Looking for a HTML5 based RDP/VNC solution

Discussion in 'Software Stuff' started by Kristian, Apr 17, 2018.

  1. Kristian

    Kristian Active Member

    Joined:
    Jun 1, 2013
    Messages:
    338
    Likes Received:
    82
    Hello everyone,


    I am looking for ideas on how to rdp / vnc via html5 into my home network using my workstation in the office.


    I have spent days without finding a usable solution.


    General information and caveats:

    In my office every url to a known provider of rdp / vnc services is blocked.

    I can’t access Teamviewer.com, Splashtop, Anydesk etc.

    It was not possible to redirect a domain I own via iframe to login.teamviewer


    On my Windows 10 Workstation

    I have no admin rights, so I can not install anything.

    I have Firefox, Edge and IE 10 installed.

    Java is blocked

    I can not setup a vpn connection and

    I can not use the build in Windows Remote Desktop app


    I would like to access my homenetwork and vnc/rdp into a windows machine (if possible), just to look if everything is okay.

    ... homeserver, smart-heating, security cameras etc.


    So what I have tried:

    Using my Synology 3617xs and setting up a Win VM is working.

    I can access my Diskstation and from there I can use the Virtual machine manager to kind of rdp into this vm and have a look if everything is good at home.


    Problem: I don’t like the Diskstation to be switched on all day (power is expensive where I live and 160w would add up to the bill )


    I can access the iKVM/HTML5 ipmi ui of my supermicro x10slh.

    But there are serious performance issues and I have read that ipmi has several security problems, so it doesn’t feel right to point a external ip to this ipmi device.


    I have tried ThinVNC (Thinfinity Remote Desktop) (without success – authorization doesn’t work and performance is horrible)

    And I was not able to setup noVNC on a windows machine

    FreeRDP HTML5 proxy on Windows was also not working.


    It would be okay to pay for a workings solution. Shouldn’t be more than 100EUR a year.


    Do you guys have any suggestions?
     
    #1
  2. ecosse

    ecosse Active Member

    Joined:
    Jul 2, 2013
    Messages:
    293
    Likes Received:
    41
    Can you use your phone or personal device rather than your work supplied workstation? I don't know what your work protocol is like but circumventing work security would get me fired where I worked. I know that isn't immediately useful so apologies for that!
     
    #2
  3. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,309
    Likes Received:
    322
    Are you also sure your work proxy’s and firewalls are not doing content inspection so even if you get pure html5 it could well be blocked. (We do that)
     
    #3
  4. Kristian

    Kristian Active Member

    Joined:
    Jun 1, 2013
    Messages:
    338
    Likes Received:
    82
    @ecosse: Of course using my phone is possible. Problem with that is: display is so small and we don't have real data flats in Germany.
    So my mobile data plan would be eaten up during the first days of the month.
    I don't think that I am circumventing work security with what I am trying to do.

    @Evan Probably they do content inspection... If the do, they don't care much, because I have used the Synology html5 vnc during the last year quite often and I experimented with the ipmi html5 solution even more time.
     
    #4
  5. ecosse

    ecosse Active Member

    Joined:
    Jul 2, 2013
    Messages:
    293
    Likes Received:
    41
    So my employer allows personal devices to be registered to the internet SSID, so I can use my laptop in the manner you want. If you don't consider it circumventing security why not ask them to whitelist your public IP?

    Anyway I found a couple of possibles:

    Apache Guacamole™ is the most promising
    HTML5 client for Microsoft Remote Desktop Services 2016: Remote Desktop Web Client | RDS Gurus - is more complex - in that you need a whole TS config suite to enable as far as I can see

    There's also a HTML5 client for Azure remote app so that could be a possibility but I've not looked at that in detail - obviously there would be an ongoing cost, particularly if you leave this on all the time
     
    #5
  6. Kristian

    Kristian Active Member

    Joined:
    Jun 1, 2013
    Messages:
    338
    Likes Received:
    82
    @ecosse
    BYOD is not allowed.
    My public IP is whitelisted.
    Problem is that I can not install anything to connect to my public IP.

    Guacamole sounds promising, even if I was hoping for something easier and more out of the box and usable on windows.
    Azure is nothing that I am confident with.

