Looking for a HTML5 based RDP/VNC solution

Kristian

Active Member
Jun 1, 2013
347
83
28
Hello everyone,


I am looking for ideas on how to rdp / vnc via html5 into my home network using my workstation in the office.


I have spent days without finding a usable solution.


General information and caveats:

In my office every url to a known provider of rdp / vnc services is blocked.

I can’t access Teamviewer.com, Splashtop, Anydesk etc.

It was not possible to redirect a domain I own via iframe to login.teamviewer


On my Windows 10 Workstation

I have no admin rights, so I can not install anything.

I have Firefox, Edge and IE 10 installed.

Java is blocked

I can not setup a vpn connection and

I can not use the build in Windows Remote Desktop app


I would like to access my homenetwork and vnc/rdp into a windows machine (if possible), just to look if everything is okay.

... homeserver, smart-heating, security cameras etc.


So what I have tried:

Using my Synology 3617xs and setting up a Win VM is working.

I can access my Diskstation and from there I can use the Virtual machine manager to kind of rdp into this vm and have a look if everything is good at home.


Problem: I don’t like the Diskstation to be switched on all day (power is expensive where I live and 160w would add up to the bill )


I can access the iKVM/HTML5 ipmi ui of my supermicro x10slh.

But there are serious performance issues and I have read that ipmi has several security problems, so it doesn’t feel right to point a external ip to this ipmi device.


I have tried ThinVNC (Thinfinity Remote Desktop) (without success – authorization doesn’t work and performance is horrible)

And I was not able to setup noVNC on a windows machine

FreeRDP HTML5 proxy on Windows was also not working.


It would be okay to pay for a workings solution. Shouldn’t be more than 100EUR a year.


Do you guys have any suggestions?
 

ecosse

Active Member
Jul 2, 2013
373
64
28
Can you use your phone or personal device rather than your work supplied workstation? I don't know what your work protocol is like but circumventing work security would get me fired where I worked. I know that isn't immediately useful so apologies for that!
 

Evan

Well-Known Member
Jan 6, 2016
3,060
512
113
Are you also sure your work proxy’s and firewalls are not doing content inspection so even if you get pure html5 it could well be blocked. (We do that)
 

Kristian

Active Member
Jun 1, 2013
347
83
28
@ecosse: Of course using my phone is possible. Problem with that is: display is so small and we don't have real data flats in Germany.
So my mobile data plan would be eaten up during the first days of the month.
I don't think that I am circumventing work security with what I am trying to do.

@Evan Probably they do content inspection... If the do, they don't care much, because I have used the Synology html5 vnc during the last year quite often and I experimented with the ipmi html5 solution even more time.
 

ecosse

Active Member
Jul 2, 2013
373
64
28
@ecosse: Of course using my phone is possible. Problem with that is: display is so small and we don't have real data flats in Germany.
So my mobile data plan would be eaten up during the first days of the month.
I don't think that I am circumventing work security with what I am trying to do.

@Evan Probably they do content inspection... If the do, they don't care much, because I have used the Synology html5 vnc during the last year quite often and I experimented with the ipmi html5 solution even more time.
So my employer allows personal devices to be registered to the internet SSID, so I can use my laptop in the manner you want. If you don't consider it circumventing security why not ask them to whitelist your public IP?

Anyway I found a couple of possibles:

Apache Guacamole™ is the most promising
HTML5 client for Microsoft Remote Desktop Services 2016: Remote Desktop Web Client | RDS Gurus - is more complex - in that you need a whole TS config suite to enable as far as I can see

There's also a HTML5 client for Azure remote app so that could be a possibility but I've not looked at that in detail - obviously there would be an ongoing cost, particularly if you leave this on all the time
 

Kristian

Active Member
Jun 1, 2013
347
83
28
@ecosse
BYOD is not allowed.
My public IP is whitelisted.
Problem is that I can not install anything to connect to my public IP.

