Re: Remote desktop over vpn

"Leythos" <void@nowhere.lan> wrote in message
news:HFWif.145588$tD4.88536@tornado.ohiordc.rr.com...
> In article <EmQif.1580$Et5.123731@news20.bellglobal.com>,
> triffid@nebula.net says...
>>
>>
>> Leythos wrote:
>> > In article <vOOif.4223$43.3512@nnrp.ca.mci.com!nnrp1.uunet.ca>,
>> > somebody.@spamout.russdoucet.com says...
>> >
>> >>"Leythos" <void@nowhere.lan> wrote in message
>> >>news:MRFif.243007$lI5.96765@tornado.ohiordc.rr.com...
>> >>
>> >>>In article <1133193038.054285.173450@g49g2000cwa.googlegroups.com>,
>> >>>renil.lambert@gmail.com says...
>> >>>
>> >>>>Hi
>> >>>> one of my client is connecting to my network through vpn.
>> >>>>is there any possiblity to start a remote desktop or Dameware or some
>> >>>>desktop sharing tool to view his desktop??
>> >>>
>> >>>Run VNC on his computer and then connect to his private IP address
>> >>>back
>> >>>through the VPN.
>> >>
>> >>Those will only work if the VPN is configured to allow that, i.e. he
>> >>has to
>> >>have a virtual IP and policies to allow the traffic. Some boxes do
>> >>that by
>> >>default, some allow you the option, some do not allow you to do it.
>> >>Depends
>> >>on both ends of the VPN.
>> >
>> >
>> > Yes, but in most cases people posting to this group don't have their
>> > firewall setup to restrict at the port/service level. I suspect that
>> > VNC
>> > would work just fine.
>>
>> Unless expressly permitted, all traffic is implicitly denied.
>>
>> That's how firewalls work. Why assume otherwise when responding to posts?
>
> Because that's not how many devices called Firewalls since the advent of
> the NAT Router and Windows PPTP work. While my Watchguard or other
> appliances may block by default, a simple Linksys/D-Link/Netgear where
> the user creates a PPTP session to another network, will let the remote
> network tunnel back through the VPN session to the host/host network
> that created it without being blocked.
>
> I am offended that the Marketing departments have been able to get away
> with calling simple NAT solutions Firewalls when they are just routers.
>
> While I can create, in essence, a 1-way VPN with port/IP limitations, in
> my real firewalls, the cheap NAT units that also do IPSec tunnels (like
> the Linksys BEFVP41) offer nothing more than a fully open 2-way
> connection on their end. This means that unless one side is a real
> firewall, one that allows rules to configure VPN traffic, that the user
> could VNC back through the VPN to the users desktop (if they were
> running VNC).
>
> The reason I guess that they are not using real firewalls is based on
> how the post was presented/worded - I suspect that neither side is using
> a real firewall, only a cheap SOHO/residential solution. One other
> thing, any admin that would post I have a firewall.... already knows how
> to do what they asked here, so it was another reason to suspect they are
> using cheap SOHO/Nat units.

Guys, it's software on the remote end, not hardware.

So as I've said, some software allows the remote end to be addressed from
the head office, some does not, some depends on the configuration.

-Russ.
Received on Sat Dec 3 04:18:48 2005