in here, wrote this on my phone before going to sleep. Sorry, but I think it's legible.