Remote Access to Home Network

K D

Well-Known Member
Dec 24, 2016
1,431
309
83
30041
I have always used TeamViewer to connect to a Jumpbox at home when I'm remote. I recently started using OpenVPN. I'm starting an assignment where it's no longer a BYOD device and the laptop is pretty locked down. I can't install any VPN client or the TeamViewer client. What options do I have to be able to connect to my home network from outside from a locked down machine.

Worst case scenario is I take my personal laptop with me when I travel but I'd like to avoid that.
 

K D

Well-Known Member
Dec 24, 2016
1,431
309
83
30041
Guacamole works entirely via https.
Thanks. Guacamole sounds interesting. I will check it out.

Use a vpn client on a usb stick or straight rdp
Any recommendations for vpn client? How do I do a straight RDP over the internet? I cannot do Windows DirectAccess even if i setup a server as my laptop is still on Windows 7. I could set up a Windows Essentials Server....
 

Peanuthead

Active Member
Jun 12, 2015
821
142
43
41
Any recommendations for vpn client? How do I do a straight RDP over the internet? I cannot do Windows DirectAccess even if i setup a server as my laptop is still on Windows 7. I could set up a Windows Essentials Server....
Does the OpenVPN client run from a USB stick now (is it a portable app)? In regard to RDP I just typically connect using an external IP address and some random port number after port forwarding on the firewall. For security reasons I use a port forward so the default Windows port isn't open to the outside world. If Linux, then it seems you have other options listed already in the thread.
 

marcoi

Well-Known Member
Apr 6, 2013
1,400
223
63
Gotha Florida
windows server 2012 r2 essentials has a remote access via https website. That is what I use when i cant load up a vpn client.
 

KioskAdmin

Active Member
Jan 20, 2015
156
32
28
49
@Peanuthead OpenVPN on Windows requires TAP adapter install. You'd need admin access and in a locked down laptop scenario you aren't likely to get that.
 

Rand__

Well-Known Member
Mar 6, 2014
4,572
910
113
Any environment which provides a 'pretty locked down' notebook will not ... be happy ... if you try running an outbound vpn tunnel from their network.
Ppl have been fired for this where I am at at the moment (finance).
My advice:
Take a tablet or cellphone with a data plan if you just need some access or your laptop + hotspot if you need to work on it but leave private traffic off the company laptop.
 

Peanuthead

Active Member
Jun 12, 2015
821
142
43
41
Any environment which provides a 'pretty locked down' notebook will not ... be happy ... if you try running an outbound vpn tunnel from their network.
Ppl have been fired for this where I am at at the moment (finance).
My advice:
Take a tablet or cellphone if you just need some access or your laptop if you need to work on it but leave private traffic off the company laptop.
He has a valid point. I personally figured if he was willing to step around that he was willing to except the rest of the situation that could arise.
 

nitrobass24

Moderator
Dec 26, 2010
1,083
127
63
TX
I work for a large consulting organization and have a ridiculously locked down laptop. I just asked for VMware workstation (free version) to be installed. Provided some vague testing reason as the business Justification and then installed a personal VM that I can do whatever inside, including getting on VPN back to my house.


Sent from my iPhone using Tapatalk
 
  • Like
Reactions: Nugget and Patrick

K D

Well-Known Member
Dec 24, 2016
1,431
309
83
30041
I'm not doing nor plan to do anything that is not covered under our AUP for devices. All I am looking for is a way to get to my IPMI interfaces and vcenter and I think I got it from the comments above. Ill just use a Windows essentials instance to publish Chrome as an along with rdp that I can access via https.

As and when I get a chance I am going to look into Guacamole too. It sounds interesting.
 

Kybber

Active Member
May 27, 2016
134
36
28
45
I work for a large consulting organization and have a ridiculously locked down laptop. I just asked for VMware workstation (free version) to be installed. Provided some vague testing reason as the business Justification and then installed a personal VM that I can do whatever inside, including getting on VPN back to my house.
I did the same a few years back, except with Virtualbox. And I didn't ask permission first... ;) One day I came back from a meeting to find my computer unplugged. The following chat with IT security was not fun.

These days I use the browser for everything. I've set up an nginx proxy-server at home which proxies the services I wish to have remote access to. After authenticating to the proxy server with google oauth2, I am presented with a simple array of links to the services I've configured.

I originally used Wetty to get SSH-access, but have since added Guacamole to get RDP/VNC. Previous attempts with Guacamole a couple of years ago did not work for me since the stream would freeze after just a few seconds. That was due to my work's network configuration and/or security measures, which have hopefully changed.
 

RTM

Active Member
Jan 26, 2014
574
206
43
I work for a large consulting organization and have a ridiculously locked down laptop. I just asked for VMware workstation (free version) to be installed. Provided some vague testing reason as the business Justification and then installed a personal VM that I can do whatever inside, including getting on VPN back to my house.
Obviously I can't comment on your exact situation, but in general doing this is a really bad idea.
It is neigh impossible to secure an environment where anything goes (in a virtualization environment where you can run your own stuff (server virtualization is not the same here), anything most certainly goes).

Unfortunately it is always developers, consultants and admins that are terribly at securing their own stuff (probably as opposed to the systems that they work with ironically).

The better solution is to use separate computers preferably on different networks.
 

nitrobass24

Moderator
Dec 26, 2010
1,083
127
63
TX
Obviously I can't comment on your exact situation, but in general doing this is a really bad idea.
It is neigh impossible to secure an environment where anything goes (in a virtualization environment where you can run your own stuff (server virtualization is not the same here), anything most certainly goes).

Unfortunately it is always developers, consultants and admins that are terribly at securing their own stuff (probably as opposed to the systems that they work with ironically).

The better solution is to use separate computers preferably on different networks.
The difference is I have a documented security exception from my internal security dept. In fact I secured this for my entire team since using VMs and Docker are now a necessity for delivering effectively for my clients.

Plus I am a cyber security consultant, for the greatest cyber consultancy in the world :), so I’d like to think that I am a bit more prepared than the regular user to do things the right way.


Sent from my iPhone using Tapatalk
 

Markus

Member
Oct 25, 2015
78
19
8
Probably x2go is another way to go. Beside this a friend of mine is using the already mentioned Guacamole sucessfully.

Personally I use a combination of Putty and the cntlm-Proxy (because the cooperate proxy just allows NTLM-Authentication which Putty is not available in Putty). So the chain is Cooperate Laptop -> Putty -> local CNTLM -> Cooperate Proxy -> External Server with SSH on Port 8443 (which by itself is open @cooperate proxy).

Must mention: I just juse this to access a cooperate test environment...

Regards
Markus