Guacamole sounds promising, even if I was hoping for something easier and more out of the box and usable on windows.
Azure is nothing that I am confident with.

Thank you for your input.

connecting via the vSphere HTML5-based Client is working as well...
seems to be a bit overkill
 

rubylaser

Active Member
Jan 4, 2013
842
229
43
Michigan, USA
@ecosse
BYOD is not allowed.
My public IP is whitelisted.
Problem is that I can not install anything to connect to my public IP.

Guacamole sounds promising, even if I was hoping for something easier and more out of the box and usable on windows.
Azure is nothing that I am confident with.

Thank you for your input.

connecting via the vSphere HTML5-based Client is working as well...
seems to be a bit overkill
Guacamole is perfect for this. There are a number of great tutorials to set this up and keep it up to date. Just make sure you also setup an nginx proxy in front of it with https and I also run fail2ban with it.


Sent from my iPhone using Tapatalk
 
  • Like
Reactions: NashBrydges

_alex

Active Member
Jan 28, 2016
874
94
28
Bavaria / Germany
can you block access to ipmi for everything but the public ip of your work?
so you could use ipmi without exposing it to the rest of the world, what might be ok in terms of security.
 

Rand__

Well-Known Member
Mar 6, 2014
4,490
876
113
Sophos (Firewall) has a HTML 5 VPN portal that offers RDP, SSH and more protocols via Web frontend ...
 
  • Like
Reactions: Evan

ecosse

Active Member
Jul 2, 2013
373
64
28
Sophos is a good shout - are we talking UTM or XG firewall? I have found Sophos a bit of a pain on the VPN side to setup though I think its largely down to my incompetence.
 

Rand__

Well-Known Member
Mar 6, 2014
4,490
876
113
UTM - not sure if XG has it.
And you get preconfigured packages for win/lin/android/ios so not really hard to use...
 

Evan

Well-Known Member
Jan 6, 2016
3,060
512
113
UTM - not sure if XG has it.
And you get preconfigured packages for win/lin/android/ios so not really hard to use...
In XG you will find it under VPN clientless access, I juts founds the screen, will configure and play later, but assume it will work as @Rand__ descibed it does in UTM then cool :)
 

ecosse

Active Member
Jul 2, 2013
373
64
28
UTM - not sure if XG has it.
And you get preconfigured packages for win/lin/android/ios so not really hard to use...
I stated VPN in general as opposed to the specific HTML5 flavour - but I guess you are responding to that because you talk about clients?. It was using Tunnelblick (OSX), there was a design guide as I remember but I couldn't make it work at the time. Windows was easy enough but I don't like the limitations on the IP pools (which as I said could be my incompetence) At the time there were incompatibilities with IOS but they look sorted now as far as I can see
 

Rand__

Well-Known Member
Mar 6, 2014
4,490
876
113
Ah, well I set up one VPN Pool and use that, maybe my requirements are small in that regard.
For my use case it's simple enough, but ymmv :)
 

K D

Well-Known Member
Dec 24, 2016
1,426
305
83
30041
Hate to be that guy, but To me, it looks like you are trying to circumvent your network security policies to get to your home network. Please ensure you know the consequences of such violations and decide if it's worth it.

That being said, Guacamole definitely works. I don't know how locked down your machine is but windows server 2012 essentials also works. I've been able tk get to the essentials portal and login to the clients that have the connector installed. I think it just invokes Remote desktop. Has worked on my laptop which is completely locked down.
 
Last edited:

Kristian

Active Member
Jun 1, 2013
347
83
28
@rubylaser Thank you very much my friend. Good to see you are still here.
@hlhjedsfg I will try this script for shure. Thank you
@_alex Great idea! I think my usg is able to do that as we have a fixed IP at work. I will try this asap
@Rand__ Thanks for mentioning Sophos I will give that a try, too
@K D I appreciate your concerns.
@Patrick Great idea!