Remote Access to Home Network

Discussion in 'Software Stuff' started by K D, Oct 22, 2017.

  1. K D

    K D Well-Known Member

    Joined:
    Dec 24, 2016
    Messages:
    1,411
    Likes Received:
    300
    I have always used TeamViewer to connect to a Jumpbox at home when I'm remote. I recently started using OpenVPN. I'm starting an assignment where it's no longer a BYOD device and the laptop is pretty locked down. I can't install any VPN client or the TeamViewer client. What options do I have to be able to connect to my home network from outside from a locked down machine.

    Worst case scenario is I take my personal laptop with me when I travel but I'd like to avoid that.
     
    #1
  2. StevenDTX

    StevenDTX Active Member

    Joined:
    Aug 17, 2016
    Messages:
    304
    Likes Received:
    112
    Guacamole works entirely via https.
     
    #2
  3. Peanuthead

    Peanuthead Active Member

    Joined:
    Jun 12, 2015
    Messages:
    757
    Likes Received:
    115
    Use a vpn client on a usb stick or straight rdp
     
    #3
  4. K D

    K D Well-Known Member

    Joined:
    Dec 24, 2016
    Messages:
    1,411
    Likes Received:
    300
    Thanks. Guacamole sounds interesting. I will check it out.

    Any recommendations for vpn client? How do I do a straight RDP over the internet? I cannot do Windows DirectAccess even if i setup a server as my laptop is still on Windows 7. I could set up a Windows Essentials Server....
     
    #4
  5. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,855
    Likes Received:
    427
    Tunnel via SSH
    Can use single executable versions of putty and ssh
     
    #5
    whitey likes this.
  6. Peanuthead

    Peanuthead Active Member

    Joined:
    Jun 12, 2015
    Messages:
    757
    Likes Received:
    115
    Does the OpenVPN client run from a USB stick now (is it a portable app)? In regard to RDP I just typically connect using an external IP address and some random port number after port forwarding on the firewall. For security reasons I use a port forward so the default Windows port isn't open to the outside world. If Linux, then it seems you have other options listed already in the thread.
     
    #6
  7. marcoi

    marcoi Well-Known Member

    Joined:
    Apr 6, 2013
    Messages:
    1,334
    Likes Received:
    205
    windows server 2012 r2 essentials has a remote access via https website. That is what I use when i cant load up a vpn client.
     
    #7
  8. KioskAdmin

    KioskAdmin Active Member

    Joined:
    Jan 20, 2015
    Messages:
    156
    Likes Received:
    32
    @Peanuthead OpenVPN on Windows requires TAP adapter install. You'd need admin access and in a locked down laptop scenario you aren't likely to get that.
     
    #8
  9. Rand__

    Rand__ Well-Known Member

    Joined:
    Mar 6, 2014
    Messages:
    3,579
    Likes Received:
    541
    Any environment which provides a 'pretty locked down' notebook will not ... be happy ... if you try running an outbound vpn tunnel from their network.
    Ppl have been fired for this where I am at at the moment (finance).
    My advice:
    Take a tablet or cellphone with a data plan if you just need some access or your laptop + hotspot if you need to work on it but leave private traffic off the company laptop.
     
    #9
  10. Peanuthead

    Peanuthead Active Member

    Joined:
    Jun 12, 2015
    Messages:
    757
    Likes Received:
    115
    He has a valid point. I personally figured if he was willing to step around that he was willing to except the rest of the situation that could arise.
     
    #10
  11. nitrobass24

    nitrobass24 Moderator

    Joined:
    Dec 26, 2010
    Messages:
    1,081
    Likes Received:
    125
    I work for a large consulting organization and have a ridiculously locked down laptop. I just asked for VMware workstation (free version) to be installed. Provided some vague testing reason as the business Justification and then installed a personal VM that I can do whatever inside, including getting on VPN back to my house.


    Sent from my iPhone using Tapatalk
     
    #11
    Nugget and Patrick like this.
  12. K D

    K D Well-Known Member

    Joined:
    Dec 24, 2016
    Messages:
    1,411
    Likes Received:
    300
    I'm not doing nor plan to do anything that is not covered under our AUP for devices. All I am looking for is a way to get to my IPMI interfaces and vcenter and I think I got it from the comments above. Ill just use a Windows essentials instance to publish Chrome as an along with rdp that I can access via https.

    As and when I get a chance I am going to look into Guacamole too. It sounds interesting.
     
    #12
  13. Kybber

    Kybber Active Member

    Joined:
    May 27, 2016
    Messages:
    130
    Likes Received:
    33
    I did the same a few years back, except with Virtualbox. And I didn't ask permission first... ;) One day I came back from a meeting to find my computer unplugged. The following chat with IT security was not fun.

    These days I use the browser for everything. I've set up an nginx proxy-server at home which proxies the services I wish to have remote access to. After authenticating to the proxy server with google oauth2, I am presented with a simple array of links to the services I've configured.

    I originally used Wetty to get SSH-access, but have since added Guacamole to get RDP/VNC. Previous attempts with Guacamole a couple of years ago did not work for me since the stream would freeze after just a few seconds. That was due to my work's network configuration and/or security measures, which have hopefully changed.
     
    #13
  14. RTM

    RTM Active Member

    Joined:
    Jan 26, 2014
    Messages:
    427
    Likes Received:
    142
    Obviously I can't comment on your exact situation, but in general doing this is a really bad idea.
    It is neigh impossible to secure an environment where anything goes (in a virtualization environment where you can run your own stuff (server virtualization is not the same here), anything most certainly goes).

    Unfortunately it is always developers, consultants and admins that are terribly at securing their own stuff (probably as opposed to the systems that they work with ironically).

    The better solution is to use separate computers preferably on different networks.
     
    #14
  15. nitrobass24

    nitrobass24 Moderator

    Joined:
    Dec 26, 2010
    Messages:
    1,081
    Likes Received:
    125
    The difference is I have a documented security exception from my internal security dept. In fact I secured this for my entire team since using VMs and Docker are now a necessity for delivering effectively for my clients.

    Plus I am a cyber security consultant, for the greatest cyber consultancy in the world :), so I’d like to think that I am a bit more prepared than the regular user to do things the right way.


    Sent from my iPhone using Tapatalk
     
    #15
  16. fractal

    fractal Active Member

    Joined:
    Jun 7, 2016
    Messages:
    309
    Likes Received:
    67
    Hard for them to complain about your personal laptop / tablet on the guest network.
     
    #16
  17. Markus

    Markus Member

    Joined:
    Oct 25, 2015
    Messages:
    78
    Likes Received:
    19
    Probably x2go is another way to go. Beside this a friend of mine is using the already mentioned Guacamole sucessfully.

    Personally I use a combination of Putty and the cntlm-Proxy (because the cooperate proxy just allows NTLM-Authentication which Putty is not available in Putty). So the chain is Cooperate Laptop -> Putty -> local CNTLM -> Cooperate Proxy -> External Server with SSH on Port 8443 (which by itself is open @cooperate proxy).

    Must mention: I just juse this to access a cooperate test environment...

    Regards
    Markus
     
    #17
Similar Threads: Remote Access
Forum Title Date
Software Stuff Remote Backup Feb 2, 2018
Software Stuff remote/cloud patch management Apr 8, 2017
Software Stuff Advice needed for Remote Control software Jan 6, 2017
Software Stuff Access database Dec 18, 2017

Share This Page