    Thank you for your input.

    connecting via the vSphere HTML5-based Client is working as well...
    seems to be a bit overkill
     
    #6
  7. rubylaser

    rubylaser Active Member

    Joined:
    Jan 4, 2013
    Messages:
    840
    Likes Received:
    225
    Guacamole is perfect for this. There are a number of great tutorials to set this up and keep it up to date. Just make sure you also setup an nginx proxy in front of it with https and I also run fail2ban with it.


    Sent from my iPhone using Tapatalk
     
    #7
    NashBrydges likes this.
  8. hlhjedsfg

    hlhjedsfg New Member

    Joined:
    Feb 2, 2018
    Messages:
    15
    Likes Received:
    2
    Yes Guacamole is a very great for your need.

    If you don't wan't spend time for installing, you could use this script :

    MysticRyuujin/guac-install

    And in 5 minutes you will have Guacamole running with all fonctionnality compiled, and just need to add your connection with the webgui.
     
    #8
    NashBrydges and labguru1 like this.
  9. _alex

    _alex Active Member

    Joined:
    Jan 28, 2016
    Messages:
    851
    Likes Received:
    89
    can you block access to ipmi for everything but the public ip of your work?
    so you could use ipmi without exposing it to the rest of the world, what might be ok in terms of security.
     
    #9
  10. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    2,612
    Likes Received:
    348
    Sophos (Firewall) has a HTML 5 VPN portal that offers RDP, SSH and more protocols via Web frontend ...
     
    #10
    Evan likes this.
  11. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,309
    Likes Received:
    322
    Never looked at that feature, going to have a play looks really useful.
     
    #11
  12. ecosse

    ecosse Active Member

    Joined:
    Jul 2, 2013
    Messages:
    293
    Likes Received:
    41
    Sophos is a good shout - are we talking UTM or XG firewall? I have found Sophos a bit of a pain on the VPN side to setup though I think its largely down to my incompetence.
     
    #12
  13. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    2,612
    Likes Received:
    348
    UTM - not sure if XG has it.
    And you get preconfigured packages for win/lin/android/ios so not really hard to use...
     
    #13
  14. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,309
    Likes Received:
    322
    In XG you will find it under VPN clientless access, I juts founds the screen, will configure and play later, but assume it will work as @Rand__ descibed it does in UTM then cool :)
     
    #14
  15. ecosse

    ecosse Active Member

    Joined:
    Jul 2, 2013
    Messages:
    293
    Likes Received:
    41
    I stated VPN in general as opposed to the specific HTML5 flavour - but I guess you are responding to that because you talk about clients?. It was using Tunnelblick (OSX), there was a design guide as I remember but I couldn't make it work at the time. Windows was easy enough but I don't like the limitations on the IP pools (which as I said could be my incompetence) At the time there were incompatibilities with IOS but they look sorted now as far as I can see
     
    #15
  16. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    2,612
    Likes Received:
    348
    Ah, well I set up one VPN Pool and use that, maybe my requirements are small in that regard.
    For my use case it's simple enough, but ymmv :)
     
    #16
  17. K D

    K D Well-Known Member

    Joined:
    Dec 24, 2016
    Messages:
    1,374
    Likes Received:
    286
    Hate to be that guy, but To me, it looks like you are trying to circumvent your network security policies to get to your home network. Please ensure you know the consequences of such violations and decide if it's worth it.

    That being said, Guacamole definitely works. I don't know how locked down your machine is but windows server 2012 essentials also works. I've been able tk get to the essentials portal and login to the clients that have the connector installed. I think it just invokes Remote desktop. Has worked on my laptop which is completely locked down.
     
    #17
    Last edited: Apr 18, 2018
  18. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,164
    Likes Received:
    4,119
    Someone want to do a main site guide by cjance?
     
    #18
  19. Kristian

    Kristian Active Member

    Joined:
    Jun 1, 2013
    Messages:
    338
    Likes Received:
    82
    @rubylaser Thank you very much my friend. Good to see you are still here.
    @hlhjedsfg I will try this script for shure. Thank you
    @_alex Great idea! I think my usg is able to do that as we have a fixed IP at work. I will try this asap
    @Rand__ Thanks for mentioning Sophos I will give that a try, too
    @K D I appreciate your concerns.
    @Patrick Great idea!
     
    #19

Share This Page