VNC thru VPN
romel_ornedo "at" yahoo.com
Mon Nov 22 10:30:52 2004
We are using Check Point VPN-1. I just run the test a couple of hours ago if I could remote control the remote PC when they are connected to the VPN. Here are the results...
After the authenctication thru a VPN client I was able to connect the remote machine to the VPN. I tried to VNC the remote machine from the office but no luck.
I tried to ping the IP (the local assigned dhcp ip under broadband connection in a wireless lan) of the remote machine connection but it says host unreachable. I was thinking it shouldnt be, coz once login they can check their mail from outlook fetching the mails in the exchange server in my office lan. so i did open outlook from the remote machine to check if can login to the exhange server, and it was.
then i tried pinging the remote machine again (same ip - the local assigned dhcp ip under broadband connection in a wireless lan) from one pc in my office lan. VOILA! its pinging then i was thinking then that its more than possible that VNC should work.
and it worked! i can now do VNC'ing when they are connected to the VPN!
couple of things.. after logging in to the VPN client they have to initiate a connection first to the office lan like opening outlook first or accessing shared resources in the office lan. that way, their pc will be hooked up virtually present and identified inside the office lan and from that point I can take it from there to VNC their machine.
In summary the VPN is using the local ip of the remote machine was using as its identity in our lan and not assigning a special ip address to the remote machine. Even if both ends are on the different subnet. (my office 10.54.X.X and remote machine 192.168.1.X). It seems to me that our VPN acts like a bridge to make communications pass at both ends.
Angelo Sarto <angelosarto "at" gmail.com> wrote:
The question I ment to ask was is each remote PC assigned a different IP.
e.g. - PC1-Remote - 192.168.0.200
- PC2-Remote - 192.168.0.201
- PC3-Remote - 192.168.0.202
some vpns do this
- PC1-Remote - 192.168.0.200
- PC2-Remote - 192.168.0.200
- PC3-Remote - 192.168.0.200
On Fri, 19 Nov 2004 17:05:13 +0000 (GMT), Romel Ornedo
> do you mean VPN is assingning a different IP when communicating to the
> remote PC's? or its just the local internal ip is being used by the remote
> pc during the communication in VPN.
> Angelo Sarto wrote:
> So you would like to be able to control the remote computers when they
> are active in the vpn?
> this should be possible, but the remote computer will need to be
> running vncserver.
> You would have to have them install vnc server on each of the remote
> machines. In this case (if it is running as a service) you wouldn't
> even need a reverse connect, simply connect to them by there VPN IP.
> xxx.xxx.xxx.yyy -------|VPN|----------(192.168.11.254)------
> when someone logs in with a vpn server they are given an "inside" IP,
> i.e. an ip on the lan.
> If the remote computer is running vncserver then you should be able to
> connect to it's "inside" IP.
> The pitfalls you will need to avoid are:
> VPN Server and VPN Client Security settings-I believe in most VPN
> defaults all traffic is allowed in both directions.
> Client Firewall - e.g. windows XP service Pack2, software firewalls,
> some AV (hardware firewalls are usually being bypassed already via
> VPN's that do PAT - do your VPN clients share an IP? If you can give
> them each there own that would work a lot better. otherwise you would
> have to do some fancy tricks on the VPN.
> I'm not much of an expert on vpn, but I think this list will cover a
> lot of them.
> On Fri, 19 Nov 2004 10:07:19 +0000 (GMT), Romel Ornedo
> > Need some clarifications regarding VPN.
> > Scenario:
> > Assuming I am the one of the administrator of the local area network in
> our office. We have VPN setup in our office to make users connect to the
> internal network remotely when they are out of the office. With the VPN
> connection they can all access network resources in my office LAN remotely
> (shared files, printers, all resources which they are permitted using their
> access/permission rights, etc).
> > My Question:
> > When they are connected to the VPN, assuming I'm the Administrator of the
> LAN, is it possible to use the REMOTE COMPUTER resources connected to our
> VPN? It's like when the remote computer is connected and being virtually
> present inside the LAN then it should be possible also for me (INSIDE the
> LAN) to see his computer and use the shared files in his computer.
> > The reason I ask this question is I want to remotely control the roaming
> computers when they are connected to the VPN. Since they already established
> a remote connection I should be able to initiate a connection also in
> reverse. But what will be his IP address or the "VPN identification" is
> using during the communication to address the request from-and-to the remote
> sites. Is this possible to use VNC under our VPN to remote computers even if
> they are under a broadband connection or inside a firewalled lan? What are
> the things to put in considerations? What could be possible problems I will
> encounter for unsuccessful connection?
> > This is a shot in the dark, im not that techie specifically regarding VPN.
> > Thanks in advanced.
> > ---------------------------------
> > Yahoo! Messenger - Communicate instantly..."Ping" your friends today!
> Download Messenger Now
> > _______________________________________________
> > VNC-List mailing list
> > VNC-List "at" realvnc.com
> > To remove yourself from the list visit:
> > http://www.realvnc.com/mailman/listinfo/vnc-list
> Yahoo! Messenger - Communicate instantly..."Ping" your friends today!
> Download Messenger Now
Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now