I want to say that I did try and research this before hand, but most of the discussion seemed to be from people who already had a general grasp on what they were doing.
I’m wanting to connect remotely to my work PC from my Mac. I figured out how to do this over a local area connection no problem, but when looking into how to do it over the Internet, I came to the overwhelming conclusion that it should be done over a VPN connection.
How do I do this? Do I set the VPN up on both machines? From my understanding, I connect to my work network (we own the business, I can do what I like on the network) through a VPN, then from that point, use the Windows Remote Desktop app to connect to the PC.
So my question is, how do I set up the VPN to connect to the work network? Will a service like Tunnelbear work (I have a feeling no)? I have looked high and low, but it looks like most people are trying to solve issues that appear to be more involved than mine.
If you don’t know what you’re doing and you are the IT department the best way to go would be a service like GoToMyPc, LogMeIn, and similar options. Simple setup, usually reasonably secure when you use a unique password and multi factor authentication.
There’s a few different ways to do RDP over the internet(gateway, VPN, port forwarding may even work), but a VPN is likely the best for you given the info you’ve provided.
How you do that will depend on what hardware you have available at both your home and business. Do you know what type of firewall/router you have at both locations?
Also, have you considered a paid alternative that’s a lot easier to setup, like TeamViewer?
Do you manage the systems or network? If so, your firewall probably has the ability to configure some sort of vpn. If not, you should be asking them. Teamviewer, logmein and all the third party remote access services are not permitted in a lot of places because they connect to a third party for authentication.
The VPN client makes a connection (tunnel) from your laptop to the remote network. The VPN “concentrator” or server will act as a router/gateway to the remote network. Usually the client can “recognise” the network addresses on the remote network, and will route packets destined for them through the tunnel. Depending on the configuration of the VPN, it may be set up to direct ALL packets to the remote network.
Network administrators usually set up a VPN appliance or use built-in functionality of a firewall to provide an public (external) network address that client software can attach to, and authenticate with. Often this requires both a password and a second factor such as an RSA or similar “token” which provides a psuedo-randomly changing 6 or 8 digit number, that is used as part of the authentication process; the remote system is counting along in lock-step, and “knows” what your number should be, so if you get the number right, it’s presumed you have the token.
Once your connection is established, you usually just connect the same way you would - to RDP, SSH, internal web services, etc. as if you were on the LAN.
If you don’t already have this set up, speak to your network administrator. If you are the network administrator, you’re going to have to research the requirements yourself and probably get management approval, and sign-off on purchase of equimpent for the VPN. There are solutions that allow you to use an old computer as the gateway, but you really need to know what you’re doing.
You could try just connecting to it, RDP (port 3389) may already be open at your work.
If not, you’ll need to contact your IT department about them either opening the port, or setting up a VPN you can use to connect.
Tunnel bear is more for privacy when connecting to the internet; as far as I am aware it doesn’t let you create your own personal VPN between computers. There’s a service called Hamachi that does, but it tends to be quite slow, and your IT department may not like you installing software on their computers.
Get a Meraki Z1 or Z3. Great router from a Fisher Price standpoint of management. The VPN setup couldn’t be easier. Then you can RDP into any computer you want all day long. The less open ports you have into your network the better.
I’m not sure really about the firewall configurations. I haven’t really touched it since we set up everything. We have a Netgear Nighthawk router which has an option to configure with a VPN service.
Also, have you considered a paid alternative that’s a lot easier to setup, like TeamViewer?
Yes, but I would prefer to teach myself something and become a more valuable tool in the process. Stubborn like that
For better or worse, I am indeed the administrator and we own the business. For all intents and purposes, I can do what I like.
There are solutions that allow you to use an old computer as the gateway, but you really need to know what you’re doing.
Could you elaborate on this? Is this something that’s needed in concert with a router which is VPN enabled, or is this computer doing the same thing, just dedicated for the purpose of being a gateway?
I have a Netgear Nighthawk router which is VPN enabled. Is this insufficient?
For all intents and purposes, I am the IT department. I’m usually tech-savvy enough to get what we need done, but VPNs are out of my wheelhouse as I’ve never dealt with them before.
As I understand, it’s imprudent to simply connect to port 3389 as it opens your computer to a greater chance of attack. Therefore I’m investigating connecting through a VPN. Truth be told, I’m not 100 percent sure why this mitigates risk of attack.
I have OpenVPN and my Netgear router supports operating with a VPN service. I’m just not sure if this is what I need to set up.
That KB article also has a link to the OpenVPN client you’ll need, and you’ll use that to connect your computer at home to the network at work. Once the VPN is setup, you should be able to use RDP as if you were on the same LAN.
I can’t speak for any particular hardware - I’m predominantly a linux geek. You’d need to check with your hardware manual for that. I know you can do this with Cisco ASAs but they’re pretty old by today’s standards, or even Juniper Netscreens, though I would personally avoid them because of recent security breaches.
I would can use pfSense, FreeBSD - based firewall OS, or Smoothwall (linux based) on a decent old workstation, and just use the VPN feature, with your hardware firewall on the front. I believe windows sever also has VPN features. But don’t go blindly installing it without reading up and properly understanding what you’re doing!
Do yourself a favor and never open port 3389 to the greater internet. You either need to lock down every account authorized for remote connect to a certain amount of login attempts or risk a brute force attack. They’ll pound administrator, shipping, and various other accounts. Once they get in, you risk Cryptowall and other nasty attacks.
If you really don’t think that you know what you are doing, limiting the surface area open to attack is the most important.
Step 1 would be to configure your Netgear for VPN and get a remote client connected (I don’t know Netgear personally, I’m sure they have guides). Then once the VPN is connected, you should be able to RDP to internal assets as if you were on the local network.
No it isn’t. Simplest and most secure is to set up a VPN (ideally using different credentials and/or 2FA) then connect as if you’re on the LAN, especially since it now turns out OP has a router that offers an OpenVPN server.
Port knocking is a clever idea but once somebody opens the port, the port is open… to anybody.
